initial commit
This commit is contained in:
parent
03f19e477f
commit
42af636589
33 changed files with 522 additions and 0 deletions
2
ansible-checkmode-command-unhb4.sh
Executable file
2
ansible-checkmode-command-unhb4.sh
Executable file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
ansible-playbook site.yml -i inventory.yml --limit unhb4
|
2
ansible-deploy-command-unhb4.sh
Executable file
2
ansible-deploy-command-unhb4.sh
Executable file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/bin/bash
|
||||||
|
ansible-playbook site.yml -i inventory.yml --limit unhb4 --check --diff
|
7
inventory.yml
Normal file
7
inventory.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
all:
|
||||||
|
children:
|
||||||
|
debianservers:
|
||||||
|
hosts:
|
||||||
|
unhb4
|
8
roles/apt-update-upgrade/tasks/main.yml
Normal file
8
roles/apt-update-upgrade/tasks/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Update and upgrade apt packages
|
||||||
|
become: "true"
|
||||||
|
apt:
|
||||||
|
upgrade: yes
|
||||||
|
update_cache: yes
|
||||||
|
cache_valid_time: 3600 #an hour
|
9
roles/apt/handlers/main.yml
Normal file
9
roles/apt/handlers/main.yml
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
---
|
||||||
|
# handlers file for matrix_synapse
|
||||||
|
|
||||||
|
- name: restart-unattendedupgrades
|
||||||
|
ansible.builtin.service:
|
||||||
|
state: restarted
|
||||||
|
daemon_reload: yes
|
||||||
|
name: unattended-upgrades
|
||||||
|
tags: molecule-notest
|
17
roles/apt/tasks/apt.yml
Normal file
17
roles/apt/tasks/apt.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install packages if Debian based
|
||||||
|
apt:
|
||||||
|
name: unattended-upgrades
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Apt Config (/etc/apt.conf.d/10periodic)
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ../templates/10periodic.j2
|
||||||
|
dest: /etc/apt/apt.conf.d/10periodic
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
notify: restart-unattendedupgrades
|
6
roles/apt/tasks/main.yml
Normal file
6
roles/apt/tasks/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Include other yaml files
|
||||||
|
include_tasks: "{{ item }}"
|
||||||
|
with_fileglob:
|
||||||
|
- apt.yml
|
4
roles/apt/templates/10periodic.j2
Normal file
4
roles/apt/templates/10periodic.j2
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
APT::Periodic::Update-Package-Lists "{{ APT_Periodic_Update_Package_Lists }}";
|
||||||
|
APT::Periodic::Download-Upgradeable-Packages "{{ APT_Periodic_Download_Upgradeable_Packages }}";
|
||||||
|
APT::Periodic::AutocleanInterval "{{ APT_Periodic_AutocleanInterval }}";
|
||||||
|
APT::Periodic::Unattended-Upgrade "{{ APT_Periodic_Unattended_Upgrade }}";
|
9
roles/apt_listchanges/files/listchanges.conf
Normal file
9
roles/apt_listchanges/files/listchanges.conf
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
[apt]
|
||||||
|
frontend=pager
|
||||||
|
which=news
|
||||||
|
email_address=none
|
||||||
|
email_format=text
|
||||||
|
confirm=false
|
||||||
|
headers=false
|
||||||
|
reverse=true
|
||||||
|
save_seen=/var/lib/apt/listchanges.db
|
17
roles/apt_listchanges/tasks/apt-listchanges-conf.yml
Normal file
17
roles/apt_listchanges/tasks/apt-listchanges-conf.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: apt-listchanges Config (/etc/apt/listchanges.conf)
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ../files/listchanges.conf
|
||||||
|
dest: /etc/apt/listchanges.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
|
||||||
|
- name: Install packages if Debian based
|
||||||
|
apt:
|
||||||
|
name: "apt-listchanges"
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
become: true
|
||||||
|
when: ansible_os_family == 'Debian'
|
8
roles/apt_listchanges/tasks/main.yml
Normal file
8
roles/apt_listchanges/tasks/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
# to do list:
|
||||||
|
|
||||||
|
- name: Include other yaml files
|
||||||
|
include_tasks: "{{ item }}"
|
||||||
|
with_fileglob:
