From 139ba7504a4adfd73367c8514a38296b9cd3acaa Mon Sep 17 00:00:00 2001 From: Marius Melzer Date: Sat, 20 Apr 2024 15:23:38 +0200 Subject: [PATCH] Add system-basics role - set time zone - limit journal size - set vim as editor - limit ssh login to pubkey --- roles/system-basics/handlers/main.json | 17 +++++++++++++ roles/system-basics/tasks/main.json | 33 ++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) create mode 100644 roles/system-basics/handlers/main.json create mode 100644 roles/system-basics/tasks/main.json diff --git a/roles/system-basics/handlers/main.json b/roles/system-basics/handlers/main.json new file mode 100644 index 0000000..1da98d3 --- /dev/null +++ b/roles/system-basics/handlers/main.json @@ -0,0 +1,17 @@ +[ + { + "name": "restart sshd", + "service": { + "name": "sshd", + "state": "restarted" + } + }, + { + "name": "restart journal", + "service": { + "name": "systemd-journald", + "state": "restarted", + "enabled": "yes" + } + } +] diff --git a/roles/system-basics/tasks/main.json b/roles/system-basics/tasks/main.json new file mode 100644 index 0000000..1b87040 --- /dev/null +++ b/roles/system-basics/tasks/main.json @@ -0,0 +1,33 @@ +[ + { + "name": "Set timezone to Berlin", + "community.general.timezone": { + "name": "Europe/Berlin" + } + }, + { + "name": "Limit syslogs", + "lineinfile": { + "dest": "/etc/systemd/journald.conf", + "regexp": "^#?\\s*SystemMaxFileSize", + "line": "SystemMaxFileSize=2G" + }, + "notify": "restart journal" + }, + { + "name": "Set vim as default editor", + "alternatives": { + "name": "editor", + "path": "/usr/bin/vim.basic" + } + }, + { + "name": "Disable root login without key", + "lineinfile": { + "dest": "/etc/ssh/sshd_config", + "regexp": "^#?PermitRootLogin ", + "line": "PermitRootLogin without-password" + }, + "notify": "restart sshd" + } +]