mirror of
https://github.com/pikami/mail-server.git
synced 2024-11-30 13:55:42 +00:00
57 lines
1.4 KiB
YAML
57 lines
1.4 KiB
YAML
- name: Initial System Setup
|
|
hosts:
|
|
- mx1
|
|
- mx2
|
|
remote_user: root
|
|
become: true
|
|
become_method: su
|
|
vars_files:
|
|
- vars.yml
|
|
tasks:
|
|
- name: Apply all available system patches
|
|
command: syspatch
|
|
register: syspatch
|
|
failed_when: syspatch.rc != 0 and syspatch.rc != 2
|
|
changed_when: syspatch.rc == 0
|
|
|
|
- name: Update package list and upgrade all packages
|
|
command: pkg_add -u
|
|
|
|
- name: Install essential packages
|
|
community.general.openbsd_pkg:
|
|
name:
|
|
- nano
|
|
- curl
|
|
- git
|
|
state: present
|
|
|
|
- name: Disable SSH password authentication
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: "^#?PasswordAuthentication"
|
|
line: "PasswordAuthentication no"
|
|
state: present
|
|
register: sshd_config
|
|
|
|
- name: Restart SSH service to apply changes
|
|
ansible.builtin.service:
|
|
name: sshd
|
|
state: restarted
|
|
when: sshd_config.changed
|
|
|
|
- name: Add SSH public key to authorized_keys
|
|
ansible.posix.authorized_key:
|
|
user: root
|
|
key: "{{ ssh_public_key }}"
|
|
|
|
- name: Configure firewall
|
|
template:
|
|
src: "templates/pf.conf.j2"
|
|
dest: /etc/pf.conf
|
|
validate: pfctl -n -f %s
|
|
register: pf
|
|
|
|
- name: Load config to pf if needed
|
|
command: pfctl -f /etc/pf.conf
|
|
when: pf.changed
|