Commit | Line | Data |
---|---|---|
f60b613f MW |
1 | ### -*-yaml-*- |
2 | ### | |
3 | ### Tasks applicable for all hosts. | |
4 | ||
3f6c5992 MW |
5 | --- |
6 | ||
7 | ###-------------------------------------------------------------------------- | |
8 | ### General permissions. | |
9 | ||
10 | - name: fix permissions in /root | |
11 | tags: [perms, root-perms] | |
12 | file: name=/root mode=0750 owner=root group=root | |
13 | ||
14 | ###-------------------------------------------------------------------------- | |
15 | ### PKI machinery. | |
16 | ||
17 | - name: install PKI maintenance scripts | |
18 | tags: [pki] | |
19 | copy: src=pki/{{ item }} dest=/etc/cron.daily | |
20 | with_items: | |
21 | - update-ca-certs | |
22 | - check-x509-certs | |
23 | ||
24 | ###-------------------------------------------------------------------------- | |
25 | ### NTP configuration. | |
26 | ||
27 | - name: install NTP configuration files | |
28 | tags: [ntp, ntp-client] | |
29 | copy: src=ntp-client/ntp.conf dest=/etc | |
30 | when: server is not defined or 'ntp' not in server | |
31 | notify: restart ntpd | |
32 | ||
33 | ###-------------------------------------------------------------------------- | |
34 | ### SSH configuration. | |
35 | ||
36 | - name: install SSH configuration files | |
37 | tags: [ssh, ssh-config] | |
38 | copy: src=ssh-config/{{ item }} dest=/etc/ssh | |
39 | notify: restart ssh | |
40 | with_items: | |
41 | - Makefile | |
42 | - ssh_config | |
43 | - sshd_config.m4 | |
44 | - moduli | |
45 | ||
46 | - name: install main keys for root SSH access | |
47 | tags: [ssh, ssh-root] | |
48 | template: src=ssh-root-authkeys dest=/root/.ssh/authkeys.base | |
49 | ||
50 | - name: install keys for root SSH access | |
51 | tags: [ssh, ssh-root] | |
52 | copy: src=ssh-root/{{ item }} dest=/root/.ssh | |
53 | with_items: | |
54 | - Makefile | |
55 | - config.m4 | |
56 | - known_hosts.extra | |
57 | ||
58 | ###----- That's all, folks -------------------------------------------------- |