76 lines
1.8 KiB
YAML
76 lines
1.8 KiB
YAML
---
|
|
- name: Prestage server and install services [SYSLOG, FTP, TFTP, NTP]
|
|
hosts: all
|
|
roles:
|
|
- common
|
|
become: yes
|
|
|
|
tasks:
|
|
|
|
- name: Update and upgrade current packages
|
|
apt:
|
|
update_cache: yes
|
|
upgrade: yes
|
|
|
|
- name: Update apt cache and install required packages
|
|
apt:
|
|
name: "{{ item }}"
|
|
loop:
|
|
- curl
|
|
- tree
|
|
- syslog-ng
|
|
- vsftpd
|
|
- tftpd-hpa
|
|
- ntp
|
|
- ufw
|
|
|
|
- name: Create a new regular user with sudo privileges
|
|
user:
|
|
name: "{{ create_user }}"
|
|
state: present
|
|
groups: sudo
|
|
append: true
|
|
create_home: true
|
|
shell: /bin/bash
|
|
|
|
- name: Set authorized key for remote user
|
|
authorized_key:
|
|
user: "{{ create_user }}"
|
|
state: present
|
|
key: "{{ copy_local_key }}"
|
|
|
|
- name: Configure UFW to allow inbound NTP, SSH, SYSLOG, FTP connections
|
|
ufw:
|
|
rule: allow
|
|
direction: in
|
|
port: "{{ item.port }}"
|
|
proto: "{{ item.proto }}"
|
|
loop:
|
|
- port: '22'
|
|
proto: tcp
|
|
- port: '123'
|
|
proto: udp
|
|
- port: '514'
|
|
proto: udp
|
|
- port: '23'
|
|
proto: tcp
|
|
|
|
- name: UFW - Deny all other incoming traffic by default
|
|
ufw:
|
|
state: enabled
|
|
policy: deny
|
|
direction: incoming
|
|
|
|
- name: Block all IPv6 incoming connections
|
|
ufw:
|
|
rule: block
|
|
direction: in
|
|
proto: ipv6
|
|
|
|
- name: Send Webex Teams message via BOT to confirm playbook completion
|
|
community.general.cisco_webex:
|
|
recipient_type: toPersonEmail
|
|
recipient_id: "{{ webex_id }}"
|
|
msg_type: markdown
|
|
personal_token: "{{ webex_token }}"
|
|
msg: "**Prestaging has been completed for host {{ inventory_hostname }}.**" |