57 lines
1.2 KiB
YAML
Executable File
57 lines
1.2 KiB
YAML
Executable File
---
|
|
- name: Set default firewalld zone to home
|
|
command:
|
|
cmd: firewall-cmd --set-default-zone=home
|
|
|
|
- name: Change interface to home zone
|
|
command:
|
|
cmd: firewall-cmd --zone=home --change-interface={{ network_interface }}
|
|
|
|
- name: Add allowed services to home zone
|
|
firewalld:
|
|
service: "{{ item }}"
|
|
zone: home
|
|
permanent: yes
|
|
state: enabled
|
|
loop: "{{ allowed_services }}"
|
|
|
|
- name: Enable logging for denied packets
|
|
command:
|
|
cmd: firewall-cmd --set-log-denied=all
|
|
|
|
- name: Reload firewalld
|
|
systemd:
|
|
name: firewalld
|
|
state: reloaded
|
|
|
|
- name: Ensure SELinux is enabled and in enforcing mode
|
|
selinux:
|
|
policy: targeted
|
|
state: enforcing
|
|
|
|
- name: Set SELinux to enforcing in config file
|
|
replace:
|
|
path: /etc/selinux/config
|
|
regexp: '^SELINUX=.*'
|
|
replace: 'SELINUX=enforcing'
|
|
|
|
- name: Install dnf-automatic for automatic security updates
|
|
package:
|
|
name: dnf-automatic
|
|
state: present
|
|
|
|
- name: Configure dnf-automatic
|
|
template:
|
|
src: dnf-automatic.conf.j2
|
|
dest: /etc/dnf/automatic.conf
|
|
owner: root
|
|
group: root
|
|
mode: '0644'
|
|
|
|
- name: Enable and start dnf-automatic timer
|
|
systemd:
|
|
name: dnf-automatic.timer
|
|
enabled: true
|
|
state: started
|
|
|