Make the denier, allower

This commit is contained in:
Midou36O 2024-01-06 19:33:33 +01:00
parent 0bfd2360cc
commit 0efcaa83f7
Signed by: midou
GPG Key ID: 1D134A95FE521A7A

View File

@ -74,7 +74,6 @@
name: ufw
enabled: true
state: started
- name: Disable dmesg logging to console
ansible.posix.sysctl:
name: kernel.printk
@ -105,7 +104,6 @@
value: "60"
state: present
sysctl_set: true
- name: Bashrc skel
ansible.builtin.template:
src: templates/bashrc.j2
@ -146,7 +144,6 @@
src: templates/prompt.j2
dest: /root/.prompt
mode: preserve
- name: Add user
ansible.builtin.user:
name: "{{ item.name }}"
@ -163,14 +160,12 @@
key: "{{ lookup('file', 'files/' + item.name + '.pub') }}"
with_items:
- "{{ users }}"
- name: "Allow admin users to sudo without a password"
ansible.builtin.lineinfile:
dest: "/etc/sudoers" # path: in version 2.3
state: "present"
regexp: "^%sudo"
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
- name: Sshd configuration file update
ansible.builtin.template:
src: templates/sshd_config.j2
@ -187,7 +182,6 @@
dest: "/etc/borgmatic/config.yaml"
state: "absent"
regexp: "^.*encryption_passphrase"
handlers:
- name: Restart sshd
ansible.builtin.service:
@ -244,4 +238,4 @@
port: "{{ item.port }}"
proto: "{{ item.proto }}"
with_items:
- "{{ ufw_deny_rules }}"
- "{{ ufw_allow_rules }}"