jean-cloud-services/provisioning/playbook.yml

113 lines
2.2 KiB
YAML
Raw Permalink Normal View History

2023-04-24 10:11:09 +00:00
- name: server
hosts: servers
2023-04-24 10:30:17 +00:00
become: no
2023-04-24 10:11:09 +00:00
gather_facts: no
roles:
# Ansible prerequisites
- schuerg.prerequisites
- name: server
hosts: servers
2023-04-24 10:30:17 +00:00
#become: yes
2023-04-24 10:11:09 +00:00
#gather_facts: no
roles:
# Ansible prerequisites
#- robertdebock.bootstrap
# EPEL for centos
#- geerlingguy.repo-epel
#NTP is important for curl and apt
# - ericsysmin.system.ntp
# Users
#- sysadmins
# Locales
# TODO set locales date and currency
#- alvistack.locales
2023-09-16 18:17:34 +00:00
- role: oefenweb.locales
vars:
locales_default:
lang: en_US.UTF-8
lc_all: en_US.UTF-8
2023-04-24 10:11:09 +00:00
# Sys update. Playbook bien fait.
- robertdebock.update
# Manage sudoers
#- GROG.sudo
2023-09-16 18:17:34 +00:00
2023-04-24 10:11:09 +00:00
# ssh security
# using geerlingguy security
#- dev-sec.ssh-hardening
2023-09-16 18:17:34 +00:00
- role: geerlingguy.security
vars:
security_ssh_port: 45985
security_ssh_password_authentication: "no"
security_ssh_permit_root_login: "yes"
security_ssh_usedns: "no"
security_ssh_permit_empty_password: "no"
security_ssh_challenge_response_auth: "no"
security_ssh_gss_api_authentication: "no"
security_ssh_x11_forwarding: "no"
security_autoupdate_enabled: true
security_fail2ban_enabled: false
2023-04-24 10:11:09 +00:00
# fail2ban
#- oefenweb.fail2ban
#- robertdebock.fail2ban
# firewall conf
# TODO it destroy the DOCKER rules…
#- geerlingguy.firewall
# Rootkit protection
#- mablanco.antirootkits
# antivirus
#- geerlingguy.clamav
# docker
2023-09-16 18:17:34 +00:00
- role: geerlingguy.docker
vars:
docker_service_enabled: false
2023-04-24 10:11:09 +00:00
# timezone
2023-09-16 18:17:34 +00:00
- role: oefenweb.timezone
vars:
timezone_zone: Europe/Paris
2023-04-24 10:11:09 +00:00
# ntp
#- geerlingguy.ntp
2023-09-16 18:17:34 +00:00
#TODO
2023-04-24 10:11:09 +00:00
# docker metrics proxy
#- docker-metrics-proxy
# logrotate
# - ontic/logrotate
# apparmor ?
# - manala.apparmor
# autofs
# - cmprescott.autofs_ng
# smart TODO
#- stuvusit/smartd
# graylog Nope, too heavy…
# TODO lininfile for prometheus
# 127.0.1.1 docker-host
2023-07-06 15:37:16 +00:00
- jean-cloud-common
2023-04-24 10:11:09 +00:00
##- deploy_all