|
||||||
|
- apt-listchanges-conf.yml
|
1
roles/basic_common_settings/files/97-update.conf
Normal file
1
roles/basic_common_settings/files/97-update.conf
Normal file
|
@ -0,0 +1 @@
|
||||||
|
%sudo ALL = NOPASSWD: /opt/scripts/update.sh
|
28
roles/basic_common_settings/files/debian_earlyoom
Normal file
28
roles/basic_common_settings/files/debian_earlyoom
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
# Default settings for earlyoom. This file is sourced by /bin/sh from
|
||||||
|
# /etc/init.d/earlyoom or by systemd from earlyoom.service.
|
||||||
|
|
||||||
|
# Options to pass to earlyoom
|
||||||
|
#EARLYOOM_ARGS="-r 60"
|
||||||
|
|
||||||
|
# Examples:
|
||||||
|
|
||||||
|
# Print memory report every second instead of every minute
|
||||||
|
# EARLYOOM_ARGS="-r 1"
|
||||||
|
|
||||||
|
# Available minimum memory 5%
|
||||||
|
#EARLYOOM_ARGS="-m 5"
|
||||||
|
|
||||||
|
# Available minimum memory 15% and free minimum swap 5%
|
||||||
|
#EARLYOOM_ARGS="-m 15 -s 5"
|
||||||
|
|
||||||
|
# Avoid killing processes whose name matches this regexp
|
||||||
|
#EARLYOOM_ARGS="--avoid '(^|/)(init|X|sshd|firefox)$'"
|
||||||
|
|
||||||
|
#prefer:
|
||||||
|
#EARLYOOM_ARGS="--prefer '(^|/)(telegram-desktop|element-desktop)$'"
|
||||||
|
|
||||||
|
# See more at `earlyoom -h'
|
||||||
|
#
|
||||||
|
#
|
||||||
|
#
|
||||||
|
EARLYOOM_ARGS="-r 60 -m 3 --avoid '(^|/)(init|X|sshd|firefox)$' --prefer '(^|/)(signal-desktop|element-desktop)$'"
|
8
roles/basic_common_settings/handlers/main.yml
Normal file
8
roles/basic_common_settings/handlers/main.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: restart-earlyoom
|
||||||
|
ansible.builtin.service:
|
||||||
|
state: restarted
|
||||||
|
daemon_reload: yes
|
||||||
|
name: earlyoom
|
||||||
|
tags: molecule-notest
|
17
roles/basic_common_settings/tasks/earlyoom.yml
Normal file
17
roles/basic_common_settings/tasks/earlyoom.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install earlyoom if OS is based on Debian
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: earlyoom
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: Create earlyoom config
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ../files/debian_earlyoom
|
||||||
|
dest: /etc/default/earlyoom
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
force: true
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
notify: restart-earlyoom
|
16
roles/basic_common_settings/tasks/main.yml
Normal file
16
roles/basic_common_settings/tasks/main.yml
Normal file
|
@ -0,0 +1,16 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install useful packages
|
||||||
|
include_tasks: "useful_packages.yml"
|
||||||
|
|
||||||
|
- name: Set up sudo (FreeBSD/OpenBSD)
|
||||||
|
include_tasks: "sudo.yml"
|
||||||
|
|
||||||
|
- name: Set up earlyoom (Debian)
|
||||||
|
include_tasks: "sudo.yml"
|
||||||
|
|
||||||
|
- name: Deploy update script
|
||||||
|
include_tasks: "update_script.yml"
|
||||||
|
|
||||||
|
- name: Deploy ZSH config to /etc/skel
|
||||||
|
include_tasks: "zsh_skel.yml"
|
17
roles/basic_common_settings/tasks/sudo.yml
Normal file
17
roles/basic_common_settings/tasks/sudo.yml
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Install security/sudo (FreeBSD)"
|
||||||
|
ansible.builtin.package:
|
||||||
|
name: security/sudo
|
||||||
|
state: present
|
||||||
|
when: ansible_os_family == 'FreeBSD'
|
||||||
|
|
||||||
|
- name: "Allow group wheel to use sudo (FreeBSD)"
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /usr/local/etc/sudoers
|
||||||
|
regexp: '%wheel ALL=\(ALL\) ALL'
|
||||||
|
line: '%wheel ALL=(ALL) ALL'
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
mode: '0440'
|
||||||
|
when: ansible_os_family == 'FreeBSD'
|
42
roles/basic_common_settings/tasks/update_script.yml
Normal file
42
roles/basic_common_settings/tasks/update_script.yml
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: "Ensure /opt/scripts/ exists"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /opt/scripts
