diff options
| author | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-01 00:36:31 -0500 |
|---|---|---|
| committer | Elizabeth Hunt <elizabeth.hunt@simponic.xyz> | 2024-01-01 00:36:31 -0500 |
| commit | 3b818dc0b9c415124a6c16a85e757e45ebed7249 (patch) | |
| tree | c0eb1b58c9fc8362b72136f17861e81c08bbf773 /roles/common/tasks/main.yml | |
| download | oldinfra-3b818dc0b9c415124a6c16a85e757e45ebed7249.tar.gz oldinfra-3b818dc0b9c415124a6c16a85e757e45ebed7249.zip | |
initial common setup
Diffstat (limited to 'roles/common/tasks/main.yml')
| -rw-r--r-- | roles/common/tasks/main.yml | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..d3bf8b9 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,68 @@ +--- + +# apt cache +- name: update apt cache + ansible.builtin.apt: + update_cache: yes + cache_valid_time: 3600 + +# SSH +- name: Copy sshd_config + copy: + src: ../templates/sshd_config + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: restart sshd + service: name=sshd state=restarted + +# FIREWALL +- name: install UFW + apt: name=ufw state=latest + +- name: allow ssh from everywhere + ufw: + rule: allow + name: OpenSSH + +- name: restart ufw + service: name=ufw state=restarted + +# FAIL2BAN +- name: install fail2ban + apt: name=fail2ban state=latest + +- name: Copy jail.conf + copy: + src: ../templates/jail.conf + dest: /etc/fail2ban/jail.conf + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: restart fail2ban + service: name=fail2ban state=restarted + +# DNS +- name: install systemd-resolved + apt: name=systemd-resolved state=latest + +- name: Check if systemd-resolved config exists + ansible.builtin.stat: + path: /etc/systemd/resolved.conf + register: systemd_resolved_config + check_mode: false + +- name: Update DNS servers for systemd-resolvd + ansible.builtin.include_tasks: + file: 'systemd-resolved.yml' + when: systemd_resolved_config.stat.exists | bool + +- name: Check if systemd-resolved runs + ansible.builtin.shell: pgrep systemd-resolve + failed_when: false + changed_when: false + register: systemd_resolved_running + check_mode: false |