-
Notifications
You must be signed in to change notification settings - Fork 96
/
build.yml
46 lines (46 loc) · 1.1 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
---
- name: Tasks for "jenkins" hosts
hosts: build
become: true
vars:
hostname: build.galaxyproject.eu
vars_files:
- "secret_group_vars/jenkins.yml"
- "secret_group_vars/all.yml"
pre_tasks:
- name: Install Dependencies
package:
enablerepo: crb
name: ["policycoreutils-python-utils", "python3-wheel-wheel"]
become: true
- name: permit traffic in default zone for http and https service
ansible.posix.firewalld:
service: "{{ item }}"
permanent: true
state: enabled
loop:
- http
- https
collections:
- devsec.hardening
roles:
- hostname
- usegalaxy-eu.dynmotd
- geerlingguy.repo-epel
- hxr.admin-tools
- influxdata.chrony
- hxr.monitor-email
- usegalaxy-eu.autoupdates
- galaxyproject.nginx
- ssh-host-sign
# - hxr.autofs-format-n-mount
# CUSTOM
- geerlingguy.java
- geerlingguy.jenkins
- usegalaxy-eu.jenkins-ssh-key
## END CUSTOM
- dj-wasabi.telegraf
- galaxyproject.miniconda
- os_hardening
# - nginx_hardening
- ssh_hardening