[First commit with podman setup]

hardening-linux.yml

@@ -1,11 +1,34 @@
-- hosts: all
+- hosts: localtest
+  #! Need first setup with root access user
   become: true
-  roles:
-    # #! need change for iphone ssh access
-    # - name: devsec.hardening.ssh_hardening
-    # #! be carefull 
-    # - name: devsec.hardening.os_hardening
+  pre_tasks:
+    - ansible.builtin.apt:
+        update_cache: yes
 
-# - community.general.ufw:
-#     state: enabled
-#     policy: allow
+    - ansible.builtin.apt:
+        name: "*"
+        state: latest
+
+    - ansible.builtin.apt:
+        upgrade: safe
+
+    - ansible.builtin.apt:
+        clean: yes
+
+    - ansible.builtin.apt:
+        name: "{{ item }}"
+        state: latest
+      loop: "{{ package_repo }}"
+      when: package_repo is defined
+
+    - ansible.builtin.pip:
+        name: "{{ item }}"
+      loop: "{{ package_pip }}"
+      when: package_pip is defined
+
+  roles:
+    - name: singleplatform-eng.users
+    - name: linux-system-roles.sudo
+    - name: devsec.hardening.ssh_hardening
+    - name: devsec.hardening.os_hardening
+    - name: geerlingguy.firewall