|
||||||
|
state: directory
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: "Create directory (/etc/sudoers.d)"
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/sudoers.d
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0755'
|
||||||
|
|
||||||
|
- name: "Sudoers (/etc/sudoers.d/97-update.conf)"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ../files/97-update.conf
|
||||||
|
dest: /etc/sudoers.d/97-update-conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0440'
|
||||||
|
when: ansible_os_family != 'OpenBSD' # sudo Installation must be fixed first for OpenBSD
|
||||||
|
|
||||||
|
- name: "Template Update Script"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ../templates/update.sh.j2
|
||||||
|
dest: /opt/scripts/update.sh
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u+rwx
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: "Template Update Script"
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ../templates/update.sh.j2
|
||||||
|
dest: /opt/scripts/update.sh
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
mode: u+rwx
|
||||||
|
when: ansible_os_family == 'FreeBSD' or ansible_os_family == 'OpenBSD'
|
26
roles/basic_common_settings/tasks/useful_packages.yml
Normal file
26
roles/basic_common_settings/tasks/useful_packages.yml
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Install useful packages for servers if Debian-based
|
||||||
|
apt:
|
||||||
|
pkg:
|
||||||
|
- whois
|
||||||
|
- curl
|
||||||
|
- nmap
|
||||||
|
- traceroute
|
||||||
|
- zsh
|
||||||
|
- vim
|
||||||
|
- git
|
||||||
|
- net-tools
|
||||||
|
- wget
|
||||||
|
- apt-transport-https
|
||||||
|
- earlyoom
|
||||||
|
- gpg
|
||||||
|
- gpg-agent
|
||||||
|
- htop
|
||||||
|
#- duf #currently not in Debian stable, change when it is
|
||||||
|
- at
|
||||||
|
- pwgen
|
||||||
|
state: present
|
||||||
|
update_cache: true
|
||||||
|
become: true
|
||||||
|
when: ansible_os_family == 'Debian'
|
44
roles/basic_common_settings/tasks/zsh_skel.yml
Normal file
44
roles/basic_common_settings/tasks/zsh_skel.yml
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Create ZSH config dir (/etc/zsh)
|
||||||
|
file:
|
||||||
|
path: /etc/zsh/
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
state: directory
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: Create ZSH config dir (/etc/zsh)
|
||||||
|
file:
|
||||||
|
path: /etc/zsh/
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
state: directory
|
||||||
|
when: ansible_os_family == 'OpenBSD'
|
||||||
|
|
||||||
|
- name: Download GRML ZSH config
|
||||||
|
get_url:
|
||||||
|
url: https://git.grml.org/?p=grml-etc-core.git;a=blob_plain;f=etc/zsh/zshrc;h=22ed16228d1e26b47322bd34b041f544aa5d458d;hb=refs/heads/master
|
||||||
|
dest: /etc/zsh/zshrc
|
||||||
|
mode: '0644'
|
||||||
|
retries: 10
|
||||||
|
delay: 3
|
||||||
|
when: ansible_os_family == 'Debian' or ansible_os_family == 'OpenBSD'
|
||||||
|
|
||||||
|
- name: Copy ZSH config to /etc/skel/.zshrc
|
||||||
|
get_url:
|
||||||
|
url: https://git.grml.org/?p=grml-etc-core.git;a=blob_plain;f=etc/zsh/zshrc;h=22ed16228d1e26b47322bd34b041f544aa5d458d;hb=refs/heads/master
|
||||||
|
dest: /etc/skel/.zshrc
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: '0644'
|
||||||
|
when: ansible_os_family == 'Debian'
|
||||||
|
|
||||||
|
- name: Copy ZSH config to /etc/skel/.zshrc
|
||||||
|
get_url:
|
||||||
|
url: https://git.grml.org/?p=grml-etc-core.git;a=blob_plain;f=etc/zsh/zshrc;h=22ed16228d1e26b47322bd34b041f544aa5d458d;hb=refs/heads/master
|
||||||
|
dest: /etc/skel/.zshrc
|
||||||
|
owner: root
|
||||||
|
group: wheel
|
||||||
|
mode: '0644'
|
||||||
|
when: ansible_os_family == 'OpenBSD'
|
23
roles/basic_common_settings/templates/update.sh.j2
Executable file
23
roles/basic_common_settings/templates/update.sh.j2
Executable file
|
@ -0,0 +1,23 @@
|
||||||
|
#!/bin/sh
|
||||||
|
