diff options
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/base/tasks/main.yml | 12 | ||||
| -rw-r--r-- | roles/sshd/tasks/main.yml | 12 | ||||
| -rw-r--r-- | roles/zsh/tasks/main.yml | 10 |
3 files changed, 17 insertions, 17 deletions
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 3c480213..de180a15 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -40,7 +40,7 @@ - screen - name: install htop config (1/2) - with_items: + loop: - /root - /etc/skel file: @@ -49,7 +49,7 @@ mode: 0700 - name: install htop config (2/2) - with_items: + loop: - /root - /etc/skel copy: @@ -65,6 +65,7 @@ state: directory - name: disable net/fs/misc kernel modules + loop: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}" lineinfile: dest: /etc/modprobe.d/disablemod.conf line: "install {{ item }} /bin/true" @@ -72,9 +73,11 @@ owner: root group: root mode: 0644 - with_items: "{{ modules_blacklist.net | union(modules_blacklist.fs) | union(modules_blacklist.misc) }}" - name: Change various sysctl-settings, look at the sysctl-vars file for documentation + loop: "{{ sysctl_config | combine(sysctl_config_user) | dict2items }}" + loop_control: + label: "{{ item.key }} = {{ item.value }}" sysctl: name: "{{ item.key }}" value: "{{ item.value }}" @@ -82,9 +85,6 @@ state: present reload: yes ignoreerrors: yes - with_dict: "{{ sysctl_config | combine(sysctl_config_user) }}" - loop_control: - label: "{{ item.key }} = {{ item.value }}" - name: install extra packages apt: diff --git a/roles/sshd/tasks/main.yml b/roles/sshd/tasks/main.yml index e638905b..2c81f497 100644 --- a/roles/sshd/tasks/main.yml +++ b/roles/sshd/tasks/main.yml @@ -5,11 +5,6 @@ state: present - name: hardening ssh-server config - lineinfile: - regexp: "^#?\\s*{{ item.key }}" - line: "{{ item.key }} {{ item.value }}" - dest: /etc/ssh/sshd_config - mode: 0644 with_dict: IgnoreRhosts: "yes" PermitRootLogin: "without-password" @@ -18,7 +13,12 @@ PermitEmptyPasswords: "no" UseDNS: "no" loop_control: - label: "{{ item.key }}" + label: "{{ item.key }} = {{ item.value }}" + lineinfile: + regexp: "^#?\\s*{{ item.key }}" + line: "{{ item.key }} {{ item.value }}" + dest: /etc/ssh/sshd_config + mode: 0644 notify: restart ssh - name: limit allowed users diff --git a/roles/zsh/tasks/main.yml b/roles/zsh/tasks/main.yml index e19f5366..80880f83 100644 --- a/roles/zsh/tasks/main.yml +++ b/roles/zsh/tasks/main.yml @@ -5,22 +5,22 @@ state: present - name: install zsh-config - copy: - src: "{{ item.src }}" - dest: "{{ item.dest }}" - with_items: + loop: - src: "zshrc" dest: "/etc/zsh/zshrc" - src: "zshrc.skel" dest: "/etc/skel/.zshrc" loop_control: label: "{{ item.dest }}" + copy: + src: "{{ item.src }}" + dest: "{{ item.dest }}" - name: set zsh as default shell + loop: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" user: name: "{{ item }}" shell: /bin/zsh - with_items: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" - name: make zsh the default shell for useradd lineinfile: |