technolog/ansible
1
0
Fork 0
Code Issues Pull Requests Activity

compliance - OS specific tasks more defined

Browse Source
This commit is contained in:
iRaven
2025-11-30 18:45:39 -06:00
parent 94cd4d522b
commit 99ef7828bf
2 changed files with 10 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
linux/compliance_Alpine.yaml
View File

@@ -1,7 +1,7 @@
--- ---
## Checks/deploys an Alpine Linux system to be managed with Ansible. ## Checks/deploys an Alpine Linux system to be managed with Ansible.
- name: Install standard packages if not already installed. - name: Alpine - Install standard packages if not already installed.
# Looking at you LXCs. >.> # Looking at you LXCs. >.>
ansible.builtin.package: ansible.builtin.package:
name: name:
@@ -15,7 +15,7 @@
state: present state: present
# Give ansible doas rights with no password required. # Give ansible doas rights with no password required.
- name: Add doas rights with no password for deployment user - name: Alpine - Add doas rights with no password for deployment user
lineinfile: lineinfile:
dest: /etc/doas.conf dest: /etc/doas.conf
regexp: '^ansible' regexp: '^ansible'
@@ -23,7 +23,7 @@
state: present state: present
validate: 'doas -C %s' validate: 'doas -C %s'
- name: Add nhadmin to wheel group. - name: Alpine - Add nhadmin to wheel group.
user: user:
name: nhadmin name: nhadmin
groups: wheel groups: wheel

14
linux/compliance_Debian.yaml
View File

@@ -2,7 +2,7 @@
## Checks/deploys a Debian Linux system to be managed with Ansible. ## Checks/deploys a Debian Linux system to be managed with Ansible.
# Add sudo package # Add sudo package
- name: Install sudo if not already installed. - name: Debian - Install sudo if not already installed.
# Looking at you LXCs. >.> # Looking at you LXCs. >.>
ansible.builtin.package: ansible.builtin.package:
name: name:
@@ -10,7 +10,7 @@
state: present state: present
# APT Cacher-NG Configuration # APT Cacher-NG Configuration
- name: Add APT-Cacher-NG Configuration - name: Debian - Add APT-Cacher-NG Configuration
copy: copy:
content: "{{ aptcacher_config }}" content: "{{ aptcacher_config }}"
dest: /etc/apt/apt.conf.d/proxy dest: /etc/apt/apt.conf.d/proxy
@@ -20,11 +20,11 @@
state: absent state: absent
# Update apt package lists after adding our proxy # Update apt package lists after adding our proxy
- name: Update apt repo package lists from cacher - name: Debian - Update apt repo package lists from cacher
apt: update_cache=yes force_apt_get=yes cache_valid_time=3600 apt: update_cache=yes force_apt_get=yes cache_valid_time=3600
# Add required packages because Debian is lame # Add required packages because Debian is lame
- name: Install standard packages if not already installed. - name: Debian - Install standard packages if not already installed.
ansible.builtin.package: ansible.builtin.package:
name: name:
- curl - curl
@@ -35,7 +35,7 @@
state: present state: present
# Give ansible sudo rights with no password required. # Give ansible sudo rights with no password required.
- name: Add sudo rights with no password for deployment user. - name: Debian - Add sudo rights with no password for deployment user.
lineinfile: lineinfile:
dest: /etc/sudoers dest: /etc/sudoers
regexp: '^ansible' regexp: '^ansible'
@@ -43,14 +43,14 @@
state: present state: present
validate: 'visudo -cf %s' validate: 'visudo -cf %s'
- name: Add nhadmin to sudo group. - name: Debian - Add nhadmin to sudo group.
user: user:
name: nhadmin name: nhadmin
groups: sudo groups: sudo
append: yes append: yes
# when: "'sudo' in ansible_facts.getent_group" # when: "'sudo' in ansible_facts.getent_group"
- name: Add nhadmin to systemd-journal group. - name: Debian - Add nhadmin to systemd-journal group.
user: user:
name: nhadmin name: nhadmin
groups: systemd-journal groups: systemd-journal