2023-04-24 10:11:09 +00:00
|
|
|
|
- name: server
|
|
|
|
|
hosts: servers
|
2023-04-24 10:30:17 +00:00
|
|
|
|
become: no
|
2023-04-24 10:11:09 +00:00
|
|
|
|
gather_facts: no
|
|
|
|
|
roles:
|
|
|
|
|
# Ansible prerequisites
|
|
|
|
|
- schuerg.prerequisites
|
|
|
|
|
|
|
|
|
|
- name: server
|
|
|
|
|
hosts: servers
|
2023-04-24 10:30:17 +00:00
|
|
|
|
#become: yes
|
2023-04-24 10:11:09 +00:00
|
|
|
|
#gather_facts: no
|
|
|
|
|
roles:
|
|
|
|
|
# Ansible prerequisites
|
|
|
|
|
#- robertdebock.bootstrap
|
|
|
|
|
|
|
|
|
|
# EPEL for centos
|
|
|
|
|
#- geerlingguy.repo-epel
|
|
|
|
|
|
|
|
|
|
#NTP is important for curl and apt
|
|
|
|
|
# - ericsysmin.system.ntp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Users
|
|
|
|
|
#- sysadmins
|
|
|
|
|
|
|
|
|
|
# Locales
|
|
|
|
|
# TODO set locales date and currency
|
|
|
|
|
#- alvistack.locales
|
2023-09-16 18:17:34 +00:00
|
|
|
|
- role: oefenweb.locales
|
|
|
|
|
vars:
|
|
|
|
|
locales_default:
|
|
|
|
|
lang: en_US.UTF-8
|
|
|
|
|
lc_all: en_US.UTF-8
|
|
|
|
|
|
2023-04-24 10:11:09 +00:00
|
|
|
|
|
|
|
|
|
# Sys update. Playbook bien fait.
|
|
|
|
|
- robertdebock.update
|
|
|
|
|
|
|
|
|
|
# Manage sudoers
|
|
|
|
|
#- GROG.sudo
|
|
|
|
|
|
2023-09-16 18:17:34 +00:00
|
|
|
|
|
2023-04-24 10:11:09 +00:00
|
|
|
|
# ssh security
|
|
|
|
|
# using geerlingguy security
|
|
|
|
|
#- dev-sec.ssh-hardening
|
2023-09-16 18:17:34 +00:00
|
|
|
|
- role: geerlingguy.security
|
|
|
|
|
vars:
|
|
|
|
|
security_ssh_port: 45985
|
|
|
|
|
security_ssh_password_authentication: "no"
|
|
|
|
|
security_ssh_permit_root_login: "yes"
|
|
|
|
|
security_ssh_usedns: "no"
|
|
|
|
|
security_ssh_permit_empty_password: "no"
|
|
|
|
|
security_ssh_challenge_response_auth: "no"
|
|
|
|
|
security_ssh_gss_api_authentication: "no"
|
|
|
|
|
security_ssh_x11_forwarding: "no"
|
|
|
|
|
security_autoupdate_enabled: true
|
|
|
|
|
security_fail2ban_enabled: false
|
|
|
|
|
|
2023-04-24 10:11:09 +00:00
|
|
|
|
|
|
|
|
|
# fail2ban
|
|
|
|
|
#- oefenweb.fail2ban
|
|
|
|
|
#- robertdebock.fail2ban
|
|
|
|
|
|
|
|
|
|
# firewall conf
|
|
|
|
|
# TODO it destroy the DOCKER rules…
|
|
|
|
|
#- geerlingguy.firewall
|
|
|
|
|
|
|
|
|
|
# Rootkit protection
|
|
|
|
|
#- mablanco.antirootkits
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# antivirus
|
|
|
|
|
#- geerlingguy.clamav
|
|
|
|
|
|
|
|
|
|
# docker
|
2023-09-16 18:17:34 +00:00
|
|
|
|
- role: geerlingguy.docker
|
|
|
|
|
vars:
|
|
|
|
|
docker_service_enabled: false
|
2023-04-24 10:11:09 +00:00
|
|
|
|
|
|
|
|
|
# timezone
|
2023-09-16 18:17:34 +00:00
|
|
|
|
- role: oefenweb.timezone
|
|
|
|
|
vars:
|
|
|
|
|
timezone_zone: Europe/Paris
|
2023-04-24 10:11:09 +00:00
|
|
|
|
|
|
|
|
|
# ntp
|
|
|
|
|
#- geerlingguy.ntp
|
2023-09-16 18:17:34 +00:00
|
|
|
|
#TODO
|
2023-04-24 10:11:09 +00:00
|
|
|
|
|
|
|
|
|
# docker metrics proxy
|
|
|
|
|
#- docker-metrics-proxy
|
|
|
|
|
|
|
|
|
|
# logrotate
|
|
|
|
|
# - ontic/logrotate
|
|
|
|
|
|
|
|
|
|
# apparmor ?
|
|
|
|
|
# - manala.apparmor
|
|
|
|
|
|
|
|
|
|
# autofs
|
|
|
|
|
# - cmprescott.autofs_ng
|
|
|
|
|
|
|
|
|
|
# smart TODO
|
|
|
|
|
#- stuvusit/smartd
|
|
|
|
|
|
|
|
|
|
# graylog Nope, too heavy…
|
|
|
|
|
# TODO lininfile for prometheus
|
|
|
|
|
# 127.0.1.1 docker-host
|
2023-07-06 15:37:16 +00:00
|
|
|
|
- jean-cloud-common
|
2023-04-24 10:11:09 +00:00
|
|
|
|
|
|
|
|
|
##- deploy_all
|
|
|
|
|
|