feat: move to dedicated repo

2024-11-22 11:13:16 +01:00 · 2024-11-22 11:13:16 +01:00 · 4a88a5b28d
commit 4a88a5b28d
54 changed files with 1524 additions and 0 deletions
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -0,0 +1,321 @@
+---
+
+# check os support
+- name: "check for os support"
+  ansible.builtin.import_tasks: "ossupport.yaml"
+  tags:
+    - "apt"
+    - "cron"
+    - "crowdsec"
+    - "environment-file"
+    - "hostname"
+    - "firewall"
+    - "journald"
+    - "locale"
+    - "lldp"
+    - "lxd"
+    - "motd"
+    - "ntp"
+    - "telemetry"
+    - "snap"
+    - "sshd"
+    - "swap"
+    - "sysctl"
+    - "systemctl"
+    - "syslog"
+    - "timezone"
+    - "usermanagement"
+
+# load os variables
+- name: "include os specific vars"
+  ansible.builtin.include_vars: "{{ ansible_os_family }}.yaml"
+  when: "os_support"
+  tags:
+    - "apt"
+    - "cron"
+    - "crowdsec"
+    - "environment-file"
+    - "hostname"
+    - "firewall"
+    - "journald"
+    - "locale"
+    - "lldp"
+    - "lxd"
+    - "motd"
+    - "ntp"
+    - "telemetry"
+    - "snap"
+    - "sshd"
+    - "sysctl"
+    - "systemctl"
+    - "syslog"
+    - "timezone"
+    - "usermanagement"
+
+# set hostname
+- name: "set hostname"
+  ansible.builtin.import_tasks: "hostname.yaml"
+  when: "os_support"
+  tags: "hostname"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# set locale
+- name: "set locale"
+  ansible.builtin.import_tasks: "locale.yaml"
+  when: "os_support"
+  tags: "locale"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# environment
+- name: "environment"
+  ansible.builtin.import_tasks: "environment.yaml"
+  when: "os_support"
+  tags: "environment-file"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# motd
+- name: "motd"
+  ansible.builtin.import_tasks: "motd.yaml"
+  when: "os_support"
+  tags: "motd"
+
+# cron jobs
+- name: "cron jobs"
+  ansible.builtin.import_tasks: "cron.yaml"
+  when: "os_support"
+  tags: "cron"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# swap
+- name: "swap"
+  ansible.builtin.import_tasks: "swap.yaml"
+  when:
+    - "os_support"
+    - 'type == "vm"'
+  tags: "swap"
+
+# apt
+- name: "apt"
+  ansible.builtin.import_tasks: "apt/sources.yaml"
+  when: "os_support"
+  tags: "apt"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+- name: "apt - packages"
+  ansible.builtin.import_tasks: "apt/packages.yaml"
+  when: "os_support"
+  tags: "apt"
+
+- name: "apt - config"
+  ansible.builtin.import_tasks: "apt/config.yaml"
+  when: "os_support"
+  tags: "apt"
+
+# telemetry
+- name: "telemetry"
+  ansible.builtin.import_tasks: "telemetry.yaml"
+  when: "os_support"
+  tags: "telemetry"
+
+# service
+- name: "service"
+  ansible.builtin.include_tasks: "service.yaml"
+  loop: "{{ service }}"
+  loop_control:
+    loop_var: "__service"
+  when:
+    - "os_support"
+    - "service is defined"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# chrony
+- name: "ntp"
+  ansible.builtin.import_tasks: "ntp.yaml"
+  when:
+    - "os_support"
+    - 'type == "vm" or type == "hw"'
+  tags: "ntp"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# snap
+- name: "snap - daemon"
+  ansible.builtin.import_tasks: "snap/snap_daemon.yaml"
+  when: "os_support"
+  tags: "snap"
+
+- name: "snap - package"
+  ansible.builtin.import_tasks: "snap/snap_package.yaml"