{% if ansible_os_family == "Debian" %}
|
||||||
|
export DEBIAN_FRONTEND=noninteractive
|
||||||
|
apt update
|
||||||
|
apt upgrade -y
|
||||||
|
apt autoremove -y
|
||||||
|
apt clean
|
||||||
|
{% endif %}
|
||||||
|
{% if ansible_os_family == "FreeBSD" %}
|
||||||
|
freebsd-update fetch
|
||||||
|
freebsd-update install
|
||||||
|
pkg upgrade
|
||||||
|
# Upgrades the Release to the latest updates
|
||||||
|
pkg-static install -f pkg
|
||||||
|
pkg bootstrap -f
|
||||||
|
pkg update
|
||||||
|
pkg upgrade
|
||||||
|
# Updates all packages
|
||||||
|
# Following this How To: https://www.cyberciti.biz/open-source/freebsd-13-released-how-to-update-upgrade-freebsd-12-to-13/
|
||||||
|
{% endif %}
|
||||||
|
{% if ansible_os_family == "OpenBSD" %}
|
||||||
|
pkg_add -u && syspatch
|
||||||
|
{% endif %}
|
33
roles/firewalld/.yamllint
Normal file
33
roles/firewalld/.yamllint
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
---
|
||||||
|
# Based on ansible-lint config
|
||||||
|
extends: default
|
||||||
|
|
||||||
|
rules:
|
||||||
|
braces:
|
||||||
|
max-spaces-inside: 1
|
||||||
|
level: error
|
||||||
|
brackets:
|
||||||
|
max-spaces-inside: 1
|
||||||
|
level: error
|
||||||
|
colons:
|
||||||
|
max-spaces-after: -1
|
||||||
|
level: error
|
||||||
|
commas:
|
||||||
|
max-spaces-after: -1
|
||||||
|
level: error
|
||||||
|
comments: disable
|
||||||
|
comments-indentation: disable
|
||||||
|
document-start: disable
|
||||||
|
empty-lines:
|
||||||
|
max: 3
|
||||||
|
level: error
|
||||||
|
hyphens:
|
||||||
|
level: error
|
||||||
|
indentation: disable
|
||||||
|
key-duplicates: enable
|
||||||
|
line-length: disable
|
||||||
|
new-line-at-end-of-file: disable
|
||||||
|
new-lines:
|
||||||
|
type: unix
|
||||||
|
trailing-spaces: disable
|
||||||
|
truthy: disable
|
38
roles/firewalld/README.md
Normal file
38
roles/firewalld/README.md
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
Role Name
|
||||||
|
=========
|
||||||
|
|
||||||
|
A brief description of the role goes here.
|
||||||
|
|
||||||
|
Requirements
|
||||||
|
------------
|
||||||
|
|
||||||
|
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
|
||||||
|
|
||||||
|
Role Variables
|
||||||
|
--------------
|
||||||
|
|
||||||
|
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
|
||||||
|
|
||||||
|
Dependencies
|
||||||
|
------------
|
||||||
|
|
||||||
|
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
|
||||||
|
|
||||||
|
Example Playbook
|
||||||
|
----------------
|
||||||
|
|
||||||
|
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
|
||||||
|
|
||||||
|
- hosts: servers
|
||||||
|
roles:
|
||||||
|
- { role: username.rolename, x: 42 }
|
||||||
|
|
||||||
|
License
|
||||||
|
-------
|
||||||
|
|
||||||
|
BSD
|
||||||
|
|
||||||
|
Author Information
|
||||||
|
------------------
|
||||||
|
|
||||||
|
An optional section for the role authors to include contact information, or a website (HTML is not allowed).
|
2
roles/firewalld/handlers/main.yml
Normal file
2
roles/firewalld/handlers/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
---
|
||||||
|
# handlers file for example_role
|
53
roles/firewalld/meta/main.yml
Normal file
53
roles/firewalld/meta/main.yml
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
galaxy_info:
|
||||||
|
author: your name
|
||||||
|
description: your role description
|
||||||
|
company: your company (optional)
|
||||||
|
namespace: firewalld
|
||||||
|
|
||||||
|
# If the issue tracker for your role is not on github, uncomment the
|
||||||
|
# next line and provide a value
|
||||||
|
# issue_tracker_url: http://example.com/issue/tracker
|
||||||
|
|
||||||
|
# Choose a valid license ID from https://spdx.org - some suggested licenses:
|
||||||
|
# - BSD-3-Clause (default)
|
||||||
|
# - MIT
|
||||||
|
# - GPL-2.0-or-later
|
||||||
|
# - GPL-3.0-only
|
||||||
|
# - Apache-2.0
|
||||||
|
# - CC-BY-4.0
|
||||||
|
license: license (GPL-2.0-or-later, MIT, etc)
