diff --git a/roles/base/README.md b/roles/base/README.md new file mode 100644 index 0000000..ac397c0 --- /dev/null +++ b/roles/base/README.md @@ -0,0 +1,12 @@ +## Ansible Role: base + +This role is applied to all hosts. This role must not have any package +depencies outside operating system's base packages. + +### Basic service + +This role will install and configure following base services using +operating system default software: + * mail sending to local (foo.sh) addresses using smtps port + * system logging to remote host + * ssh server (tighten crypto settings) diff --git a/roles/base/tasks/OpenBSD.yml b/roles/base/tasks/OpenBSD.yml index c1b7078..f148a76 100644 --- a/roles/base/tasks/OpenBSD.yml +++ b/roles/base/tasks/OpenBSD.yml @@ -14,9 +14,6 @@ state: installed with_items: - bash # lots of scripts rely on this - - emacs--no_x11 # better editor :) - - htop # system monitoring - - iftop # monitor interfaces - vim--no_x11 # we need real vim - name: disable nightly cron noise @@ -54,6 +51,7 @@ include_role: name: "{{ role }}" with_items: + - opensmtpd - pf - syslogd loop_control: diff --git a/roles/base/tasks/RedHat.yml b/roles/base/tasks/RedHat.yml index ed243a2..d97f250 100644 --- a/roles/base/tasks/RedHat.yml +++ b/roles/base/tasks/RedHat.yml @@ -1,15 +1,11 @@ --- -- name: enable epel repository - package: - name: epel-release - state: installed - - name: install os specific roles include_role: name: "{{ role }}" with_items: - selinux # selinux first to get fcontexts working - iptables + - postfix - rsyslog loop_control: loop_var: role @@ -20,8 +16,6 @@ state: installed with_items: - bind-utils # dig - - htop # system monitoring - - iftop # monitor interfaces - iotop # monitor io usage - mailx # send mail from cmd - nc # netcat diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index 16cd6a7..12ca3d6 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -63,7 +63,6 @@ name: "{{ role }}" with_items: - network - - opensmtpd - pki - psacct loop_control: