This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/etc/apt/apt.conf.d/50unattended-upgrades |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: "Automated security updates" | |
apt: name=unattended-upgrades state=present | |
- file: path=/etc/apt/apt.conf.d/10periodic state=absent | |
- blockinfile: | |
dest: /etc/apt/apt.conf.d/10periodic |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- ufw: rule=allow port=22 from_ip=IP proto=tcp |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: "Setting up a firewall" | |
action: lineinfile dest=/etc/default/ufw regexp="^IPV6" line="IPV6=yes" state=present | |
- ufw: rule=allow port={% raw %}{{ item }}{% endraw %} proto=tcp | |
with_items: | |
- 22 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
(...) | |
become: true | |
handlers: | |
- name: Restart ssh | |
action: service name=ssh state=restarted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: "Enforce ssh key logins" | |
action: lineinfile dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present | |
notify: Restart ssh | |
- action: lineinfile dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present | |
notify: Restart ssh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt-get update; apt-get upgrade | |
apt-get install pwgen whois | |
/usr/bin/pwgen -s 40 1 (save result internally to Ansible to “root_password” variable) | |
/usr/bin/mkpasswd {result from root_password} --method=SHA-512 (save internally to “root_crypted_password”) | |
Set the root password | |
Print the root password, so that you can see what it is |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apt-get update; apt-get upgrade | |
apt-get install pwgen whois | |
/usr/bin/pwgen -s 40 1 (save result internally to Ansible to “root_password” variable) | |
/usr/bin/mkpasswd {result from root_password} --method=SHA-512 (save internally to “root_crypted_password”) | |
Set the root password | |
Print the root password, so that you can see what it is |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: "Add your user" | |
user: name=deploy shell=/bin/bash group=sudo | |
- authorized_key: user=deploy key="SSH_KEY" exclusive=yes | |
- shell: /usr/bin/pwgen -s 40 1 | |
register: deploy_password |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: "First things first - install latest patches" | |
apt: update_cache=yes upgrade=full | |
- name: "First things first - create random root password" | |
apt: name={{ item }} state=present | |
with_items: |