init
This commit is contained in:
commit
9d7c62684f
25
README.md
Normal file
25
README.md
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
# Ansible playbooks to setup servers
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
```
|
||||||
|
ansible-galaxy install -r requirements.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
## Roles
|
||||||
|
|
||||||
|
Basic server setup:
|
||||||
|
|
||||||
|
- `hostname` Set hostname, FQDN.
|
||||||
|
- `tz` Set TZ `Europe/Moscow`.
|
||||||
|
- `locale` Generate and set locale `en_US.utf-8`.
|
||||||
|
- `packages` Install admin tools e.g. vim, tree, etc.
|
||||||
|
- `dotfiles` Add dotfiles for root and /etc/skel.
|
||||||
|
- `motd` Modify MOTD.
|
||||||
|
- `ufw` Enable UFW, allow OpenSSH rule.
|
||||||
|
- `sshd` Disable SSH authentication via passwords.
|
||||||
|
|
||||||
|
Other:
|
||||||
|
|
||||||
|
- `avahi` Install and configure Avahi daemon for mDNS.
|
||||||
|
- `docker` Install Docker Engine.
|
4
ansible.cfg
Normal file
4
ansible.cfg
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
[defaults]
|
||||||
|
host_key_checking = false
|
||||||
|
inventory = ./inventory.yaml
|
||||||
|
roles_path = ./roles/
|
35
inventory.yaml
Normal file
35
inventory.yaml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
all:
|
||||||
|
vars:
|
||||||
|
architectures:
|
||||||
|
x86_64: amd64
|
||||||
|
aarch64: arm64
|
||||||
|
armv7l: armhf
|
||||||
|
children:
|
||||||
|
external:
|
||||||
|
hosts:
|
||||||
|
mainframe:
|
||||||
|
server_hostname: mainframe
|
||||||
|
server_fqdn: mainframe.phreepunk.network
|
||||||
|
ansible_host: 147.45.233.134
|
||||||
|
ansible_user: root
|
||||||
|
ansible_ssh_private_key_file: /home/ge/.ssh/id_ed25519
|
||||||
|
internal:
|
||||||
|
hosts:
|
||||||
|
opipcplus:
|
||||||
|
server_hostname: opipcplus
|
||||||
|
server_fqdn: opipcplus.local
|
||||||
|
ansible_host: 192.168.3.8
|
||||||
|
ansible_user: root
|
||||||
|
ansible_ssh_private_key_file: /home/ge/.ssh/id_ed25519
|
||||||
|
opi3b:
|
||||||
|
server_hostname: opi3b
|
||||||
|
server_fqdn: opi3b.local
|
||||||
|
ansible_host: 192.168.3.6
|
||||||
|
ansible_user: root
|
||||||
|
ansible_ssh_private_key_file: /home/ge/.ssh/id_ed25519
|
||||||
|
pnx:
|
||||||
|
server_hostname: pnx
|
||||||
|
server_fqdn: pnx.local
|
||||||
|
ansible_host: 192.168.3.128
|
||||||
|
ansible_user: root
|
||||||
|
ansible_ssh_private_key_file: /home/ge/.ssh/id_ed25519
|
8
playbooks/base.yaml
Normal file
8
playbooks/base.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
- hosts: all
|
||||||
|
roles:
|
||||||
|
- hostname
|
||||||
|
- tz
|
||||||
|
- locale
|
||||||
|
- motd
|
||||||
|
- dotfiles
|
||||||
|
- packages
|
6
playbooks/external.yaml
Normal file
6
playbooks/external.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
- hosts: external
|
||||||
|
roles:
|
||||||
|
- sshd
|
||||||
|
- ufw
|
||||||
|
- role: docker
|
||||||
|
when: server_hostname in ['mainframe']
|
5
playbooks/internal.yaml
Normal file
5
playbooks/internal.yaml
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
- hosts: internal
|
||||||
|
roles:
|
||||||
|
- avahi
|
||||||
|
- role: docker
|
||||||
|
when: server_hostname != 'pnx'
|
3
playbooks/master.yaml
Normal file
3
playbooks/master.yaml
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
- import_playbook: base.yaml
|
||||||
|
- import_playbook: internal.yaml
|
||||||
|
- import_playbook: external.yaml
|
2
requirements.yaml
Normal file
2
requirements.yaml
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
collections:
|
||||||
|
- name: community.general
|
13
