Updated Ansible tasks to FQCN format
This commit is contained in:
@@ -1,46 +1,46 @@
|
||||
- name: Install the Uncomplicated Firewall
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: ufw
|
||||
state: present
|
||||
|
||||
- name: Install Fail2ban
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: fail2ban
|
||||
state: present
|
||||
|
||||
- name: Deny incoming traffic by default
|
||||
ufw:
|
||||
community.general.ufw:
|
||||
default: deny
|
||||
direction: incoming
|
||||
|
||||
- name: Allow outgoing traffic by default
|
||||
ufw:
|
||||
community.general.ufw:
|
||||
default: allow
|
||||
direction: outgoing
|
||||
|
||||
- name: Allow OpenSSH with rate limiting
|
||||
ufw:
|
||||
community.general.ufw:
|
||||
name: ssh
|
||||
rule: limit
|
||||
|
||||
- name: Remove Fail2ban defaults-debian.conf
|
||||
file:
|
||||
ansible.builtin.file:
|
||||
path: /etc/fail2ban/jail.d/defaults-debian.conf
|
||||
state: absent
|
||||
|
||||
- name: Install OpenSSH's Fail2ban jail
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: fail2ban-ssh.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/sshd.conf
|
||||
notify: restart_fail2ban
|
||||
|
||||
- name: Install Fail2ban IP allow list
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: fail2ban-allowlist.conf.j2
|
||||
dest: /etc/fail2ban/jail.d/allowlist.conf
|
||||
when: fail2ban_ignoreip is defined
|
||||
notify: restart_fail2ban
|
||||
|
||||
- name: Enable firewall
|
||||
ufw:
|
||||
community.general.ufw:
|
||||
state: enabled
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
- name: Install msmtp
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: "{{ item }}"
|
||||
state: present
|
||||
loop:
|
||||
@@ -8,12 +8,12 @@
|
||||
- mailutils
|
||||
|
||||
- name: Install msmtp configuration
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: msmtprc.j2
|
||||
dest: /root/.msmtprc
|
||||
mode: 0700
|
||||
|
||||
- name: Install /etc/aliases
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
dest: /etc/aliases
|
||||
content: "root: {{ mail.rootalias }}"
|
||||
|
||||
@@ -1,24 +1,24 @@
|
||||
- import_tasks: ansible.yml
|
||||
- ansible.builtin.import_tasks: ansible.yml
|
||||
tags: ansible
|
||||
|
||||
- import_tasks: system.yml
|
||||
- ansible.builtin.import_tasks: system.yml
|
||||
tags: system
|
||||
|
||||
- import_tasks: firewall.yml
|
||||
- ansible.builtin.import_tasks: firewall.yml
|
||||
tags: firewall
|
||||
|
||||
- import_tasks: network.yml
|
||||
- ansible.builtin.import_tasks: network.yml
|
||||
tags: network
|
||||
when: manage_network
|
||||
|
||||
- import_tasks: mail.yml
|
||||
- ansible.builtin.import_tasks: mail.yml
|
||||
tags: mail
|
||||
when: mail is defined
|
||||
|
||||
- import_tasks: ddclient.yml
|
||||
- ansible.builtin.import_tasks: ddclient.yml
|
||||
tags: ddclient
|
||||
when: ddclient is defined
|
||||
|
||||
- import_tasks: wireguard.yml
|
||||
- ansible.builtin.import_tasks: wireguard.yml
|
||||
tags: wireguard
|
||||
when: wireguard is defined
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
- name: Install network interfaces file
|
||||
copy:
|
||||
ansible.builtin.copy:
|
||||
src: network-interfaces.cfg
|
||||
dest: /etc/network/interfaces
|
||||
owner: root
|
||||
@@ -7,7 +7,7 @@
|
||||
mode: '0644'
|
||||
|
||||
- name: Install network interfaces
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: "interface.j2"
|
||||
dest: "/etc/network/interfaces.d/{{ item.name }}"
|
||||
loop: "{{ interfaces }}"
|
||||
|
||||
@@ -1,17 +1,17 @@
|
||||
- name: Install useful software
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: "{{ packages }}"
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Manage root authorized_keys
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: authorized_keys.j2
|
||||
dest: /root/.ssh/authorized_keys
|
||||
when: authorized_keys is defined
|
||||
|
||||
- name: Manage filesystem mounts
|
||||
mount:
|
||||
ansible.posix.mount:
|
||||
path: "{{ item.path }}"
|
||||
src: "UUID={{ item.uuid }}"
|
||||
fstype: "{{ item.fstype }}"
|
||||
|
||||
@@ -1,35 +1,35 @@
|
||||
- name: Install WireGuard
|
||||
apt:
|
||||
ansible.builtin.apt:
|
||||
name: wireguard
|
||||
state: present
|
||||
update_cache: true
|
||||
|
||||
- name: Generate WireGuard keys
|
||||
shell: wg genkey | tee privatekey | wg pubkey > publickey
|
||||
ansible.builtin.shell: wg genkey | tee privatekey | wg pubkey > publickey
|
||||
args:
|
||||
chdir: /etc/wireguard/
|
||||
creates: /etc/wireguard/privatekey
|
||||
|
||||
- name: Grab WireGuard private key for configuration
|
||||
slurp:
|
||||
ansible.builtin.slurp:
|
||||
src: /etc/wireguard/privatekey
|
||||
register: wgkey
|
||||
|
||||
- name: Install WireGuard configuration
|
||||
template:
|
||||
ansible.builtin.template:
|
||||
src: wireguard.j2
|
||||
dest: /etc/wireguard/wg0.conf
|
||||
notify:
|
||||
- restart_wireguard
|
||||
|
||||
- name: Start WireGuard interface
|
||||
service:
|
||||
ansible.builtin.service:
|
||||
name: wg-quick@wg0
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
- name: Add WireGuard firewall rule
|
||||
ufw:
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
port: "{{ wireguard.listenport }}"
|
||||
proto: tcp
|
||||
|
||||
Reference in New Issue
Block a user