- name: server hosts: servers become: no gather_facts: no roles: # Ansible prerequisites - schuerg.prerequisites - name: server hosts: servers #become: yes #gather_facts: no roles: # Ansible prerequisites #- robertdebock.bootstrap # EPEL for centos #- geerlingguy.repo-epel #NTP is important for curl and apt # - ericsysmin.system.ntp # Users #- sysadmins # Locales # TODO set locales date and currency #- alvistack.locales - oefenweb.locales # Sys update. Playbook bien fait. - robertdebock.update # Manage sudoers #- GROG.sudo # Unattended upgrades #- jnv.unattended-upgrades #- thorian93.unattended_upgrade #- racqspace.unattended_upgrades # ssh security # using geerlingguy security #- dev-sec.ssh-hardening - geerlingguy.security # fail2ban #- oefenweb.fail2ban #- robertdebock.fail2ban # firewall conf # TODO it destroy the DOCKER rules… #- geerlingguy.firewall # Rootkit protection #- mablanco.antirootkits # antivirus #- geerlingguy.clamav # docker - geerlingguy.docker # timezone - oefenweb.timezone # ntp #- geerlingguy.ntp # docker metrics proxy #- docker-metrics-proxy # logrotate # - ontic/logrotate # apparmor ? # - manala.apparmor # autofs # - cmprescott.autofs_ng # smart TODO #- stuvusit/smartd # graylog Nope, too heavy… # TODO lininfile for prometheus # 127.0.1.1 docker-host - jean-cloud-common ##- deploy_all - name: shlago hosts: shlago become: yes gather_facts: no roles: - ordiportables