apparmom; split up some functions

2025-04-19 15:47:11 +02:00 · 2016-07-17 20:56:39 +03:00 · 2016-07-17 20:56:39 +03:00 · 5a482ac354
commit 5a482ac354
parent 68945f69d7
1 changed files with 37 additions and 0 deletions
--- a/common.yml
+++ b/common.yml
@ -0,0 +1,37 @@
+---
+
+- name: Common tools
+  hosts: vpn-host
+  gather_facts: false
+  remote_user: root
+  vars_files:
+    - config.cfg    
+  
+  tasks:
+  - name: Wait for port 22 to become available
+    local_action: "wait_for port=22 host={{ inventory_hostname }}"
+
+  - name: Updating apt-get
+    raw: apt-get update -qq
+    
+  - name: Install python2.7 for Ansible
+    raw: apt-get install -qq -y python2.7
+    
+  - name: Install tools
+    apt: name="{{ item }}" state=latest
+    with_items:
+      - git
+      - screen
+      - apparmor-utils
+
+  - name: Enable packet forwarding for IPv4
+    sysctl: name=net.ipv4.ip_forward value=1
+
+  - name: Do not accept ICMP redirects (prevent MITM attacks)
+    sysctl: name=net.ipv4.conf.all.accept_redirects value=0
+
+  - name: Do not send ICMP redirects (we are not a router)
+    sysctl: name=net.ipv4.conf.all.send_redirects value=0
+    
+
+