Compare commits
3 commits
f4109954e1
...
cb50373b94
Author | SHA1 | Date | |
---|---|---|---|
cb50373b94 | |||
97ab23e625 | |||
2410885737 |
31 changed files with 21 additions and 416 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1 +0,0 @@
|
||||||
venv/
|
|
|
@ -10,8 +10,6 @@
|
||||||
- journald
|
- journald
|
||||||
- sshd
|
- sshd
|
||||||
- role: timesyncd
|
- role: timesyncd
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
|
||||||
- role: ufw
|
|
||||||
when: ansible_facts['os_family'] == "Ubuntu"
|
when: ansible_facts['os_family'] == "Ubuntu"
|
||||||
|
|
||||||
- name: Resolver
|
- name: Resolver
|
||||||
|
@ -19,15 +17,3 @@
|
||||||
become: true
|
become: true
|
||||||
roles:
|
roles:
|
||||||
- knot_resolver
|
- knot_resolver
|
||||||
|
|
||||||
- name: DHCP
|
|
||||||
hosts: kea-dhcp
|
|
||||||
become: true
|
|
||||||
roles:
|
|
||||||
- kea_dhcp
|
|
||||||
|
|
||||||
- name: Knot
|
|
||||||
hosts: dns-authoritative
|
|
||||||
become: true
|
|
||||||
roles:
|
|
||||||
- knot
|
|
||||||
|
|
|
@ -1,11 +0,0 @@
|
||||||
---
|
|
||||||
acls:
|
|
||||||
- id: ddns
|
|
||||||
action: update
|
|
||||||
address: 10.20.0.42/32
|
|
||||||
|
|
||||||
zones:
|
|
||||||
- domain: lab.r4.pm
|
|
||||||
acl: ddns
|
|
||||||
|
|
||||||
listen_ip: 10.20.0.44
|
|
|
@ -1,19 +0,0 @@
|
||||||
---
|
|
||||||
domain: r4.pm
|
|
||||||
domain_search:
|
|
||||||
- lab.r4.pm
|
|
||||||
- r4.pm
|
|
||||||
|
|
||||||
networks:
|
|
||||||
- subnet: 10.15.0.0/24
|
|
||||||
start: 10.15.0.200
|
|
||||||
end: 10.15.0.254
|
|
||||||
routers: 10.15.0.1
|
|
||||||
- subnet: 10.20.0.0/24
|
|
||||||
start: 10.20.0.200
|
|
||||||
end: 10.20.0.254
|
|
||||||
routers: 10.20.0.1
|
|
||||||
- subnet: 10.30.0.0/24
|
|
||||||
start: 10.30.0.200
|
|
||||||
end: 10.30.0.254
|
|
||||||
routers: 10.30.0.1
|
|
|
@ -2,8 +2,3 @@
|
||||||
kresd_allow:
|
kresd_allow:
|
||||||
- 10.0.0.0/8
|
- 10.0.0.0/8
|
||||||
- 172.16.0.0/12
|
- 172.16.0.0/12
|
||||||
|
|
||||||
forward:
|
|
||||||
- zone: lab.r4.pm.
|
|
||||||
address: 10.20.0.44
|
|
||||||
ds: "lab.r4.pm. DS 61454 13 4 c510acc4a85ee8cfd93205b0cdc8d65a9e5376cf45517e5bd7db7fc836d076df688b11cf7f3a3b33a9b1011d74d00e74"
|
|
||||||
|
|
|
@ -1,28 +1,8 @@
|
||||||
<<<<<<< HEAD
|
|
||||||
---
|
|
||||||
=======
|
|
||||||
>>>>>>> 2410885 (Add knot roles)
|
|
||||||
all:
|
all:
|
||||||
hosts:
|
hosts:
|
||||||
resolver-1:
|
resolver-1:
|
||||||
ansible_host: 10.20.0.42
|
ansible_host: 10.20.0.42
|
||||||
<<<<<<< HEAD
|
|
||||||
dhcp-1:
|
|
||||||
ansible_host: 10.20.0.43
|
|
||||||
authoritative-1:
|
|
||||||
ansible_host: 10.20.0.44
|
|
||||||
=======
|
|
||||||
>>>>>>> 2410885 (Add knot roles)
|
|
||||||
children:
|
children:
|
||||||
resolver:
|
resolver:
|
||||||
hosts:
|
hosts:
|
||||||
resolver-1:
|
resolver-1:
|
||||||
<<<<<<< HEAD
|
|
||||||
kea-dhcp:
|
|
||||||
hosts:
|
|
||||||
dhcp-1:
|
|
||||||
dns-authoritative:
|
|
||||||
hosts:
|
|
||||||
authoritative-1:
|
|
||||||
=======
|
|
||||||
>>>>>>> 2410885 (Add knot roles)
|
|
||||||
|
|
|
@ -10,9 +10,7 @@
|
||||||
- journald
|
- journald
|
||||||
- sshd
|
- sshd
|
||||||
- role: timesyncd
|
- role: timesyncd
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
when: ansible_facts['os_family'] == "Ubuntu"
|
||||||
