added:

- set file permissions - setup sysctls - set root password from vault var - added doas + config
2024-11-18 18:33:33 +01:00
parent c8f169253d
commit 8e23c090d9
7 changed files with 112 additions and 16 deletions
--- a/roles/server/files/doas.conf
+++ b/roles/server/files/doas.conf
@@ -0,0 +1 @@
+permit persist :wheel as root
--- a/roles/server/tasks/main.yaml
+++ b/roles/server/tasks/main.yaml
@@ -44,3 +44,33 @@
  args:
    creates: "{{ item.mount }}"

+- name: Change permissions
+  loop: "{{ permissions }}"
+  ansible.builtin.file:
+    path: "{{ item.name }}"
+    owner: "{{ item.owner }}" 
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
+    
+- name: Change root password
+  user:
+    name: root
+    password: "{{ root_password | password_hash('sha512') }}"
+
+- name: Setup sysctls
+  loop: "{{ kernel.sysctls | dict2items }}"
+  ansible.posix.sysctl:
+    name: "{{ item.key }}"
+    value: "{{ item.value }}"
+    sysctl_set: true
+    state: present
+    reload: true
+
+- name: Install doas config
+  ansible.builtin.copy:
+    src: roles/server/files/doas.conf
+    dest: /usr/local/etc/doas.conf
+    owner: root
+    group: wheel
+    mode: '0600'
+