Home Explore Help
Register Sign In
ANALYTIKDATA
/
automated-office
4
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 589d0d8244
Branches Tags
automated-offic...
/
ansible
/
roles
/
common
/
tasks
/
main.yml

main.yml 906 B
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546 
  1. ---
    2. 

  2. - name: Update apt cache
    3. 

  3.   apt:
    4. 

  4.     update_cache: yes
    5. 

  5.     cache_valid_time: 3600
    6. 

  6.   when: ansible_os_family == "Debian"
    7. 

  7. 

  8. - name: Install required system packages
    9. 

  9.   apt:
    10. 

  10.     name: "{{ item }}"
    11. 

  11.     state: present
    12. 

  12.   loop:
    13. 

  13.     - apt-transport-https
    14. 

  14.     - ca-certificates
    15. 

  15.     - curl
    16. 

  16.     - software-properties-common
    17. 

  17.     - python3-pip
    18. 

  18.     - git
    19. 

  19.     - fail2ban
    20. 

  20.     - ufw
    21. 

  21.     - acl
    22. 

  22. 

  23. - name: Configure timezone
    24. 

  24.   timezone:
    25. 

  25.     name: "{{ timezone }}"
    26. 

  26. 

  27. - name: Configure fail2ban
    28. 

  28.   template:
    29. 

  29.     src: jail.local.j2
    30. 

  30.     dest: /etc/fail2ban/jail.local
    31. 

  31.   notify: restart fail2ban
    32. 

  32. 

  33. - name: Configure UFW
    34. 

  34.   ufw:
    35. 

  35.     rule: "{{ item.rule }}"
    36. 

  36.     port: "{{ item.port }}"
    37. 

  37.     proto: "{{ item.proto }}"
    38. 

  38.   loop:
    39. 

  39.     - { rule: 'allow', port: '22', proto: 'tcp' }
    40. 

  40.     - { rule: 'allow', port: '80', proto: 'tcp' }
    41. 

  41.     - { rule: 'allow', port: '443', proto: 'tcp' }
    42. 

  42. 

  43. - name: Enable UFW
    44. 

  44.   ufw:
    45. 

  45.     state: enabled
    46. 

  46.     policy: deny
    47.