- role: ufw
|
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
|
||||||
post_tasks:
|
post_tasks:
|
||||||
- name: Clean cloud-init
|
- name: Clean cloud-init
|
||||||
ansible.builtin.command: cloud-init clean
|
ansible.builtin.command: cloud-init clean
|
||||||
|
|
0
ansible/roles/auditd/files/custom.rules
Normal file → Executable file
0
ansible/roles/auditd/files/custom.rules
Normal file → Executable file
0
ansible/roles/auditd/handlers/main.yml
Normal file → Executable file
0
ansible/roles/auditd/handlers/main.yml
Normal file → Executable file
0
ansible/roles/auditd/tasks/main.yml
Normal file → Executable file
0
ansible/roles/auditd/tasks/main.yml
Normal file → Executable file
|
@ -7,37 +7,26 @@
|
||||||
force: true
|
force: true
|
||||||
|
|
||||||
- name: Build front
|
- name: Build front
|
||||||
ansible.builtin.shell:
|
ansible.builtin.shell: |
|
||||||
executable: /bin/bash
|
|
||||||
cmd: |
|
|
||||||
export NODE_ENV=production
|
|
||||||
cd /opt/authentik/src/website
|
cd /opt/authentik/src/website
|
||||||
npm ci --include=dev
|
npm i
|
||||||
npm run build-docs-only
|
npm run build-docs-only
|
||||||
cd /opt/authentik/src/web
|
cd /opt/authentik/src/web
|
||||||
npm ci --include=dev
|
npm i
|
||||||
npm run build
|
npm run build
|
||||||
|
|
||||||
- name: Build go proxy
|
|
||||||
ansible.builtin.shell:
|
|
||||||
executable: /bin/bash
|
|
||||||
cmd: |
|
|
||||||
cd /opt/authentik/src/
|
|
||||||
go mod download
|
|
||||||
CGO_ENABLED=0 go build -o /opt/authentik/server ./cmd/server
|
|
||||||
|
|
||||||
- name: Create virtualenv
|
- name: Create virtualenv
|
||||||
ansible.builtin.command: python3.12 -m venv /opt/authentik/src/venv
|
ansible.builtin.command: python3.12 -m venv /opt/authentik/src/venv
|
||||||
|
|
||||||
- name: Installl poetry and dependencies
|
- name: Installl poetry and dependencies
|
||||||
ansible.builtin.shell:
|
ansible.builtin.shell: |
|
||||||
executable: /bin/bash
|
cd /opt/authentik/src/
|
||||||
cmd: |
|
venv/bin/pip install poetry
|
||||||
cd /opt/authentik/src
|
|
||||||
source /opt/authentik/src/venv/bin/activate
|
|
||||||
export VENV_PATH=/opt/authentik/src/venv
|
|
||||||
export POETRY_VIRTUALENVS_CREATE=false
|
|
||||||
venv/bin/pip3 install --upgrade pip
|
|
||||||
venv/bin/pip3 install poetry
|
|
||||||
venv/bin/poetry venv use venv/python3.12
|
|
||||||
venv/bin/poetry install --only=main --no-ansi --no-interaction --no-root
|
venv/bin/poetry install --only=main --no-ansi --no-interaction --no-root
|
||||||
|
|
||||||
|
|
||||||
|
- name: Build go proxy
|
||||||
|
ansible.builtin.shell: |-
|
||||||
|
cd /opt/authentik/src/
|
||||||
|
sed -i "s/c.Setup(\".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/c.Setup(\"\/etc\/authentik\/config.yml\", \".\/authentik\/lib\/default.yml\", \".\/local.env.yml\")/" /opt/authentik/src/internal/config/config.go
|
||||||
|
go build -o /opt/authentik/src/authentik-server ./cmd/server/
|
||||||
|
|
|
@ -1,13 +1,9 @@
|
||||||
---
|
---
|
||||||
- name: Install roles dependencies
|
- name: Install roles dependencies
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
install_recommends: false
|
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
with_items:
|
with_items:
|
||||||
- git
|
