intial commit

2026-02-13 22:32:03 +01:00
commit b429c06308
13 changed files with 223 additions and 0 deletions
--- a/playbooks/example.yml
+++ b/playbooks/example.yml
@@ -0,0 +1,9 @@
+- name: My first play
+  hosts: all
+  tasks:
+    - name: Ping my hosts
+      ansible.builtin.ping:
+
+    - name: Print message
+      ansible.builtin.debug:
+        msg: Hello World
--- a/playbooks/harden.yml
+++ b/playbooks/harden.yml
@@ -0,0 +1,4 @@
+- hosts: strato3
+  become: true
+  roles: 
+    - name: devsec.hardening.os_hardening
--- a/playbooks/setup_server.yml
+++ b/playbooks/setup_server.yml
@@ -0,0 +1,16 @@
+- name: Setup new server
+  hosts: all  
+  become: true
+  gather_facts: false
+
+  pre_tasks:
+    - name: Ensure that limit is provided 
+      assert:
+        that:
+          - ansible_limit is defined 
+        fail_msg: "You must limit the hosts (ansible-playbook setup_server.yml -i inventory.yml --limit host1)"
+
+  roles: 
+    - name: devsec.hardening.os_hardening
+    - name: checkmk.general.agent
+
--- a/playbooks/update.yml
+++ b/playbooks/update.yml
@@ -0,0 +1,62 @@
+---
+- name: Update all servers (FreeBSD, Rocky9, Debian)
+  hosts: all
+  become: yes
+  gather_facts: yes
+
+  tasks:
+
+    ##################################################
+    # Debian / Ubuntu
+    ##################################################
+    - name: Update package cache (Debian/Ubuntu)
+      apt:
+        update_cache: yes
+      when: ansible_facts['os_family'] == "Debian"
+
+    - name: Upgrade all packages (Debian/Ubuntu)
+      apt:
+        upgrade: dist
+      register: debian_update
+      when: ansible_facts['os_family'] == "Debian"
+
+    - name: Reboot Debian only if packages changed
+      reboot:
+      when:
+        - ansible_facts['os_family'] == "Debian"
+        - debian_update is defined
+        - debian_update.changed
+
+    ##################################################
+    # Rocky 9 / RHEL family (uses DNF)
+    ##################################################
+    - name: Upgrade all packages (RHEL/Rocky)
+      dnf:
+        name: "*"
+        state: latest
+      register: rhel_updates
+      when: ansible_facts['os_family'] == "RedHat"
+
+    - name: Reboot RHEL only if packages changed
+      reboot:
+      when:
+        - ansible_facts['os_family'] == "RedHat"
+        - rhel_update is defined
+        - rhel_update.changed
+
+    ##################################################
+    # FreeBSD
+    ##################################################
+    - name: Upgrade all packages and refresh repo cache (FreeBSD)
+      community.general.pkgng:
+        name: "*"
+        state: latest
+      register: freebsd_update
+      when: ansible_facts['os_family'] == "FreeBSD"
+
+    - name: Reboot FreeBSD only if packages changed
+      reboot:
+      when:
+        - ansible_facts['os_family'] == "FreeBSD"
+        - freebsd_update is defined
+        - freebsd_update.changed