added tags
This commit is contained in:
Tanguy MAZE
parent
2e94aefbc0
commit
338c41e8ca
@ -1 +0,0 @@
|
|||||||
e3r4p3.42.fr
|
|
||||||
@ -9,63 +9,76 @@
|
|||||||
name: ['sudo', 'mailutils', 'fail2ban', 'apache2', 'python-pip', 'iptables-persistent']
|
name: ['sudo', 'mailutils', 'fail2ban', 'apache2', 'python-pip', 'iptables-persistent']
|
||||||
update_cache: "yes"
|
update_cache: "yes"
|
||||||
state: "present"
|
state: "present"
|
||||||
|
tags: [ "apt", "sudo" ]
|
||||||
- name: "Add tanguy to sudoers"
|
- name: "Add tanguy to sudoers"
|
||||||
user:
|
user:
|
||||||
name: "tanguy"
|
name: "tanguy"
|
||||||
groups: "sudo"
|
groups: "sudo"
|
||||||
append: yes
|
append: yes
|
||||||
|
tags: [ "sudo" ]
|
||||||
- name: "Upload firewall config"
|
- name: "Upload firewall config"
|
||||||
copy:
|
copy:
|
||||||
src: "files/firewall.conf"
|
src: "files/firewall.conf"
|
||||||
dest: "/etc/iptables/rules.v4"
|
dest: "/etc/iptables/rules.v4"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
|
tags: [ "firewall" ]
|
||||||
- name: "Apply firewall config"
|
- name: "Apply firewall config"
|
||||||
command: "iptables-restore -c /etc/iptables/rules.v4"
|
command: "iptables-restore -c /etc/iptables/rules.v4"
|
||||||
|
tags: [ "firewall" ]
|
||||||
- name: "Upload fail2ban config"
|
- name: "Upload fail2ban config"
|
||||||
copy:
|
copy:
|
||||||
src: "files/jail.local"
|
src: "files/jail.local"
|
||||||
dest: "/etc/fail2ban/"
|
dest: "/etc/fail2ban/"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
|
tags: [ "firewall" ]
|
||||||
- name: "Restart fail2ban"
|
- name: "Restart fail2ban"
|
||||||
service:
|
service:
|
||||||
name: "fail2ban"
|
name: "fail2ban"
|
||||||
state: "restarted"
|
state: "restarted"
|
||||||
|
tags: [ "firewall" ]
|
||||||
- name: "Upload update_script.sh"
|
- name: "Upload update_script.sh"
|
||||||
copy:
|
copy:
|
||||||
src: "files/update_script.sh"
|
src: "files/update_script.sh"
|
||||||
dest: "/usr/sbin/update_script.sh"
|
dest: "/usr/sbin/update_script.sh"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
|
tags: [ "scripts" ]
|
||||||
- name: "Upload update_script"
|
- name: "Upload update_script"
|
||||||
copy:
|
copy:
|
||||||
src: "files/update_script"
|
src: "files/update_script"
|
||||||
dest: "/etc/cron.d/update_script"
|
dest: "/etc/cron.d/update_script"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
|
tags: [ "scripts" ]
|
||||||
- name: "Upload check_crontab.sh"
|
- name: "Upload check_crontab.sh"
|
||||||
copy:
|
copy:
|
||||||
src: "files/check_crontab.sh"
|
src: "files/check_crontab.sh"
|
||||||
dest: "/usr/sbin/check_crontab.sh"
|
dest: "/usr/sbin/check_crontab.sh"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
|
tags: [ "scripts" ]
|
||||||
- name: "Upload check_crontab"
|
- name: "Upload check_crontab"
|
||||||
copy:
|
copy:
|
||||||
src: "files/check_crontab"
|
src: "files/check_crontab"
|
||||||
dest: "/etc/cron.d/check_crontab"
|
dest: "/etc/cron.d/check_crontab"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
|
tags: [ "scripts" ]
|
||||||
- name: "Create .ssl directory"
|
- name: "Create .ssl directory"
|
||||||
file:
|
file:
|
||||||
path: "/home/tanguy/.ssl"
|
path: "/home/tanguy/.ssl"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
tags: [ "ssl" ]
|
||||||
- name: "Installing pyOpenSSL python lib"
|
- name: "Installing pyOpenSSL python lib"
|
||||||
pip:
|
pip:
|
||||||
name: "pyOpenSSL"
|
name: "pyOpenSSL"
|
||||||
|
tags: [ "ssl" ]
|
||||||
- name: "Generate ssl private key"
|
- name: "Generate ssl private key"
|
||||||
openssl_privatekey:
|
