From 3b818dc0b9c415124a6c16a85e757e45ebed7249 Mon Sep 17 00:00:00 2001 From: Elizabeth Hunt Date: Mon, 1 Jan 2024 00:36:31 -0500 Subject: initial common setup --- roles/common/tasks/main.yml | 68 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 roles/common/tasks/main.yml (limited to 'roles/common/tasks/main.yml') diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..d3bf8b9 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,68 @@ +--- + +# apt cache +- name: update apt cache + ansible.builtin.apt: + update_cache: yes + cache_valid_time: 3600 + +# SSH +- name: Copy sshd_config + copy: + src: ../templates/sshd_config + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: restart sshd + service: name=sshd state=restarted + +# FIREWALL +- name: install UFW + apt: name=ufw state=latest + +- name: allow ssh from everywhere + ufw: + rule: allow + name: OpenSSH + +- name: restart ufw + service: name=ufw state=restarted + +# FAIL2BAN +- name: install fail2ban + apt: name=fail2ban state=latest + +- name: Copy jail.conf + copy: + src: ../templates/jail.conf + dest: /etc/fail2ban/jail.conf + owner: root + group: root + mode: u=rw,g=r,o=r + +- name: restart fail2ban + service: name=fail2ban state=restarted + +# DNS +- name: install systemd-resolved + apt: name=systemd-resolved state=latest + +- name: Check if systemd-resolved config exists + ansible.builtin.stat: + path: /etc/systemd/resolved.conf + register: systemd_resolved_config + check_mode: false + +- name: Update DNS servers for systemd-resolvd + ansible.builtin.include_tasks: + file: 'systemd-resolved.yml' + when: systemd_resolved_config.stat.exists | bool + +- name: Check if systemd-resolved runs + ansible.builtin.shell: pgrep systemd-resolve + failed_when: false + changed_when: false + register: systemd_resolved_running + check_mode: false -- cgit v1.2.3-70-g09d2