roles/avahi/files/nsswitch.conf
Normal file
13
roles/avahi/files/nsswitch.conf
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# Ansible managed
|
||||||
|
|
||||||
|
passwd: files
|
||||||
|
group: files
|
||||||
|
shadow: files
|
||||||
|
gshadow: files
|
||||||
|
hosts: files mdns4_minimal [NOTFOUND=return] dns
|
||||||
|
networks: files
|
||||||
|
protocols: db files
|
||||||
|
services: db files
|
||||||
|
ethers: db files
|
||||||
|
rpc: db files
|
||||||
|
netgroup: nis
|
9
roles/avahi/handlers/main.yaml
Normal file
9
roles/avahi/handlers/main.yaml
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
- name: Restart Avahi Daemon
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: avahi-daemon
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
- name: Autoremove and autoclean packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
autoremove: yes
|
||||||
|
autoclean: yes
|
30
roles/avahi/tasks/main.yaml
Normal file
30
roles/avahi/tasks/main.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
- name: Populate service facts
|
||||||
|
ansible.builtin.service_facts:
|
||||||
|
|
||||||
|
- name: Stop and disable systemd-resolved
|
||||||
|
ansible.builtin.systemd:
|
||||||
|
name: systemd-resolved
|
||||||
|
state: stopped
|
||||||
|
enabled: false
|
||||||
|
when: "'systemd-resolved' in services"
|
||||||
|
|
||||||
|
- name: Install Avahi Daemon and helpers
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: latest
|
||||||
|
update_cache: yes
|
||||||
|
install_recommends: no
|
||||||
|
with_items:
|
||||||
|
- avahi-daemon
|
||||||
|
- avahi-utils
|
||||||
|
- libnss-mdns
|
||||||
|
notify: Autoremove and autoclean packages
|
||||||
|
|
||||||
|
- name: Configure /etc/nsswitch.conf
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: nsswitch.conf
|
||||||
|
dest: /etc/nsswitch.conf
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: Restart Avahi Daemon
|
4
roles/docker/handlers/main.yaml
Normal file
4
roles/docker/handlers/main.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
- name: Autoremove and autoclean packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
autoremove: yes
|
||||||
|
autoclean: yes
|
46
roles/docker/tasks/main.yaml
Normal file
46
roles/docker/tasks/main.yaml
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
- name: Check and install prerequisites
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: latest
|
||||||
|
update_cache: yes
|
||||||
|
install_recommends: no
|
||||||
|
with_items:
|
||||||
|
- ca-certificates
|
||||||
|
- curl
|
||||||
|
- gnupg
|
||||||
|
- lsb-release
|
||||||
|
|
||||||
|
- name: Add Docker repository
|
||||||
|
block:
|
||||||
|
- name: Make APT keyrings dir
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/apt/keyrings
|
||||||
|
state: directory
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Add Docker APT key
|
||||||
|
ansible.builtin.get_url:
|
||||||
|
url: "https://download.docker.com/linux/debian/gpg"
|
||||||
|
dest: /etc/apt/keyrings/docker.asc
|
||||||
|
|
||||||
|
- name: Add Docker APT list
|
||||||
|
ansible.builtin.apt_repository:
|
||||||
|
repo: "deb [arch={{ architectures[ansible_architecture] }} signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
|
||||||
|
filename: docker
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Install Docker Engine
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: latest
|
||||||
|
update_cache: yes
|
||||||
|
install_recommends: no
|
||||||
|
with_items:
|
||||||
|
- docker-ce
|
||||||
|
- docker-ce-cli
|
||||||
|
- containerd.io
|
||||||
|
- docker-buildx-plugin
