diff options
| author | spmfox <spmfox@foxwd.com> | 2025-04-24 00:59:53 -0400 |
|---|---|---|
| committer | spmfox <spmfox@foxwd.com> | 2025-04-24 00:59:53 -0400 |
| commit | adb98c88eb55b6de519b44eba590e7308f3b7ac9 (patch) | |
| tree | 6ccd191e5c706f2ab69a6583b8e72484bb86562f | |
| parent | 87a216322a8a858b35ffb1a426ebbadc1395c0df (diff) | |
Tweaked host logic order, reverted some handlers back - they need to run before user is created
| -rw-r--r-- | roles/host/handlers/main.yml | 7 | ||||
| -rw-r--r-- | roles/host/tasks/main.yml | 16 | ||||
| -rw-r--r-- | roles/host/tasks/systemd-user-network-check.yml | 7 | ||||
| -rw-r--r-- | roles/host/tasks/unprivileged-port.yml | 7 |
4 files changed, 19 insertions, 18 deletions
diff --git a/roles/host/handlers/main.yml b/roles/host/handlers/main.yml index 501bfeb..be0a24f 100644 --- a/roles/host/handlers/main.yml +++ b/roles/host/handlers/main.yml @@ -2,10 +2,3 @@ ansible.builtin.service: name: "sshd" state: "restarted" - -- name: Reload systemd daemon - ansible.builtin.systemd_service: - daemon_reload: true - -- name: Reload sysctl - ansible.builtin.shell: "sysctl -p /etc/sysctl.d/50-UnprivilegedPort.conf" diff --git a/roles/host/tasks/main.yml b/roles/host/tasks/main.yml index 20fc54d..f1eeb48 100644 --- a/roles/host/tasks/main.yml +++ b/roles/host/tasks/main.yml @@ -9,25 +9,25 @@ - ansible.builtin.import_tasks: packages.yml +- ansible.builtin.import_tasks: unprivileged-port.yml + when: host_unprivileged_port_start is defined + +- ansible.builtin.import_tasks: systemd-user-network-check.yml + - ansible.builtin.import_tasks: user.yml - ansible.builtin.import_tasks: linger.yml - ansible.builtin.import_tasks: shell-helper.yml -- ansible.builtin.import_tasks: systemd-user-network-check.yml - -- ansible.builtin.import_tasks: firewall.yml - when: host_firewall is defined - -- ansible.builtin.import_tasks: unprivileged-port.yml - when: host_unprivileged_port_start is defined - - ansible.builtin.import_tasks: patching.yml when: host_patching | bool - ansible.builtin.import_tasks: ssh-harden.yml when: host_ssh_harden | bool +- ansible.builtin.import_tasks: firewall.yml + when: host_firewall is defined + - ansible.builtin.import_tasks: cpanel-dnsonly.yml when: host_cpanel_installed | bool diff --git a/roles/host/tasks/systemd-user-network-check.yml b/roles/host/tasks/systemd-user-network-check.yml index c1bc290..0b87e85 100644 --- a/roles/host/tasks/systemd-user-network-check.yml +++ b/roles/host/tasks/systemd-user-network-check.yml @@ -6,4 +6,9 @@ ansible.builtin.copy: src: "check-network-online.service" dest: "/etc/systemd/user/check-network-online.service" - notify: Reload systemd daemon + register: systemd + +- name: Reload systemd daemon + ansible.builtin.systemd_service: + daemon_reload: true + when: systemd.changed diff --git a/roles/host/tasks/unprivileged-port.yml b/roles/host/tasks/unprivileged-port.yml index 69a21f4..c724e49 100644 --- a/roles/host/tasks/unprivileged-port.yml +++ b/roles/host/tasks/unprivileged-port.yml @@ -4,5 +4,8 @@ regexp: "^net.ipv4.ip_unprivileged_port_start=" line: "net.ipv4.ip_unprivileged_port_start={{ host_unprivileged_port_start }}" create: true - notify: - - Reload sysctl + register: sysctl + +- name: Reload sysctl + ansible.builtin.shell: "sysctl -p /etc/sysctl.d/50-UnprivilegedPort.conf" + when: sysctl.changed |