fscotto/infra
1
0
Fork 0
mirror of https://github.com/fscotto/infra.git synced 2026-05-30 23:49:56 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
e9263d0d9bb54760cf599edb587dbddfedd6ebf5
infra/ansible/roles/profile_server/tasks/main.yml
Fabio Scotto di Santolo e9263d0d9b Add server profile directory setup
2026-03-30 19:02:24 +02:00

75 lines
2.2 KiB
YAML
Raw Blame History

---
- name: Copy server dotfiles
tags: [dotfiles, dotfiles:server]
ansible.builtin.copy:
src: "{{ playbook_dir }}/../dotfiles/server/{{ item.src }}"
dest: "{{ server_user_home }}/{{ item.dest }}"
owner: "{{ server_username }}"
group: "{{ server_user_group }}"
mode: "{{ item.mode }}"
loop: "{{ server_dotfiles | default([]) }}"
loop_control:
label: "{{ item.dest }}"
- name: Render server templates
tags: [dotfiles, dotfiles:server]
ansible.builtin.template:
src: "{{ item.src }}"
dest: "{{ server_user_home }}/{{ item.dest }}"
owner: "{{ server_username }}"
group: "{{ server_user_group }}"
mode: "{{ item.mode }}"
loop: "{{ server_templates | default([]) }}"
loop_control:
label: "{{ item.dest }}"
- name: Ensure server directories exist
tags: [dotfiles, services]
ansible.builtin.file:
path: "{{ item.path }}"
state: directory
owner: "{{ item.owner }}"
group: "{{ item.group }}"
mode: "{{ item.mode }}"
loop: "{{ server_directories | default([]) }}"
loop_control:
label: "{{ item.path }}"
- name: Disable SSH root login on server
tags: [services]
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^\s*PermitRootLogin\s+'
line: "PermitRootLogin {{ server_sshd_settings.PermitRootLogin }}"
state: present
validate: "sshd -t -f %s"
notify: Reload SSH service
- name: Restrict SSH login to allowed users on server
tags: [services]
ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config
regexp: '^\s*AllowUsers\s+'
line: "AllowUsers {{ server_sshd_allow_users | join(' ') }}"
state: present
validate: "sshd -t -f %s"
notify: Reload SSH service
when: (server_sshd_allow_users | default([])) | length > 0
- name: Apply server UFW rules
tags: [services, packages]
community.general.ufw:
rule: "{{ item.rule }}"
name: "{{ item.name | default(omit) }}"
port: "{{ item.port | default(omit) }}"
proto: "{{ item.proto | default(omit) }}"
loop: "{{ server_ufw_rules | default([]) }}"
loop_control:
label: "{{ item.name | default(item.port) }}"
- name: Enable UFW firewall on server
tags: [services, packages]
community.general.ufw:
state: enabled
Reference in New Issue View Git Blame Copy Permalink