|
||||||
|
- docker-compose-plugin
|
||||||
|
notify: Autoremove and autoclean packages
|
3
roles/dotfiles/files/dot.bash_profile
Normal file
3
roles/dotfiles/files/dot.bash_profile
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# Ansible managed
|
||||||
|
|
||||||
|
[ -f ~/.bashrc ] && . ~/.bashrc
|
31
roles/dotfiles/files/dot.bashrc
Normal file
31
roles/dotfiles/files/dot.bashrc
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
# Ansible managed
|
||||||
|
|
||||||
|
[ -f ~/.profile ] && . ~/.profile
|
||||||
|
|
||||||
|
[ -f ~/.profile.extra ] && . ~/.profile.extra
|
||||||
|
|
||||||
|
alias grep='grep --color=auto'
|
||||||
|
alias diff='diff --color=auto'
|
||||||
|
alias ls='ls -F --color=auto'
|
||||||
|
alias l='ls -hl'
|
||||||
|
alias ll='ls -alh'
|
||||||
|
alias tree='tree -F'
|
||||||
|
alias qq='history -c; exit'
|
||||||
|
|
||||||
|
shopt -s autocd
|
||||||
|
shopt -s histappend
|
||||||
|
|
||||||
|
HISTCONTROL=ignoreboth
|
||||||
|
HISTSIZE=20000
|
||||||
|
HISTFILESIZE=20000
|
||||||
|
HISTTIMEFORMAT="%d %b %Y %T %z "
|
||||||
|
|
||||||
|
if [ "$EUID" -eq 0 ]; then
|
||||||
|
if [ -f /etc/armbian-release ]; then
|
||||||
|
PS1='\[\033[38;5;208;1m\]\u@\H\[\033[00m\]:\w\[\033[00m\]\$ '
|
||||||
|
else
|
||||||
|
PS1='\[\033[1m\]\u@\H\[\033[00m\]:\w\[\033[00m\]\$ '
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
PS1='\u@\H:\w\$ '
|
||||||
|
fi
|
7
roles/dotfiles/files/dot.profile
Normal file
7
roles/dotfiles/files/dot.profile
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
# Ansible managed
|
||||||
|
|
||||||
|
PATH=$HOME/.local/bin:$PATH
|
||||||
|
EDITOR=vim
|
||||||
|
VISUAL=vim
|
||||||
|
LESS=-R
|
||||||
|
export PATH EDITOR VISUAL LESS
|
5
roles/dotfiles/files/dot.screenrc
Normal file
5
roles/dotfiles/files/dot.screenrc
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# Ansible managed
|
||||||
|
|
||||||
|
startup_message off
|
||||||
|
hardstatus alwayslastline
|
||||||
|
hardstatus string '%S: %-w%>(%n %t)%{-}%+w%<'
|
20
roles/dotfiles/files/dot.vimrc
Normal file
20
roles/dotfiles/files/dot.vimrc
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
" Ansible managed
|
||||||
|
|
||||||
|
colorscheme default
|
||||||
|
filetype plugin on
|
||||||
|
syntax on
|
||||||
|
let python_highlight_all = 1
|
||||||
|
set mouse-=a
|
||||||
|
set tabstop=4
|
||||||
|
set shiftwidth=4
|
||||||
|
set smarttab
|
||||||
|
set expandtab
|
||||||
|
set softtabstop=4
|
||||||
|
set autoindent
|
||||||
|
set listchars=tab:▸\ ,trail:·
|
||||||
|
set list
|
||||||
|
set t_Co=256
|
||||||
|
set enc=utf-8
|
||||||
|
set fenc=utf-8
|
||||||
|
set termencoding=utf-8
|
||||||
|
set modeline
|
26
roles/dotfiles/tasks/main.yaml
Normal file
26
roles/dotfiles/tasks/main.yaml
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
- name: Copy dotfiles
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: "{{ item.src }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
with_items:
|
||||||
|
- { src: 'dot.vimrc', dest: '/etc/skel/.vimrc' }
|
||||||
|
- { src: 'dot.screenrc', dest: '/etc/skel/.screenrc' }
|
||||||
|
- { src: 'dot.profile', dest: '/etc/skel/.profile' }
|
||||||
|
- { src: 'dot.bashrc', dest: '/etc/skel/.bashrc' }
|
||||||
|
- { src: 'dot.bash_profile', dest: '/etc/skel/.bash_profile' }
|
||||||
|
- { src: 'dot.vimrc', dest: '/root/.vimrc' }
|
||||||
|
- { src: 'dot.screenrc', dest: '/root/.screenrc' }
|
||||||
|
- { src: 'dot.profile', dest: '/root/.profile' }
|
||||||
|
- { src: 'dot.bashrc', dest: '/root/.bashrc' }
|
||||||
|
- { src: 'dot.bash_profile', dest: '/root/.bash_profile' }
