diff options
| -rw-r--r-- | roles/common/tasks/apt.yml | 3 | ||||
| -rw-r--r-- | roles/common/tasks/fail2ban.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/hosts.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/ipsec.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/rkhunter.yml | 2 | ||||
| -rw-r--r-- | roles/common/tasks/samhain.yml | 2 |
6 files changed, 13 insertions, 0 deletions
diff --git a/roles/common/tasks/apt.yml b/roles/common/tasks/apt.yml index 030709b..d172384 100644 --- a/roles/common/tasks/apt.yml +++ b/roles/common/tasks/apt.yml @@ -22,20 +22,23 @@ with_items: - sources.list - preferences notify: - apt-get update - name: Configure APT (2) copy: src=etc/apt/{{ item }} dest=/etc/apt/{{ item }} owner=root group=root mode=0644 with_items: - listchanges.conf - apt.conf.d/10periodic - apt.conf.d/50unattended-upgrades - name: Start cron service: name=cron state=started tags: - cron + +# We should run 'apt-get update' before proceeding to any other task. +- meta: flush_handlers diff --git a/roles/common/tasks/fail2ban.yml b/roles/common/tasks/fail2ban.yml index ccfeaa6..3c13d8c 100644 --- a/roles/common/tasks/fail2ban.yml +++ b/roles/common/tasks/fail2ban.yml @@ -1,13 +1,15 @@ - name: Install fail2ban apt: pkg=fail2ban - name: Configure fail2ban template: src=etc/fail2ban/jail.local.j2 dest=/etc/fail2ban/jail.local owner=root group=root mode=0644 notify: - Restart fail2ban - name: Start fail2ban service: name=fail2ban state=started + +- meta: flush_handlers diff --git a/roles/common/tasks/hosts.yml b/roles/common/tasks/hosts.yml index 18ccfd9..f818635 100644 --- a/roles/common/tasks/hosts.yml +++ b/roles/common/tasks/hosts.yml @@ -8,20 +8,22 @@ - Refresh hostname - name: Set mailname template: src=etc/mailname.j2 dest=/etc/mailname owner=root group=root mode=0644 tags: mailname - name: Fix /etc/hosts (1) lineinfile: dest=/etc/hosts create=yes regexp="^127\.0\.0\.1\s+" line="127.0.0.1 localhost" tags: hosts - name: Fix /etc/hosts (2) lineinfile: dest=/etc/hosts create=yes regexp="^127\.0\.1\.1\s+" line="127.0.1.1 {{ inventory_hostname }} {{ inventory_hostname_short }}" tags: hosts + +- meta: flush_handlers diff --git a/roles/common/tasks/ipsec.yml b/roles/common/tasks/ipsec.yml index 2196728..1f33946 100644 --- a/roles/common/tasks/ipsec.yml +++ b/roles/common/tasks/ipsec.yml @@ -39,20 +39,22 @@ - Restart IPSec - name: Start IPSec service: name=ipsec state=started - name: Auto-create a dedicated interface for IPSec copy: src=etc/network/if-up.d/ipsec dest=/etc/network/if-up.d/ipsec owner=root group=root mode=0755 notify: - Reload networking # XXX: As of 1.3.1 ansible doesn't accept relative src. # See https://github.com/ansible/ansible/issues/4459 - name: Auto-deactivate the dedicated interface for IPSec file: #src=../if-up.d/ipsec src=/etc/network/if-up.d/ipsec dest=/etc/network/if-down.d/ipsec owner=root group=root state=link + +- meta: flush_handlers diff --git a/roles/common/tasks/rkhunter.yml b/roles/common/tasks/rkhunter.yml index 144430e..f6a4d71 100644 --- a/roles/common/tasks/rkhunter.yml +++ b/roles/common/tasks/rkhunter.yml @@ -3,20 +3,22 @@ with_items: - rkhunter - curl - iproute - lsof - unhide - unhide.rb - name: Configure rkhunter copy: src=etc/{{ item }} dest=/etc/{{ item }} owner=root group=root mode=0644 with_items: - rkhunter.conf - default/rkhunter notify: # This might not always be necessary, but it's not like we would # change the config every day... - Update rkhunter's data file + +- meta: flush_handlers diff --git a/roles/common/tasks/samhain.yml b/roles/common/tasks/samhain.yml index 90ea754..cbc0b5e 100644 --- a/roles/common/tasks/samhain.yml +++ b/roles/common/tasks/samhain.yml @@ -1,20 +1,22 @@ - name: Install samhain apt: pkg=samhain # XXX: Doesn't work out of the box, see #660197. # If this is the first installation, you may want to start with a fresh database # sudo service samhain stop # sudo rm /var/state/samhain/samhain_file # sudo samhain -t init -p warn # sudo service samhain start # sudo samhain -t update -l none - name: Configure samhain copy: src=etc/samhain/samhainrc dest=/etc/samhain/samhainrc owner=root group=root mode=0644 notify: - Reload samhain - name: Start samhain service: name=samhain state=started + +- meta: flush_handlers |