dotfiles/tasks/security.yml

71 lines
1.4 KiB
YAML
Raw Normal View History

- name: Install security-related packages
2019-03-14 21:34:29 +00:00
aur:
name: "{{ item }}"
become: true
become_user: aur_builder
when: item not in installed_packages.stdout_lines
loop:
- firejail
- keepassxc
- qomui
- wireguard-tools
2020-05-14 16:44:24 +01:00
- yubikey-personalization-gui
2019-03-14 21:34:29 +00:00
2020-04-04 21:19:05 +01:00
- name: Create .ssh directory
file:
state: directory
path: "{{ home }}/.ssh"
owner: "{{ user }}"
mode: 0700
directory_mode: 0700
2019-05-25 16:50:09 +01:00
- name: Install assh config
copy:
2019-03-14 21:34:29 +00:00
src: ./files/assh.yml
2019-05-25 00:21:47 +01:00
dest: "{{ home }}/.ssh/assh.yml"
mode: 0644
owner: "{{ user }}"
2020-06-03 20:32:12 +01:00
- name: Install Firewall
aur:
name: "{{ item }}"
become: true
become_user: aur_builder
when: item not in installed_packages.stdout_lines
loop:
- firewalld
- name: Enable firewalld
systemd:
name: firewalld
enabled: true
state: started
2020-06-03 20:32:12 +01:00
- name: Define firewall ports
set_fact:
requested_firewall_ports:
- 22/tcp # SSH
- 80/tcp # Web (crab)
- name: Get firewall ports
shell: firewall-cmd --list-ports
become: true
register: firewall_ports
- name: Open firewall ports
firewalld:
port: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop: "{{ requested_firewall_ports }}"
- name: Close firewall ports
firewalld:
port: "{{ item }}"
permanent: true
immediate: true
state: disabled
when: item and item not in requested_firewall_ports
2020-06-03 20:32:12 +01:00
loop: "{{ firewall_ports.stdout.split(' ') }}"