|
||||||
|
|
||||||
|
- name: Remove unwanted dotfiles
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: absent
|
||||||
|
with_items:
|
||||||
|
- /etc/skel/.bash_logout
|
||||||
|
- /root/resize.log
|
23
roles/hostname/tasks/main.yaml
Normal file
23
roles/hostname/tasks/main.yaml
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
- name: Set a hostname via hostnamectl
|
||||||
|
ansible.builtin.hostname:
|
||||||
|
name: "{{ server_hostname }}"
|
||||||
|
use: systemd
|
||||||
|
when: ansible_virtualization_type == "kvm" or
|
||||||
|
ansible_virtualization_type == "openstack" or
|
||||||
|
ansible_virtualization_type == "NA"
|
||||||
|
|
||||||
|
- name: Set a hostname and FQDN in /etc/hosts
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: hosts
|
||||||
|
dest: /etc/hosts
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
|
||||||
|
- name: Set a hostname in /etc/hostname
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: hostname
|
||||||
|
dest: /etc/hostname
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
1
roles/hostname/templates/hostname
Normal file
1
roles/hostname/templates/hostname
Normal file
@ -0,0 +1 @@
|
|||||||
|
{{ server_hostname }}
|
10
roles/hostname/templates/hosts
Normal file
10
roles/hostname/templates/hosts
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
# Ansible managed
|
||||||
|
|
||||||
|
127.0.0.1 localhost
|
||||||
|
::1 localhost6
|
||||||
|
127.0.0.1 {{ server_fqdn }} {{ server_hostname }}
|
||||||
|
::1 localhost ip6-localhost ip6-loopback
|
||||||
|
fe00::0 ip6-localnet
|
||||||
|
ff02::1 ip6-allnodes
|
||||||
|
ff02::2 ip6-allrouters
|
||||||
|
ff02::3 ip6-allhosts
|
8
roles/locale/tasks/main.yaml
Normal file
8
roles/locale/tasks/main.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
- name: Generate en_US.UTF-8 locale
|
||||||
|
community.general.locale_gen:
|
||||||
|
name: en_US.UTF-8
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Set en_US.UTF-8 as default locale
|
||||||
|
ansible.builtin.command: localectl set-locale LANG=en_US.utf8
|
||||||
|
when: ansible_env.LANG != "en_US.utf8"
|
9
roles/motd/files/motd.cube
Normal file
9
roles/motd/files/motd.cube
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
|
||||||
|
+------+.
|
||||||
|
|`. | `.
|
||||||
|
| `+--+---+
|
||||||
|
| | | |
|
||||||
|
+---+--+. |
|
||||||
|
`. | `.|
|
||||||
|
`+------+
|
||||||
|
|
8
roles/motd/files/motd.orangepi
Normal file
8
roles/motd/files/motd.orangepi
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
____
|
||||||
|
_\\/_/_
|
||||||
|
/ ____ \
|
||||||
|
/ /\ | /\ \
|
||||||
|
| |-|+|-| |
|
||||||
|
\ \/_|_\/ /
|
||||||
|
\_______/
|
||||||
|
|
39
roles/motd/tasks/main.yaml
Normal file
39
roles/motd/tasks/main.yaml
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
- name: Find unwanted motd scripts
|
||||||
|
ansible.builtin.find:
|
||||||
|
paths: /etc/update-motd.d/
|
||||||
|
file_type: any
|
||||||
|
register: collected_files
|
||||||
|
|
||||||
|
- name: Delete unwanted motd scripts
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
state: absent
|
||||||
|
with_items: "{{ collected_files.files }}"
|
||||||
|
|
||||||
|
- name: Remove Debian legal notice (/etc/motd)
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: /etc/motd
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: Detect Armbian
|
||||||
|
ansible.builtin.stat:
|
||||||
|
path: /etc/armbian-release
|
||||||
|
register: armbian
|
||||||
|
|
||||||
|
- name: Add custom /etc/motd for Armbian
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: motd.orangepi
|
||||||
|
