1 files changed, 66 insertions, 0 deletions

diff --git a/playbooks/roles/common/tasks/main.yml b/playbooks/roles/common/tasks/main.yml
new file mode 100644
index 0000000..446db35
--- /dev/null
+++ b/playbooks/roles/common/tasks/main.yml
@@ -0,0 +1,66 @@
+---
+
+### Rly base stuff
+
+- name: Apt upgrade, update
+  ansible.builtin.apt:
+    update_cache: true
+    upgrade: "dist"
+
+- name: Install dependencies
+  ansible.builtin.apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - gnupg-agent
+      - software-properties-common
+      - vim
+      - git
+      - rsync
+    state: latest
+    update_cache: true
+
+### Time
+
+- name: Timesyncd
+  ansible.builtin.apt:
+    name:
+      - systemd-timesyncd
+  notify:
+    - Enable systemd-timesyncd
+
+### SSH
+
+- name: Copy sshd_config
+  ansible.builtin.copy:
+    src: files/sshd_config
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify:
+    - Restart sshd
+
+- name: Copy authorized_keys
+  ansible.builtin.copy:
+    src: files/authorized_keys
+    dest: /home/{{ ansible_user }}/.ssh/authorized_keys
+
+### UFW
+
+- name: Install ufw
+  ansible.builtin.apt:
+    name: ufw
+    state: present
+
+- name: Allow ssh from rfc1918 networks
+  loop: "{{ rfc1918_cgnat_networks }}"
+  community.general.ufw:
+    rule: allow
+    name: "OpenSSH"
+    from: "{{ item }}"
+    state: "enabled"
+  notify:
+    - Enable ufw
+    - Reload ufw