151 lines
3.2 KiB
YAML
Executable File
151 lines
3.2 KiB
YAML
Executable File
---
|
|
- name: Install required packages
|
|
ansible.builtin.apt:
|
|
name: "{{ item }}"
|
|
loop:
|
|
- curl
|
|
- tree
|
|
- ufw
|
|
- ntp
|
|
- tftpd-hpa
|
|
- syslog-ng
|
|
- vsftpd
|
|
- nfs-kernel-server
|
|
|
|
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP and TFTP connections
|
|
community.general.ufw:
|
|
rule: allow
|
|
direction: in
|
|
port: "{{ item.port }}"
|
|
proto: "{{ item.proto }}"
|
|
loop:
|
|
- port: '22'
|
|
proto: tcp
|
|
- port: '123'
|
|
proto: udp
|
|
- port: '514'
|
|
proto: udp
|
|
- port: '23'
|
|
proto: tcp
|
|
- port: '3389'
|
|
proto: tcp
|
|
- port: '69'
|
|
proto: udp
|
|
- port: '5140'
|
|
proto: tcp
|
|
- port: '5141'
|
|
proto: tcp
|
|
- port: '5142'
|
|
proto: tcp
|
|
- port: '111'
|
|
proto: tcp
|
|
- port: '111'
|
|
proto: udp
|
|
- port: '2049'
|
|
proto: tcp
|
|
- port: '2049'
|
|
proto: udp
|
|
- port: '32767'
|
|
proto: tcp
|
|
- port: '32767'
|
|
proto: udp
|
|
|
|
|
|
- name: Deny all other incoming IPv4 traffic
|
|
community.general.ufw:
|
|
state: enabled
|
|
policy: deny
|
|
direction: incoming
|
|
|
|
- name: Block all IPv6 incoming connections
|
|
community.general.ufw:
|
|
rule: deny
|
|
direction: in
|
|
proto: ipv6
|
|
|
|
- name: Apply NTP configuration file
|
|
ansible.builtin.copy:
|
|
src: ntp.conf
|
|
dest: /etc/ntp.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
backup: yes
|
|
|
|
- name: Apply TFTP configuration file
|
|
ansible.builtin.copy:
|
|
src: tftpd-hpa
|
|
dest: /etc/default/tftpd-hpa
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
backup: yes
|
|
|
|
- name: Create TFTP directory
|
|
ansible.builtin.file:
|
|
path: "/home/{{ ansible_user }}/Desktop/TFTP"
|
|
state: directory
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
mode: '0777'
|
|
|
|
- name: Apply SYSLOG configuration file
|
|
ansible.builtin.copy:
|
|
src: syslog-ng-network-devices.conf
|
|
dest: /etc/syslog-ng/conf.d/syslog-ng-network-devices.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
backup: yes
|
|
|
|
- name: Apply FTP configuration file
|
|
ansible.builtin.copy:
|
|
src: vsftpd.conf
|
|
dest: /etc/vsftpd.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
backup: yes
|
|
|
|
- name: Create FTP directory
|
|
ansible.builtin.file:
|
|
path: "/home/{{ ansible_user }}/Desktop/SFTP"
|
|
state: directory
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
mode: '0755'
|
|
|
|
- name: Create NFS directories
|
|
ansible.builtin.file:
|
|
path: "{{ item.path }}"
|
|
state: directory
|
|
owner: "{{ item.owner }}"
|
|
group: "{{ item.group }}"
|
|
mode: '0755'
|
|
loop:
|
|
- path: "/home/{{ ansible_user }}/Desktop/DNAC-NFS-BACKUP"
|
|
owner: "nobody"
|
|
group: "nogroup"
|
|
- path: "/home/{{ ansible_user }}/Desktop/DNAC-SSH-BACKUP"
|
|
owner: "{{ ansible_user }}"
|
|
group: "{{ ansible_user }}"
|
|
|
|
- name: Apply NFS configuration lines
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/exports
|
|
line: "/home/{{ ansible_user }}/Desktop/DNAC-NFS-BACKUP *(rw,all_squash,sync,no_subtree_check) "
|
|
state: present
|
|
|
|
- name: Export file system to NFS server
|
|
ansible.builtin.command: sudo exportfs -a
|
|
|
|
- name: Enable installed services
|
|
ansible.builtin.service:
|
|
name: "{{ item }}"
|
|
enabled: yes
|
|
loop:
|
|
- ntp
|
|
- tftpd-hpa
|
|
- syslog-ng
|
|
- vsftpd
|
|
- nfs-kernel-server |