adrian/jean-cloud-services
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
v2024
jean-cloud-services/provisioning/playbook.yml
Adrian Amaglio 88e8e2fc76 update
2023-09-16 20:17:34 +02:00

113 lines
2.2 KiB
YAML
Executable File
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

- name: server
hosts: servers
become: no
gather_facts: no
roles:
# Ansible prerequisites
- schuerg.prerequisites
- name: server
hosts: servers
#become: yes
#gather_facts: no
roles:
# Ansible prerequisites
#- robertdebock.bootstrap
# EPEL for centos
#- geerlingguy.repo-epel
#NTP is important for curl and apt
# - ericsysmin.system.ntp
# Users
#- sysadmins
# Locales
# TODO set locales date and currency
#- alvistack.locales
- role: oefenweb.locales
vars:
locales_default:
lang: en_US.UTF-8
lc_all: en_US.UTF-8
# Sys update. Playbook bien fait.
- robertdebock.update
# Manage sudoers
#- GROG.sudo
# ssh security
# using geerlingguy security
#- dev-sec.ssh-hardening
- role: geerlingguy.security
vars:
security_ssh_port: 45985
security_ssh_password_authentication: "no"
security_ssh_permit_root_login: "yes"
security_ssh_usedns: "no"
security_ssh_permit_empty_password: "no"
security_ssh_challenge_response_auth: "no"
security_ssh_gss_api_authentication: "no"
security_ssh_x11_forwarding: "no"
security_autoupdate_enabled: true
security_fail2ban_enabled: false
# fail2ban
#- oefenweb.fail2ban
#- robertdebock.fail2ban
# firewall conf
# TODO it destroy the DOCKER rules…
#- geerlingguy.firewall
# Rootkit protection
#- mablanco.antirootkits
# antivirus
#- geerlingguy.clamav
# docker
- role: geerlingguy.docker
vars:
docker_service_enabled: false
# timezone
- role: oefenweb.timezone
vars:
timezone_zone: Europe/Paris
# ntp
#- geerlingguy.ntp
#TODO
# docker metrics proxy
#- docker-metrics-proxy
# logrotate
# - ontic/logrotate
# apparmor ?
# - manala.apparmor
# autofs
# - cmprescott.autofs_ng
# smart TODO
#- stuvusit/smartd
# graylog Nope, too heavy…
# TODO lininfile for prometheus
# 127.0.1.1 docker-host
- jean-cloud-common
##- deploy_all
Reference in New Issue View Git Blame Copy Permalink