dotfiles/tasks/security.yml
Jake Howard a50a8d5385
Give in and install zoom
But use it through firejail. Doesn't have cam support yet, but I can fix that later
2020-06-12 10:19:03 +01:00

70 lines
1.4 KiB
YAML

- name: Install security-related packages
aur:
name: "{{ item }}"
become: true
become_user: aur_builder
when: item not in installed_packages.stdout_lines
loop:
- firejail
- keepassxc
- qomui
- wireguard-tools
- yubikey-personalization-gui
- name: Create .ssh directory
file:
state: directory
path: "{{ home }}/.ssh"
owner: "{{ user }}"
mode: 0700
directory_mode: 0700
- name: Install assh config
copy:
src: ./files/assh.yml
dest: "{{ home }}/.ssh/assh.yml"
mode: 0644
owner: "{{ user }}"
- name: Install Firewall
aur:
name: "{{ item }}"
become: true
become_user: aur_builder
when: item not in installed_packages.stdout_lines
loop:
- firewalld
- name: Enable firewalld
systemd:
name: firewalld
enabled: true
state: started
- name: Define firewall ports
set_fact:
requested_firewall_ports:
- 22/tcp # SSH
- 80/tcp # Web (crab)
- name: Get firewall ports
shell: firewall-cmd --list-ports
become: true
register: firewall_ports
- name: Open firewall ports
firewalld:
port: "{{ item }}"
permanent: true
immediate: true
state: enabled
loop: "{{ requested_firewall_ports }}"
- name: Close firewall ports
firewalld:
port: "{{ item }}"
permanent: true
immediate: true
state: disabled
when: item and item not in requested_firewall_ports
loop: "{{ firewall_ports.stdout.split(' ') }}"