- hosts: h1-126 tasks: - name: Install software become: yes package: name: - awall - dnsmasq - htop - vim state: present - name: enable dnsmasq service become: yes service: name: dnsmasq enabled: yes state: started - name: Configure SSHD become: yes lineinfile: path: /etc/ssh/sshd_config state: present regexp: "PermitRootLogin" line: "PermitRootLogin yes" create: yes notify: restart SSHD service - name: add requirements in sysctl become: yes blockinfile: path: /etc/sysctl.conf insertafter: EOF block: | # Enable IPv4 forwarding net.ipv4.ip_forward = 1 - name: configuring interfaces become: yes copy: src: 'config/interface-config' dest: '/etc/network/interfaces' mode: 0644 - name: configure DNS become: yes copy: src={{ item.src }} dest={{ item.dest }} mode=0644 with_items: - { src: 'config/dnsmasq/dnsmasq.conf', dest: '/etc/dnsmasq.conf'} - { src: 'config/dnsmasq/hosts', dest: '/etc/hosts'} notify: restart dnsmasq service - name: configure awall become: yes copy: src={{ item.src }} dest={{ item.dest }} mode=0644 with_items: - { src: 'config/awall/private', dest: '/etc/awall'} - { src: 'config/awall/optional', dest: '/etc/awall'} - name: enable IPv4 forwarding become: yes lineinfile: path: /etc/conf.d/iptables state: present regexp: "IPFORWARD=" line: 'IPFORWARD="yes"' create: yes - name: Enable awall policies awall: name: - main - ssh - icmp state: enabled activate: yes - name: enable iptables service become: yes service: name: iptables enabled: yes state: started handlers: - name: restart SSHD service become: yes service: name: sshd enabled: yes state: restarted - name: restart dnsmasq service become: yes service: name: dnsmasq enabled: yes state: restarted