openssl_privatekey:
|
||||||
path: "/home/tanguy/.ssl/server.key"
|
path: "/home/tanguy/.ssl/server.key"
|
||||||
|
tags: [ "ssl" ]
|
||||||
- name: "Generate ssl certficate signing request"
|
- name: "Generate ssl certficate signing request"
|
||||||
openssl_csr:
|
openssl_csr:
|
||||||
path: "/home/tanguy/.ssl/server.csr"
|
path: "/home/tanguy/.ssl/server.csr"
|
||||||
@ -75,33 +88,41 @@
|
|||||||
country_name: "FR"
|
country_name: "FR"
|
||||||
locality_name: "Paris"
|
locality_name: "Paris"
|
||||||
organization_name: "42.fr"
|
organization_name: "42.fr"
|
||||||
|
tags: [ "ssl" ]
|
||||||
- name: "Generate ssl selfsigned certificate"
|
- name: "Generate ssl selfsigned certificate"
|
||||||
openssl_certificate:
|
openssl_certificate:
|
||||||
path: "/home/tanguy/.ssl/server.crt"
|
path: "/home/tanguy/.ssl/server.crt"
|
||||||
csr_path: "/home/tanguy/.ssl/server.csr"
|
csr_path: "/home/tanguy/.ssl/server.csr"
|
||||||
privatekey_path: "/home/tanguy/.ssl/server.key"
|
privatekey_path: "/home/tanguy/.ssl/server.key"
|
||||||
provider: "selfsigned"
|
provider: "selfsigned"
|
||||||
|
tags: [ "ssl" ]
|
||||||
- name: "Upload website"
|
- name: "Upload website"
|
||||||
copy:
|
copy:
|
||||||
src: "files/default-ssl.conf"
|
src: "files/default-ssl.conf"
|
||||||
dest: "/etc/apache2/sites-available/"
|
dest: "/etc/apache2/sites-available/"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
|
tags: [ "ssl" ]
|
||||||
- name: "Create webiste dir"
|
- name: "Create webiste dir"
|
||||||
file:
|
file:
|
||||||
path: "/var/www/nice_website"
|
path: "/var/www/nice_website"
|
||||||
state: "directory"
|
state: "directory"
|
||||||
|
tags: [ "website" ]
|
||||||
- name: "Upload website"
|
- name: "Upload website"
|
||||||
copy:
|
copy:
|
||||||
src: "files/index.html"
|
src: "files/index.html"
|
||||||
dest: "/var/www/nice_website/"
|
dest: "/var/www/nice_website/"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
|
tags: [ "website" ]
|
||||||
- name: "Activate nice website"
|
- name: "Activate nice website"
|
||||||
command: "a2ensite default-ssl"
|
command: "a2ensite default-ssl"
|
||||||
|
tags: [ "website" ]
|
||||||
- name: "Activate ssl module"
|
- name: "Activate ssl module"
|
||||||
command: "a2enmod ssl"
|
command: "a2enmod ssl"
|
||||||
|
tags: [ "website" ]
|
||||||
- name: "Restart apache2"
|
- name: "Restart apache2"
|
||||||
service:
|
service:
|
||||||
name: "apache2"
|
name: "apache2"
|
||||||
state: "restarted"
|
state: "restarted"
|
||||||
|
tags: [ "website" ]
|
||||||
|
|||||||
@ -16,21 +16,16 @@
|
|||||||
dest: "/etc/ssh/"
|
dest: "/etc/ssh/"
|
||||||
owner: "root"
|
owner: "root"
|
||||||
group: "root"
|
group: "root"
|
||||||
- name: "Install sudo"
|
tags: [ "ssh" ]
|
||||||
apt:
|
- name: "Restart ssh service"
|
||||||
name: ['sudo']
|
service:
|
||||||
update_cache: "yes"
|
name: "ssh"
|
||||||
state: "present"
|
state: "restarted"
|
||||||
- name: "Add tanguy to sudoers"
|
|
||||||
user:
|
|
||||||
name: "tanguy"
|
|
||||||
groups: "sudo"
|
|
||||||
append: yes
|
|
||||||
- name: "Upload public key for tanguy"
|
- name: "Upload public key for tanguy"
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: "tanguy"
|
user: "tanguy"
|
||||||
state: "present"
|
state: "present"
|
||||||
key: "{{ lookup('file', '/Users/tmaze/.ssh/id_rsa.pub') }}"
|
key: "{{ lookup('file', '~/.ssh/id_rsa.pub') }}"
|
||||||
- name: "Restart networking service"
|
- name: "Restart networking service"
|
||||||
service:
|
service:
|
||||||
name: "networking"
|
name: "networking"
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user