forked from marsante/MedShakeEHR-Ansible
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplaybook.yml
23 lines (21 loc) · 1.09 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
---
- name: Installation
hosts: all
vars_files:
- vars/main.yml
roles:
- { role: dev-sec.os-hardening, tags: ['OS-sec', 'security', 'base'] }
- { role: dev-sec.ssh-hardening, tags: ['SSH-sec', 'security', 'base'] }
- { role: geerlingguy.firewall, tags: ['Firewall', 'security', 'base'] }
- { role: jnv.unattended-upgrades, tags: ['AutoUpgrades', 'security', 'base'] }
- { role: geerlingguy.mysql, tags: ['MariaDB', 'base', 'minimal'] }
- { role: dev-sec.mysql-hardening, tags: ['MariaDB-sec', 'security', 'base'] }
- { role: geerlingguy.php, tags: ['PHP', 'base', 'minimal'] }
- { role: geerlingguy.composer, tags: ['composer', 'base', 'minimal'] } # remove after Debian 10 EOL & add composer to msehrpackage
- { role: MedShakeEHR, tags: ['MedShakeEHR', 'base', 'minimal'] }
- { role: geerlingguy.apache, tags: ['Apache', 'base', 'minimal'] }
- { role: Apache-sec, tags: ['Apache', 'security', 'base'] }
#- { role: OpenVPN, tags: ['OpenVPN', 'security', 'VPN']}
post_tasks:
- shell: usermod -p "*" {{ user }} # Unlock account after ssh-hardening
...