diff options
author | Matthieu Saulnier <fantom@fedoraproject.org> | 2019-02-17 17:00:40 +0100 |
---|---|---|
committer | Matthieu Saulnier <fantom@fedoraproject.org> | 2019-02-17 17:00:40 +0100 |
commit | c3629a8be52a5a508a80887d1293e7fffb9c45be (patch) | |
tree | bcff459ca4cb30db6c572b1695e0d44d07941317 /roles/common | |
parent | 41eedacd2b2d0a25be93280555c53d28a7bc6060 (diff) | |
download | playbooks-ansible-c3629a8be52a5a508a80887d1293e7fffb9c45be.tar.gz playbooks-ansible-c3629a8be52a5a508a80887d1293e7fffb9c45be.tar.xz playbooks-ansible-c3629a8be52a5a508a80887d1293e7fffb9c45be.zip |
Minor changes:
remove meta which was false
add http header in caddyfile
update keys and certificates version
add authority certification informations in dns zone files
Diffstat (limited to 'roles/common')
-rw-r--r-- | roles/common/meta/main.yml | 1 | ||||
-rw-r--r-- | roles/common/meta/ssh.yml | 4 | ||||
-rw-r--r-- | roles/common/tasks/ca.yml | 11 | ||||
-rw-r--r-- | roles/common/tasks/ssh.yml | 4 |
4 files changed, 8 insertions, 12 deletions
diff --git a/roles/common/meta/main.yml b/roles/common/meta/main.yml deleted file mode 100644 index 0154c4f..0000000 --- a/roles/common/meta/main.yml +++ /dev/null @@ -1 +0,0 @@ -- import_tasks: ssh.yml diff --git a/roles/common/meta/ssh.yml b/roles/common/meta/ssh.yml deleted file mode 100644 index 0105595..0000000 --- a/roles/common/meta/ssh.yml +++ /dev/null @@ -1,4 +0,0 @@ -- name: restart sshd - service: - name: sshd - state: restarted diff --git a/roles/common/tasks/ca.yml b/roles/common/tasks/ca.yml index 72f1730..74bde08 100644 --- a/roles/common/tasks/ca.yml +++ b/roles/common/tasks/ca.yml @@ -3,15 +3,16 @@ src: root.pem dest: /etc/pki/ca-trust/source/anchors/root.pem mode: 0444 + register: cafile -- name: Installation de l'autorité de certification CACert - copy: - src: cacert.pem - dest: /etc/pki/ca-trust/source/anchors/cacert.pem - mode: 0444 +- name: Désinstallation de l'autorité de certification CACert + file: + path: /etc/pki/ca-trust/source/anchors/cacert.pem + state: absent - name: Mise à jour de la base de confiance CA command: /usr/bin/update-ca-trust + when: cafile is changed - name: Installation CA personnel pour applis serveur copy: diff --git a/roles/common/tasks/ssh.yml b/roles/common/tasks/ssh.yml index ae301cd..a12bc7c 100644 --- a/roles/common/tasks/ssh.yml +++ b/roles/common/tasks/ssh.yml @@ -5,7 +5,7 @@ backrefs: yes regexp: "^PasswordAuthentication yes" line: "PasswordAuthentication no" - meta: restart sshd + # never restart ssh daemon during the run - name: Décommenter option par défaut lineinfile: @@ -14,7 +14,7 @@ backrefs: yes regexp: "^#PermitRootLogin yes" line: "PermitRootLogin yes" - meta: restart sshd + # never restart ssh daemon during the run - name: Ouverture du port ssh secondaire firewalld: |