--- # Basic system configuration. All hardening should also be imported here. # Use --extra-vars="host=..." and specify a hostname in the inventory or # provide an ansible host group name. You can also just use "all" if you # want to ensure all systems are up to date on the configuration. - name: Configure system hosts: "{{ host|default('all') }}" become: true # This is to try to avoid the handler issue in pre/post tasks handlers: - name: Import handleers ansible.builtin.import_tasks: handlers/main.yml pre_tasks: - name: Check if ansible cannot be run here ansible.builtin.stat: path: /etc/no-ansible register: no_ansible - name: Verify if we can run ansible ansible.builtin.assert: that: - "not no_ansible.stat.exists" success_msg: "We are able to run on this node" fail_msg: "/etc/no-ansible exists - skipping run on this node" tasks: - name: Loading Variables from OS Common ansible.builtin.import_tasks: tasks/variable_loader_common.yml - name: Configure SSH ansible.builtin.import_tasks: tasks/ssh_config.yml - name: Configure harden settings ansible.builtin.import_tasks: tasks/harden.yml - name: Configure PAM ansible.builtin.import_tasks: tasks/authentication.yml - name: Configure auditd ansible.builtin.import_tasks: tasks/auditd.yml - name: Configure grub ansible.builtin.import_tasks: tasks/grub.yml - name: Configure common scripts ansible.builtin.import_tasks: tasks/scripts.yml - name: Configure motd and banners ansible.builtin.import_tasks: tasks/banners.yml - name: Configure common skel items ansible.builtin.import_tasks: tasks/skel.yml - name: Configure syslog ansible.builtin.import_tasks: tasks/syslog.yml - name: Configure tlog for secure systems import_tasks: tasks/tlog.yml when: "'secureboot' in group_names" post_tasks: - name: Touching run file that ansible has ran here ansible.builtin.file: path: /var/log/ansible.run state: touch mode: '0644' owner: root group: root ...