-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsetup.yml
executable file
·83 lines (72 loc) · 2.04 KB
/
setup.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/usr/bin/ansible-playbook
---
- hosts: debian
remote_user: root
tasks:
- name: Update APT
apt: update_cache=yes cache_valid_time=3600
- name: Install and update common utilities
apt: pkg={{item}} state=latest
with_items:
- git
- scanlogd
- tor
- socat
- htop
- ippl
- curl
- tmux
- openssh-server
- golang
- name: Purge unused default utilities
apt: pkg={{item}} state=absent purge=yes
environment:
SUDO_FORCE_REMOVE: 'yes'
with_items:
- apache2*
- sendmail*
- postfix
- exim
- exim4
- sudo
- iptables
- portmap
- bind9
# Source:
# http://serverfault.com/questions/644082/running-apt-get-autoremove-with-ansible
- name: Check if packages need to be autoremoved
command: apt-get --dry-run autoremove
register: check_autoremove
changed_when: False
# Source:
# http://serverfault.com/questions/644082/running-apt-get-autoremove-with-ansible
- name: Autoremove unused packages
command: apt-get -y autoremove --purge
when: "'packages will be REMOVED' in check_autoremove.stdout"
- name: Install tightened SSH configuration
copy: src={{item}} dest=/etc/ssh/{{item}} owner=root group=root mode=0755
with_items:
- ssh_config
- sshd_config
notify: Restart ssh
- name: Remove comments and blank lines in config files
lineinfile: dest={{item}} regexp="^(#.*)?$" state=absent
with_items:
- /etc/tor/torrc
- name: Create service state directory
file: path=/srv owner=root group=daemon mode=0755
- name: Create Tor Hidden Service directory
file: path=/srv/tor state=directory owner=debian-tor mode=0700
notify: Restart tor
- name: Enable critical services
service: name={{item}} enabled=yes state=started
with_items:
- tor
- ssh
# Source:
# http://ryaneschinger.com/blog/securing-a-server-with-ansible/
handlers:
- name: Restart ssh
service: name=ssh state=restarted
- name: Restart tor
service: name=tor state=restarted