Fix pip installation and SSH ciphers used
This commit is contained in:
parent
3b4e630408
commit
cb35692e1a
|
@ -3,17 +3,10 @@
|
|||
package: name=nginx state=present
|
||||
tags: nginx
|
||||
|
||||
- name: Install Pip (Ubuntu)
|
||||
- name: Install Pip
|
||||
package:
|
||||
name: "python3-pip"
|
||||
name: "{{ (ansible_python_interpreter | default ('python')).split('/')[-1] }}-pip"
|
||||
state: present
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Install Pip (CentOS)
|
||||
package:
|
||||
name: "python-pip"
|
||||
state: present
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Ensure OpenSSL dependencies are installed (Ubuntu)
|
||||
package:
|
||||
|
@ -37,18 +30,11 @@
|
|||
- python-devel
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Install pyOpenSSL (Ubuntu).
|
||||
- name: Install pyOpenSSL
|
||||
pip:
|
||||
executable: pip3
|
||||
executable: "{{ ansible_pip | default('pip') }}"
|
||||
name: pyOpenSSL
|
||||
state: present
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Install pyOpenSSL (Centos).
|
||||
pip:
|
||||
name: pyOpenSSL
|
||||
state: present
|
||||
when: ansible_os_family == "RedHat"
|
||||
|
||||
- name: Create directory for nginx SSL certificates
|
||||
file: path=/etc/nginx/ssl state=directory mode=0755
|
||||
|
@ -65,11 +51,15 @@
|
|||
size: 4096
|
||||
when: not cert_file_check.stat.exists
|
||||
|
||||
- name: Get public IP
|
||||
ipify_facts:
|
||||
register: public_ip
|
||||
|
||||
- name: Generate SSL certificate request
|
||||
openssl_csr:
|
||||
path: /etc/nginx/ssl/server.csr
|
||||
privatekey_path: /etc/nginx/ssl/server.key
|
||||
common_name: "{{ ansible_host }}"
|
||||
common_name: "{{ public_ip }}"
|
||||
when: not cert_file_check.stat.exists
|
||||
|
||||
- name: Generate self-signed SSL certificate
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
path: /etc/ssh/sshd_config
|
||||
insertafter: '^ServerKeyBits'
|
||||
content: |
|
||||
Ciphers aes256-ctr,aes192-ctr,aes128-ctr
|
||||
MACs hmac-sha1,hmac-ripemd160
|
||||
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
|
||||
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
|
||||
notify:
|
||||
- restart sshd
|
||||
|
||||
|
|
Loading…
Reference in New Issue