dotfiles/tasks/security.yml

41 lines
866 B
YAML

- name: "Install security-related packages"
aur:
skip_installed: true
name: "{{ item }}"
become: true
become_user: aur_builder
when: "item not in installed_packages.stdout_lines"
with_items:
- 'enpass-bin'
- 'opensnitch-git'
- 'qomui'
- 'wireguard-arch'
- 'wireguard-tools'
- name: Install assh config
copy:
src: ./files/assh.yml
dest: "{{ home }}/.ssh/assh.yml"
mode: 0644
owner: "{{ user }}"
- name: "Create opensnitch config directory"
file:
path: '{{ home }}/.opensnitch/'
state: directory
owner: "{{ user }}"
mode: 0755
- name: Install opensnitch config
copy:
src: ./files/opensnitch.json
dest: "{{ home }}/.opensnitch/ui-config.json"
mode: 0644
owner: "{{ user }}"
- name: Enable opensnitch
systemd:
name: "opensnitchd"
enabled: true
state: started