+  when:
+    - "os_support"
+    - "snap_package is defined"
+  tags: "snap"
+
+# llpd
+- name: "lldpd"
+  ansible.builtin.import_tasks: "lldpd.yaml"
+  when:
+    - "os_support"
+    - 'type == "vm" or type == "hw"'
+  tags: "lldp"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# lxd
+- name: "lxd"
+  ansible.builtin.import_tasks: "lxd.yaml"
+  when:
+    - "os_support"
+    - 'type == "vm"'
+  tags: "lxd"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# sysctl
+- name: "sysctl - set sysctl"
+  ansible.builtin.include_tasks: "sysctl.yaml"
+  loop: "{{ sysctl }}"
+  loop_control:
+    loop_var: "__sysctl"
+  when:
+    - "os_support"
+    - 'type == "vm" or type == "hw"'
+  tags: "sysctl"
+
+# systemctl
+- name: "sysctl - set systemctl"
+  ansible.builtin.include_tasks: "systemctl.yaml"
+  loop: "{{ systemctl }}"
+  loop_control:
+    loop_var: "__systemctl"
+  when:
+    - "os_support"
+    - 'type == "vm"'
+  tags: "systemctl"
+
+# syslog
+- name: "syslog - install"
+  ansible.builtin.import_tasks: "syslog/install.yaml"
+  when:
+    - "os_support"
+    - "syslog_enable"
+  tags: "syslog"
+
+- name: "syslog - config"
+  ansible.builtin.import_tasks: "syslog/config.yaml"
+  when:
+    - "os_support"
+    - "syslog_enable"
+  tags: "syslog"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# journald
+- name: "journald"
+  ansible.builtin.import_tasks: "journald.yaml"
+  when: "os_support"
+  tags: "journald"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# timezone
+- name: "timezone"
+  ansible.builtin.import_tasks: "timezone.yaml"
+  when: "os_support"
+  tags: "timezone"
+
+# sshd
+- name: "sshd"
+  ansible.builtin.import_tasks: "sshd.yaml"
+  when: "os_support"
+  tags: "sshd"
+
+# flush handler
+- name: "flush handlers"
+  ansible.builtin.meta: "flush_handlers"
+
+# user
+- name: "user - create users"
+  ansible.builtin.include_tasks: "user.yaml"
+  loop: "{{ user }}"
+  loop_control:
+    loop_var: "__user"
+  when: "os_support"
+  tags: "usermanagement"
+
+# crowdsec
+- name: "crowdsec security engine"
+  ansible.builtin.include_tasks: "crowdsec.yaml"
+  when:
+    - "os_support"
+    - "crowdsec_enable"
+  tags: "crowdsec"
+
+# firewall
+- name: "firewall"
+  ansible.builtin.import_tasks: "firewall/firewall-general.yaml"
+  when:
+    - "os_support"
+    - "firewall_enabled"
+  tags: "firewall"
+
+# firewall common rules
+- name: "create firewall rules"
+  ansible.builtin.include_tasks: "firewall/firewall-rules.yaml"
+  loop: "{{ firewall_rules_common }}"
+  loop_control:
+    loop_var: "__rule"
+  when:
+    - "os_support"
+    - "firewall_rules_common is defined and firewall_enabled"
+  tags: "firewall"
+
+# firewall routed rules
+- name: "create routed firewall rules"
+  ansible.builtin.include_tasks: "firewall/firewall-rules-routed.yaml"
+  loop: "{{ firewall_rules_routed }}"
+  loop_control:
+    loop_var: "__rule"
+  when:
+    - "os_support"
+    - "firewall_rules_routed is defined and firewall_enabled"
+  tags: "firewall"
+
+# firewall host rules
+- name: "create firewall rules"
+  ansible.builtin.include_tasks: "firewall/firewall-rules.yaml"
+  loop: "{{ firewall_rules }}"
+  loop_control:
+    loop_var: "__rule"
+  when:
+    - "os_support"
+    - "firewall_rules is defined and firewall_enabled"
+  tags: "firewall"