| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 |
- ---
- - name: Fix timezone
- file:
- src: /usr/share/zoneinfo/{{ timezone }}
- dest: /etc/zoneinfo
- state: link
- - name: Disable cockpit
- systemd:
- name: cockpit.socket
- state: stopped
- enabled: no
- when:
- - ansible_os_family == 'Fedora'
- - name: Close cockpit port
- firewalld:
- zone: FedoraServer
- service: cockpit
- state: disabled
- permanent: yes
- immediate: yes
- when:
- - ansible_os_family == 'Fedora'
- - name: Remove cockpit motd banner
- file:
- path: /etc/motd.d/cockpit
- state: absent
- when:
- - ansible_os_family == 'Fedora'
- - name: Check for systemd-oomd conf file
- ansible.builtin.stat:
- path: /etc/systemd/oomd.conf
- register: oomd_conf
- - name: Create copy of oomd.conf
- ansible.builtin.copy:
- src: /usr/lib/systemd/oomd.conf
- dest: /etc/systemd/oomd.conf
- remote_src: yes
- when:
- - oomd_conf.stat.exists == False
- - name: Loosen up systemd-oomd defaults
- lineinfile:
- path: /etc/systemd/oomd.conf
- regexp: '^DefaultMemoryPressureLimit='
- insertafter: '^#DefaultMemoryPressureLimit='
- line: DefaultMemoryPressureLimit=80%
- - name: Install fail2ban
- package:
- name: fail2ban
- state: present
- - name: Configure fail2ban
- template:
- src: ssh.local.j2
- dest: /etc/fail2ban/jail.d/ssh.local
- owner: root
- group: root
- mode: '0644'
- notify: Restart fail2ban
- - name: Start/enable fail2ban
- systemd:
- name: fail2ban
- state: started
- enabled: yes
|
