jean-cloud-services/provisioning/group_vars/servers.yml
Adrian Amaglio 88e8e2fc76 update
2023-09-16 20:17:34 +02:00

80 lines
1.8 KiB
YAML
Executable File
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Default registry
#
bootstrap_user: root
# sudo configuration
# using geerlingguy security
# https://galaxy.ansible.com/grog/sudo
#sudo_default_sudoers: yes
#sudo_list:
# - name: tits
# sudo:
# hosts: ALL
# as: ALL:ALL
# commands: ALL
# nopasswd: yes
# For ssh security
# https://galaxy.ansible.com/dev-sec/ssh-hardening
#network_ipv6_enable: true
#ssh_server_ports: ['45985']
#ssh_permit_root_login: no # TODO uncommenting that makes it bug
# Fail2ban
# https://galaxy.ansible.com/oefenweb/fail2ban
#fail2ban_filterd_path: ./fail2ban/etc/fail2ban/filter.d/
#fail2ban_actiond_path: ./fail2ban/etc/fail2ban/action.d/
#fail2ban_jaild_path: ./fail2ban/etc/fail2ban/jail.d/
#fail2ban_services:
# # In older versions of Fail2Ban this is called ssh
# - name: sshd
# port: 45985
# maxretry: 3
# bantime: -1
# # - name: wplogin
# # port: http,https
# # filter: wplogin
# # logpath: /var/lib/docker/containers/*/*-json.log
# # banaction: docker-action
# # maxretry: 5
# # findtime: 120
# # bantime: 86400
#
# https://galaxy.ansible.com/robertdebock/fail2ban
# For Firewall
# https://galaxy.ansible.com/geerlingguy/firewall
firewall_state: started
firewall_enabled_at_boot: true
firewall_log_dropped_packets: true
firewall_allowed_tcp_ports:
- "45985"
- "22529"
- "80"
- "443"
- "53"
- "5000"
firewall_allowed_udp_ports:
- "53"
# For rootkit protection
# https://galaxy.ansible.com/mablanco/antirootkits
antirootkits_mail_from: contact@jean-cloud.org
antirootkits_mail_to: contact@jean-cloud.org
antirootkits_log_expire: 90
# TODO wtf is /home/docker ?
shelldetector_scan_directory: /home/docker # Il va trouver trop de merde non ?
shelldetector_cron_hour: '4'
shelldetector_cron_minute: '00'
# NTP
# https://galaxy.ansible.com/geerlingguy/ntp
ntp_timezone: Europe/Paris
ntp_daemon: ntp