ichikawayukko / ansibleplaybook_yuriko_co_nz Goto Github PK
View Code? Open in Web Editor NEWAnsible playbook & server config of yuriko.co.nz ぼくのかんがえたさいきょうのサーバ設定!
Home Page: https://yuriko.co.nz
License: MIT License
ansibleplaybook_yuriko_co_nz's People
Watchers
ansibleplaybook_yuriko_co_nz's Issues
Add S3 backup (full backup)
Only upload full backup to S3.
Diff backups are to OpenStack Swift
Auto delete old diff backups.
add screenfetch playbook
install screenfetch
Make extend command history size playbook
- name: extend cmd history size
replace: >-
dest='/etc/profile'
regexp='HISTSIZE=1000$'
replace='HISTSIZE=100000\nHISTTIMEFORMAT=\'%Y/%m/%d %H:%M:%S \''
backup=yes
Implement strong sshd cipher suites.
like...
HostKey /etc/ssh/ssh_host_ecdsa_key
Ciphers [email protected],[email protected],aes256-ctr
HostKeyAlgorithms ecdsa-sha2-nistp521
KexAlgorithms [email protected],ecdh-sha2-nistp521,ecdh-sha2-nistp384
MACs [email protected],[email protected],[email protected],hmac-sha2-512
SyslogFacility AUTHPRIV
PermitRootLogin yes
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
ChallengeResponseAuthentication no
ChallengeResponseAuthentication no
GSSAPIAuthentication no
GSSAPICleanupCredentials no
UsePAM yes
X11Forwarding yes
UsePrivilegeSeparation sandbox # Default for new installations.
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS
Subsystem sftp /usr/libexec/openssh/sftp-server
(from old server)
Save iptables rules to file
See last line of tasks/firewall.yml
add iptables chain default policy
Assert filesystem configuration
Assert results of lvdisplay, vgdisplay, pvdisplay, parted -l or parted Ansible module.
Add crontab confirmation
alias crontab='crontab -i'
Add development server
NOT forced idempotency in tasks/basic-services.yml (logrotate.conf)
add yum-cron playbook
Add docker-compose.yml of Web and IP sec server
Place file to /opt/docker
add mosh playbook
MobileShell configuring playbook
Add auditd playbook (for command execution auditing)
[bug] iptables playbook doesn't work well
tasks/firewall.yml
require firewall rule definition.
add root mail transfer playbook
/etc/aliases ?
add logrotate playbook
keep logs 52 weeks
NOT well applied "apply_updates = yes" flag (yum-cron)
Use Ansible Role
Activate Serial Console
Add accessibility from ConoHa's serial console screen.
Set PermitRootLogin no (sshd)
add docker IPv6 configure playbook
daemon ipv6 config
add sudoers playbook
or pam wheel
- name: su only wheel group users
replace: >-
dest='/etc/pam.d/su'
regexp='#auth\t\trequired\tpam_wheel.so use_uid'
replace='auth\t\trequired\tpam_wheel.so use_uid'
backup=yes
Add Battlefield Vietnam firewall rule
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.