dest: /etc/motd
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
when: armbian.stat.exists == True
|
||||||
|
|
||||||
|
- name: Add common custom /etc/motd
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: motd.cube
|
||||||
|
dest: /etc/motd
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0755
|
||||||
|
when: armbian.stat.exists == False
|
4
roles/packages/handlers/main.yaml
Normal file
4
roles/packages/handlers/main.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
- name: Autoremove and autoclean packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
autoremove: yes
|
||||||
|
autoclean: yes
|
35
roles/packages/tasks/main.yaml
Normal file
35
roles/packages/tasks/main.yaml
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
- name: Install base packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: latest
|
||||||
|
update_cache: yes
|
||||||
|
install_recommends: no
|
||||||
|
with_items:
|
||||||
|
- cron
|
||||||
|
- logrotate
|
||||||
|
- dmidecode
|
||||||
|
- lshw
|
||||||
|
- sysstat
|
||||||
|
- iotop
|
||||||
|
- iftop
|
||||||
|
- inetutils-telnet
|
||||||
|
- inetutils-ping
|
||||||
|
- inetutils-ftp
|
||||||
|
- ethtool
|
||||||
|
- tcpdump
|
||||||
|
- mtr
|
||||||
|
- curl
|
||||||
|
- wget
|
||||||
|
- rsync
|
||||||
|
- psmisc
|
||||||
|
- screen
|
||||||
|
- vim
|
||||||
|
- file
|
||||||
|
- tree
|
||||||
|
- plocate
|
||||||
|
- findutils
|
||||||
|
- diffutils
|
||||||
|
- git
|
||||||
|
- htop
|
||||||
|
- unzip
|
||||||
|
notify: Autoremove and autoclean packages
|
11
roles/sshd/files/sshd_config
Normal file
11
roles/sshd/files/sshd_config
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
# Ansible managed
|
||||||
|
|
||||||
|
Include /etc/ssh/sshd_config.d/*.conf
|
||||||
|
PermitRootLogin yes
|
||||||
|
PasswordAuthentication no
|
||||||
|
ChallengeResponseAuthentication no
|
||||||
|
UsePAM yes
|
||||||
|
X11Forwarding yes
|
||||||
|
PrintMotd no
|
||||||
|
AcceptEnv LANG LC_*
|
||||||
|
Subsystem sftp /usr/lib/openssh/sftp-server
|
4
roles/sshd/handlers/main.yaml
Normal file
4
roles/sshd/handlers/main.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
- name: Restart sshd
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: sshd
|
||||||
|
state: restarted
|
8
roles/sshd/tasks/main.yaml
Normal file
8
roles/sshd/tasks/main.yaml
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
- name: Update sshd_config
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: sshd_config
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: 0644
|
||||||
|
notify: Restart sshd
|
4
roles/tz/handlers/main.yaml
Normal file
4
roles/tz/handlers/main.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
- name: Restart Cron
|
||||||
|
ansible.builtin.service:
|
||||||
|
name: cron
|
||||||
|
state: restarted
|
4
roles/tz/tasks/main.yaml
Normal file
4
roles/tz/tasks/main.yaml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
- name: Set timezone to Europe/Moscow
|
||||||
|
community.general.timezone:
|
||||||
|
name: Europe/Moscow
|
||||||
|
notify: Restart Cron
|
14
roles/ufw/tasks/main.yaml
Normal file
14
roles/ufw/tasks/main.yaml
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
- name: Install UFW
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: ufw
|
||||||
|
state: latest
|
||||||
|
update_cache: yes
|
||||||
|
|
||||||
|
- name: Allow SSH
|
||||||
|
community.general.ufw:
|
||||||
|
rule: allow
|
||||||
|
name: OpenSSH
|
||||||
|
|
||||||
|
- name: Enable Firewall
|
||||||
|
community.general.ufw:
|
||||||
|
state: enabled
|
Loading…
Reference in New Issue
Block a user