1 files changed, 76 insertions, 0 deletions

diff --git a/playbooks/roles/common/tasks/main.yml b/playbooks/roles/common/tasks/main.yml
new file mode 100644
index 0000000..f32893a
--- /dev/null
+++ b/playbooks/roles/common/tasks/main.yml
@@ -0,0 +1,76 @@
+---
+
+- name: Apt upgrade, update
+  ansible.builtin.apt:
+    update_cache: true
+    upgrade: "dist"
+
+- name: Set a hostname specifying strategy
+  ansible.builtin.hostname:
+    name: "{{ inventory_hostname }}"
+    use: systemd
+
+- name: Install dependencies
+  ansible.builtin.apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - gnupg-agent
+      - software-properties-common
+      - systemd-timesyncd
+      - systemd-resolved
+      - vim
+      - git
+      - rsync
+    state: latest
+    update_cache: true
+  notify:
+    - Enable systemd-timesyncd
+
+## DNS
+- name: Configure systemd-resolved
+  ansible.builtin.include_tasks:
+    file: "systemd-resolved.yml"
+
+## SSH
+- name: Copy sshd_config
+  ansible.builtin.copy:
+    src: files/sshd_config
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify:
+    - Restart sshd
+
+- name: Copy authorized keys
+  ansible.builtin.copy:
+    src: files/authorized_keys
+    dest: /root/.ssh/authorized_keys
+    owner: root
+    group: root
+
+## FAIL2BAN
+- name: Install Fail2Ban
+  ansible.builtin.apt:
+    name: fail2ban
+    state: present
+  notify:
+    - Enable fail2ban
+
+## FIREWALL
+- name: Install ufw
+  ansible.builtin.apt:
+    name: ufw
+    state: present
+
+- name: Allow ssh from rfc1918 networks
+  loop: "{{ rfc1918_networks }}"
+  community.general.ufw:
+    rule: allow
+    name: "OpenSSH"
+    from: "{{ item }}"
+    state: "enabled"
+  notify:
+    - Reload ufw