|
||||||
|
|
||||||
|
min_ansible_version: 2.1
|
||||||
|
|
||||||
|
# If this a Container Enabled role, provide the minimum Ansible Container version.
|
||||||
|
# min_ansible_container_version:
|
||||||
|
|
||||||
|
#
|
||||||
|
# Provide a list of supported platforms, and for each platform a list of versions.
|
||||||
|
# If you don't wish to enumerate all versions for a particular platform, use 'all'.
|
||||||
|
# To view available platforms and versions (or releases), visit:
|
||||||
|
# https://galaxy.ansible.com/api/v1/platforms/
|
||||||
|
#
|
||||||
|
# platforms:
|
||||||
|
# - name: Fedora
|
||||||
|
# versions:
|
||||||
|
# - all
|
||||||
|
# - 25
|
||||||
|
# - name: SomePlatform
|
||||||
|
# versions:
|
||||||
|
# - all
|
||||||
|
# - 1.0
|
||||||
|
# - 7
|
||||||
|
# - 99.99
|
||||||
|
|
||||||
|
galaxy_tags: []
|
||||||
|
# List tags for your role here, one per line. A tag is a keyword that describes
|
||||||
|
# and categorizes the role. Users find roles by searching for tags. Be sure to
|
||||||
|
# remove the '[]' above, if you add tags to this list.
|
||||||
|
#
|
||||||
|
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
|
||||||
|
# Maximum 20 tags per role.
|
||||||
|
|
||||||
|
dependencies: []
|
||||||
|
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
|
||||||
|
# if you add dependencies to this list.
|
2
roles/firewalld/molecule/default/Dockerfile.j2
Normal file
2
roles/firewalld/molecule/default/Dockerfile.j2
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
FROM debian:stable
|
||||||
|
RUN apt-get update && apt-get install python3-pip python-is-python3 sudo lsb-release -y
|
8
roles/firewalld/molecule/default/converge.yml
Normal file
8
roles/firewalld/molecule/default/converge.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Converge
|
||||||
|
hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: "Include firewalld"
|
||||||
|
include_role:
|
||||||
|
name: "firewalld"
|
13
roles/firewalld/molecule/default/molecule.yml
Normal file
13
roles/firewalld/molecule/default/molecule.yml
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
---
|
||||||
|
dependency:
|
||||||
|
name: galaxy
|
||||||
|
driver:
|
||||||
|
name: docker
|
||||||
|
platforms:
|
||||||
|
- name: molecule
|
||||||
|
image: debian:stable
|
||||||
|
#pre_build_image: true
|
||||||
|
provisioner:
|
||||||
|
name: ansible
|
||||||
|
verifier:
|
||||||
|
name: ansible
|
10
roles/firewalld/molecule/default/verify.yml
Normal file
10
roles/firewalld/molecule/default/verify.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
# This is an example playbook to execute Ansible tests.
|
||||||
|
|
||||||
|
- name: Verify
|
||||||
|
hosts: all
|
||||||
|
gather_facts: false
|
||||||
|
tasks:
|
||||||
|
- name: Example assertion
|
||||||
|
assert:
|
||||||
|
that: true
|
37
roles/firewalld/tasks/main.yml
Normal file
37
roles/firewalld/tasks/main.yml
Normal file
|
@ -0,0 +1,37 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: install firewalld
|
||||||
|
package:
|
||||||
|
name: firewalld
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: "Make sure FirewallD is running"
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: firewalld
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
||||||
|
|
||||||
|
- name: Open SSH port in firewall
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: ssh
|
||||||
|
permanent: yes
|
||||||
|
state: enabled
|
||||||
|
immediate: yes
|
||||||
|
#this is seperate so you don't accidentally remove it
|
||||||
|
|
||||||
|
- name: Open services in firewall
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
service: "{{ item }}"
|
||||||
|
permanent: yes
|
||||||
|
state: enabled
|
||||||
|
immediate: yes
|
||||||
|
with_items: "{{ firewall_services }}"
|
||||||
|
|
||||||
|
- name: Open ports in firewall
|
||||||
|
ansible.posix.firewalld:
|
||||||
|
port: "{{ item }}"
|
||||||
|
permanent: yes
|
||||||
|
state: enabled
|
||||||
|
immediate: yes
|
||||||
|
with_items: "{{ firewall_ports }}"
|
||||||
|
when: firewall_ports is defined
|
2
roles/firewalld/tests/inventory
Normal file
2
roles/firewalld/tests/inventory
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
localhost
|
||||||
|
|
5
roles/firewalld/tests/test.yml
Normal file
5
roles/firewalld/tests/test.yml
Normal file
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
- hosts: localhost
|
||||||
|
remote_user: root
|
||||||
|
roles:
|
||||||
|
- example_role
|
8
site.yml
Normal file
8
site.yml
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Set up user account on all hosts
|
||||||
|
hosts: all
|
||||||
|
remote_user: root
|
||||||
|
|
||||||
|
roles:
|
||||||
|
- basic_common_settings
|
Loading…
Reference in a new issue