testing
This commit is contained in:
@@ -32,12 +32,14 @@
|
||||
ansible.builtin.template:
|
||||
src: fail2ban-ssh.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/sshd.conf
|
||||
mode: 0640
|
||||
notify: restart_fail2ban
|
||||
|
||||
- name: Install Fail2ban IP allow list
|
||||
ansible.builtin.template:
|
||||
src: fail2ban-allowlist.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/allowlist.conf
|
||||
mode: 0640
|
||||
when: fail2ban_ignoreip is defined
|
||||
notify: restart_fail2ban
|
||||
|
||||
|
||||
@@ -11,9 +11,10 @@
|
||||
ansible.builtin.template:
|
||||
src: msmtprc.j2
|
||||
dest: /root/.msmtprc
|
||||
mode: 0700
|
||||
mode: 0600
|
||||
|
||||
- name: Install /etc/aliases
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/aliases
|
||||
content: "root: {{ mail.rootalias }}"
|
||||
mode: 0644
|
||||
|
||||
@@ -1,24 +1,31 @@
|
||||
- ansible.builtin.import_tasks: ansible.yml
|
||||
- name: Import Ansible tasks
|
||||
ansible.builtin.import_tasks: ansible.yml
|
||||
tags: ansible
|
||||
|
||||
- ansible.builtin.import_tasks: system.yml
|
||||
- name: Import System tasks
|
||||
ansible.builtin.import_tasks: system.yml
|
||||
tags: system
|
||||
|
||||
- ansible.builtin.import_tasks: firewall.yml
|
||||
- name: Import Firewall tasks
|
||||
ansible.builtin.import_tasks: firewall.yml
|
||||
tags: firewall
|
||||
|
||||
- ansible.builtin.import_tasks: network.yml
|
||||
- name: Import Network tasks
|
||||
ansible.builtin.import_tasks: network.yml
|
||||
tags: network
|
||||
when: manage_network
|
||||
|
||||
- ansible.builtin.import_tasks: mail.yml
|
||||
- name: Import Mail tasks
|
||||
ansible.builtin.import_tasks: mail.yml
|
||||
tags: mail
|
||||
when: mail is defined
|
||||
|
||||
- ansible.builtin.import_tasks: ddclient.yml
|
||||
- name: Import ddclient tasks
|
||||
ansible.builtin.import_tasks: ddclient.yml
|
||||
tags: ddclient
|
||||
when: ddclient is defined
|
||||
|
||||
- ansible.builtin.import_tasks: wireguard.yml
|
||||
- name: Import WireGuard tasks
|
||||
ansible.builtin.import_tasks: wireguard.yml
|
||||
tags: wireguard
|
||||
when: wireguard is defined
|
||||
|
||||
@@ -10,5 +10,6 @@
|
||||
ansible.builtin.template:
|
||||
src: "interface.j2"
|
||||
dest: "/etc/network/interfaces.d/{{ item.name }}"
|
||||
mode: 0400
|
||||
loop: "{{ interfaces }}"
|
||||
notify: reboot_host
|
||||
|
||||
@@ -8,6 +8,7 @@
|
||||
ansible.builtin.template:
|
||||
src: authorized_keys.j2
|
||||
dest: /root/.ssh/authorized_keys
|
||||
mode: 0400
|
||||
when: authorized_keys is defined
|
||||
|
||||
- name: Manage filesystem mounts
|
||||
|
||||
@@ -5,7 +5,9 @@
|
||||
update_cache: true
|
||||
|
||||
- name: Generate WireGuard keys
|
||||
ansible.builtin.shell: wg genkey | tee privatekey | wg pubkey > publickey
|
||||
ansible.builtin.shell: |
|
||||
set -o pipefail
|
||||
wg genkey | tee privatekey | wg pubkey > publickey
|
||||
args:
|
||||
chdir: /etc/wireguard/
|
||||
creates: /etc/wireguard/privatekey
|
||||
@@ -19,8 +21,8 @@
|
||||
ansible.builtin.template:
|
||||
src: wireguard.j2
|
||||
dest: /etc/wireguard/wg0.conf
|
||||
notify:
|
||||
- restart_wireguard
|
||||
mode: 0400
|
||||
notify: restart_wireguard
|
||||
|
||||
- name: Start WireGuard interface
|
||||
ansible.builtin.service:
|
||||
|
||||
Reference in New Issue
Block a user