jean-cloud-services/provisioning/group_vars/servers.yml

80 lines
1.8 KiB
YAML
Raw Normal View History

2023-04-24 10:11:09 +00:00
# Default registry
#
bootstrap_user: root
# sudo configuration
# using geerlingguy security
# https://galaxy.ansible.com/grog/sudo
#sudo_default_sudoers: yes
#sudo_list:
# - name: tits
# sudo:
# hosts: ALL
# as: ALL:ALL
# commands: ALL
# nopasswd: yes
# For ssh security
# https://galaxy.ansible.com/dev-sec/ssh-hardening
#network_ipv6_enable: true
#ssh_server_ports: ['45985']
#ssh_permit_root_login: no # TODO uncommenting that makes it bug
# Fail2ban
# https://galaxy.ansible.com/oefenweb/fail2ban
#fail2ban_filterd_path: ./fail2ban/etc/fail2ban/filter.d/
#fail2ban_actiond_path: ./fail2ban/etc/fail2ban/action.d/
#fail2ban_jaild_path: ./fail2ban/etc/fail2ban/jail.d/
#fail2ban_services:
# # In older versions of Fail2Ban this is called ssh
# - name: sshd
# port: 45985
# maxretry: 3
# bantime: -1
# # - name: wplogin
# # port: http,https
# # filter: wplogin
# # logpath: /var/lib/docker/containers/*/*-json.log
# # banaction: docker-action
# # maxretry: 5
# # findtime: 120
# # bantime: 86400
#
# https://galaxy.ansible.com/robertdebock/fail2ban
# For Firewall
# https://galaxy.ansible.com/geerlingguy/firewall
firewall_state: started
firewall_enabled_at_boot: true
firewall_log_dropped_packets: true
firewall_allowed_tcp_ports:
- "45985"
- "22529"
- "80"
- "443"
- "53"
- "5000"
firewall_allowed_udp_ports:
- "53"
# For rootkit protection
# https://galaxy.ansible.com/mablanco/antirootkits
antirootkits_mail_from: contact@jean-cloud.org
antirootkits_mail_to: contact@jean-cloud.org
antirootkits_log_expire: 90
# TODO wtf is /home/docker ?
shelldetector_scan_directory: /home/docker # Il va trouver trop de merde non ?
shelldetector_cron_hour: '4'
shelldetector_cron_minute: '00'
# NTP
# https://galaxy.ansible.com/geerlingguy/ntp
ntp_timezone: Europe/Paris
ntp_daemon: ntp