- name: server hosts: servers become: no gather_facts: no roles: # Ansible prerequisites - schuerg.prerequisites - name: server hosts: servers #become: yes #gather_facts: no roles: # Ansible prerequisites #- robertdebock.bootstrap # EPEL for centos #- geerlingguy.repo-epel #NTP is important for curl and apt # - ericsysmin.system.ntp # Users #- sysadmins # Locales # TODO set locales date and currency #- alvistack.locales - role: oefenweb.locales vars: locales_default: lang: en_US.UTF-8 lc_all: en_US.UTF-8 # Sys update. Playbook bien fait. - robertdebock.update # Manage sudoers #- GROG.sudo # ssh security # using geerlingguy security #- dev-sec.ssh-hardening - role: geerlingguy.security vars: security_ssh_port: 45985 security_ssh_password_authentication: "no" security_ssh_permit_root_login: "yes" security_ssh_usedns: "no" security_ssh_permit_empty_password: "no" security_ssh_challenge_response_auth: "no" security_ssh_gss_api_authentication: "no" security_ssh_x11_forwarding: "no" security_autoupdate_enabled: true security_fail2ban_enabled: false # fail2ban #- oefenweb.fail2ban #- robertdebock.fail2ban # firewall conf # TODO it destroy the DOCKER rules… #- geerlingguy.firewall # Rootkit protection #- mablanco.antirootkits # antivirus #- geerlingguy.clamav # docker - role: geerlingguy.docker vars: docker_service_enabled: false # timezone - role: oefenweb.timezone vars: timezone_zone: Europe/Paris # ntp #- geerlingguy.ntp #TODO # docker metrics proxy #- docker-metrics-proxy # logrotate # - ontic/logrotate # apparmor ? # - manala.apparmor # autofs # - cmprescott.autofs_ng # smart TODO #- stuvusit/smartd # graylog Nope, too heavy… # TODO lininfile for prometheus # 127.0.1.1 docker-host - jean-cloud-common ##- deploy_all