technolog/ansible
1
0
Fork 0
Code Issues Pull Requests Activity

Revert - Putting this in its own playbook instead

Browse Source
This commit is contained in:
iRaven 2024-04-28 19:40:29 -05:00
parent f7da5656ee
commit 2ab5e67b65
2 changed files with 35 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
linux/compliance.yaml
View File

@ -11,13 +11,17 @@
user: user:
name: ansible name: ansible
state: present state: present
# add to sudo
groups: sudo
append: yes
# Ansible user SSH pub key # Ansible user SSH pub key
# This is a really stupid way to do it, but alas.
# This uses an environment variable named ansiblesvc_key in Semaphore which has the ssh-rsa pubkey.
- name: Add deployment user's SSH key. - name: Add deployment user's SSH key.
ansible.posix.authorized_key: shell:
user: ansible cmd: echo "{{ ansiblesvc_key }}" > /home/ansible/.ssh/authorized_keys
state: present creates: /home/ansible/.ssh/authorized_keys
key: "{{ ansiblesvc_key }}"
# Give ansible sudo rights with no password required. # Give ansible sudo rights with no password required.
- name: Add sudo rights with no password for deployment user. - name: Add sudo rights with no password for deployment user.
@ -47,7 +51,7 @@
append: yes append: yes
# SSH config updating # SSH config updating
- name: Update SSH configuration to be more secure. - name: Update SSH configuration to disallow root login.
lineinfile: lineinfile:
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
regexp: "{{ item.regexp }}" regexp: "{{ item.regexp }}"
@ -60,17 +64,8 @@
notify: restart ssh notify: restart ssh
# Delete our network ansible key from the root user. # Delete our network ansible key from the root user.
- name: Delete our network ansible key from the root user. - name: Delete our network ansible key (and other keys) from the root user.
ansible.builtin.file: ansible.builtin.file:
path: /root/.ssh/authorized_keys path: /root/.ssh/authorized_keys
state: absent state: absent
ignore_errors: yes ignore_errors: yes
# New 04/28/24: Do not use the DHCP Client ID as our MAC Address.
- name: Configure dhclient to use the MAC address of the system instead of Client ID.
blockinfile:
state: present
insertafter: EOF
dest: /etc/dhclient/dhclient.conf
marker: "# Changed by ansible playbook: Use MAC address instead of DHCP Client ID"
content:

24
linux/dhclient.yml Normal file
View File

@ -0,0 +1,24 @@
---
## Configures dhclient to use the MAC address of the system instead of Client ID, removes all previous leases, and restarts the networking service.
- hosts: all
gather_facts: yes
become: yes
tasks:
- name: Configure dhclient to use the MAC address of the system instead of Client ID.
blockinfile:
state: present
insertafter: EOF
dest: /etc/dhcp/dhclient.conf
marker: "# Changed by ansible playbook: Use MAC address instead of DHCP Client ID"
content: |
send dhcp-client-identifier = hardware;
- name: Remove any dhclient leases in /var/lib/dhcp.
shell:
cmd: rm /var/lib/dhcp/*
removes: /var/lib/dhcp/*
- name: Restart networking service.
service:
name: networking
state: restarted