-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathplaybook.yml
119 lines (106 loc) · 2.47 KB
/
playbook.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
---
- name: Import AWS playbook
ansible.builtin.import_playbook: aws.yml
- name: Import cyhy user creation playbook
ansible.builtin.import_playbook: create_cyhy_user.yml
- hosts: all
name: Add a banner, persist journald, install ClamAV, and setup dev team ssh
become: yes
become_method: sudo
roles:
- banner
- persist_journald
- clamav
- dev_ssh_access
# The bastion should have as little installed as possible, since it's
# exposed to the cruel world
- hosts: all:!bastion
name: Install htop
become: yes
become_method: sudo
roles:
- htop
- hosts: nmap
name: Install nmap
become: yes
become_method: sudo
roles:
- cyhy_runner
- nmap
- more_ephemeral_ports
- hosts: mongo
name: Install and configure MongoDB and xfsprogs
become: yes
become_method: sudo
roles:
- xfs
- mongo
- cyhy_feeds
- hosts: nessus
name: Install and configure Nessus
become: yes
become_method: sudo
roles:
- cyhy_runner
- role: nessus
vars:
package_bucket: ncats-3rd-party-packages
version: "10.5.1"
- more_ephemeral_ports
- hosts: bod
name: Configure host for BOD 18-01 scanning and reporting
become: yes
become_method: sudo
roles:
- xfs
- orchestrator
- vdp_scanner
- cyhy_mailer
- hosts: code_gov
name: Configure host for code.gov updating
become: yes
become_method: sudo
roles:
- code_gov_update
- hosts: client_cert
name: Configure host for client cert auth updating
become: yes
become_method: sudo
roles:
- client_cert_update
- hosts: cyhy_commander
name: Install and configure cyhy-commander
become: yes
become_method: sudo
roles:
- cyhy_commander
vars:
maxmind_license_key: "{{ lookup('aws_ssm', '/cyhy/core/geoip/license_key') }}"
- hosts: cyhy_reporter
name: Install and configure cyhy-reports
become: yes
become_method: sudo
roles:
- xfs
- cyhy_reports
- cyhy_mailer
vars:
maxmind_license_key: "{{ lookup('aws_ssm', '/cyhy/core/geoip/license_key') }}"
- hosts: cyhy_dashboard
name: Install and configure cyhy-dashboard
become: yes
become_method: sudo
roles:
- ncats_webd
- ncats_webui
- docker
vars:
maxmind_license_key: "{{ lookup('aws_ssm', '/cyhy/core/geoip/license_key') }}"
- hosts: cyhy_archive
name: Install cyhy-archive helper script
become: yes
become_method: sudo
roles:
- cyhy_archive
vars:
maxmind_license_key: "{{ lookup('aws_ssm', '/cyhy/core/geoip/license_key') }}"