Etusivu Tutki Apua
Kirjaudu sisään
blaine
/
infra
1
0
Haarauta 0
Tiedostot Esitykset 0 Vetopyynnöt 0 Wiki
Puu: a85957aa1b
Haarat Tunnisteet
infra
/
roles
/
linode
/
tasks
/
main.yml

main.yml 936 B
Historia Raaka

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 
  1. ---
    2. 

  2. - name: Fix timezone
    3. 

  3.   file:
    4. 

  4.     src: /usr/share/zoneinfo/America/Los_Angeles
    5. 

  5.     dest: /etc/zoneinfo
    6. 

  6.     state: link
    7. 

  7. 

  8. - name: Disable cockpit
    9. 

  9.   systemd:
    10. 

  10.     name: cockpit.socket
    11. 

  11.     state: stopped
    12. 

  12.     enabled: no
    13. 

  13.   when:
    14. 

  14.     - ansible_os_family == 'Fedora'
    15. 

  15. 

  16. - name: Close cockpit port
    17. 

  17.   firewalld:
    18. 

  18.     zone: FedoraServer
    19. 

  19.     service: cockpit
    20. 

  20.     state: disabled
    21. 

  21.     permanent: yes
    22. 

  22.     immediate: yes
    23. 

  23.   when:
    24. 

  24.     - ansible_os_family == 'Fedora'
    25. 

  25. 

  26. - name: Remove cockpit motd banner
    27. 

  27.   file:
    28. 

  28.     path: /etc/motd.d/cockpit
    29. 

  29.     state: absent
    30. 

  30.   when:
    31. 

  31.     - ansible_os_family == 'Fedora'
    32. 

  32. 

  33. - name: Install fail2ban
    34. 

  34.   package:
    35. 

  35.     name: fail2ban
    36. 

  36.     state: present
    37. 

  37. 

  38. - name: Configure fail2ban
    39. 

  39.   template:
    40. 

  40.     src: ssh.local.j2
    41. 

  41.     dest: /etc/fail2ban/jail.d/ssh.local
    42. 

  42.     owner: root
    43. 

  43.     group: root
    44. 

  44.     mode: '0644'
    45. 

  45.   notify: Restart fail2ban
    46. 

  46. 

  47. - name: Start/enable fail2ban
    48. 

  48.   systemd:
    49. 

  49.     name: fail2ban
    50. 

  50.     state: started
    51. 

  51.     enabled: yes
    52.