- git
|
||||||
- build-essential
|
|
||||||
- pkg-config
|
|
||||||
- zlib1g-dev
|
|
||||||
- libpq-dev
|
- libpq-dev
|
||||||
- libxmlsec1-dev
|
- libxmlsec1-dev
|
||||||
|
|
||||||
|
|
|
@ -11,22 +11,3 @@
|
||||||
tags:
|
tags:
|
||||||
- build
|
- build
|
||||||
become_user: authentik
|
become_user: authentik
|
||||||
|
|
||||||
- name: Create useful directory
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: "{{ item }}"
|
|
||||||
state: directory
|
|
||||||
mode: "0755"
|
|
||||||
owner: authentik
|
|
||||||
with_items:
|
|
||||||
- /opt/authentik/certs
|
|
||||||
- /opt/authentik/media
|
|
||||||
- /etc/authentik
|
|
||||||
|
|
||||||
- name: Test
|
|
||||||
ansible.builtin.copy:
|
|
||||||
remote_src: true
|
|
||||||
src: /opt/authentik/src/blueprints
|
|
||||||
dest: /opt/authentik/blueprints
|
|
||||||
owner: authentik
|
|
||||||
become: true
|
|
||||||
|
|
0
ansible/roles/fail2ban/handlers/main.yml
Normal file → Executable file
0
ansible/roles/fail2ban/handlers/main.yml
Normal file → Executable file
0
ansible/roles/fail2ban/tasks/main.yml
Normal file → Executable file
0
ansible/roles/fail2ban/tasks/main.yml
Normal file → Executable file
2
ansible/roles/fail2ban/templates/sshd.conf.j2
Normal file → Executable file
2
ansible/roles/fail2ban/templates/sshd.conf.j2
Normal file → Executable file
|
@ -2,7 +2,7 @@
|
||||||
enabled = true
|
enabled = true
|
||||||
bantime = -1
|
bantime = -1
|
||||||
maxretry = 3
|
maxretry = 3
|
||||||
backend = systemd
|
|
||||||
{% if ansible_facts['os_family'] == "RedHat" %}
|
{% if ansible_facts['os_family'] == "RedHat" %}
|
||||||
|
backend = systemd
|
||||||
banaction = firewallcmd-ipset
|
banaction = firewallcmd-ipset
|
||||||
{% endif %}
|
{% endif %}
|
0
ansible/roles/journald/files/retention-time.conf
Normal file → Executable file
0
ansible/roles/journald/files/retention-time.conf
Normal file → Executable file
0
ansible/roles/journald/handlers/main.yml
Normal file → Executable file
0
ansible/roles/journald/handlers/main.yml
Normal file → Executable file
0
ansible/roles/journald/tasks/main.yml
Normal file → Executable file
0
ansible/roles/journald/tasks/main.yml
Normal file → Executable file
|
@ -1,11 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart isc-kea-dhcp4-server
|
|
||||||
become: true
|
|
||||||
ansible.builtin.service:
|
|
||||||
state: restarted
|
|
||||||
name: isc-kea-dhcp4-server
|
|
||||||
|
|
||||||
- name: Enable isc-kea-dhcp4-server
|
|
||||||
ansible.builtin.service:
|
|
||||||
enabled: true
|
|
||||||
name: isc-kea-dhcp4-server
|
|
|
@ -1,40 +0,0 @@
|
||||||
---
|
|
||||||
- name: Add kea dhcp pgp key
|
|
||||||
ansible.builtin.get_url:
|
|
||||||
url: https://dl.cloudsmith.io/public/isc/kea-2-4/gpg.0D9D9A1439E23DB9.key
|
|
||||||
dest: /usr/share/keyrings/kea-archive-keyring.asc
|
|
||||||
mode: "0644"
|
|
||||||
validate_certs: true
|
|
||||||
checksum: sha512:f58db6baa7f7147c3280275b6f7cc11e34836fb904604d587c1883e6b4a8e89377046809203e2f1a1a87a7f28556728a9ecdb740d62e753592d2dbab0d2e87c8
|
|
||||||
changed_when: false
|
|
||||||
no_log: false
|
|
||||||
|
|
||||||
- name: Add kea dhcp repository
|
|
||||||
ansible.builtin.apt_repository:
|
|
||||||
repo: "deb [signed-by=/usr/share/keyrings/kea-archive-keyring.asc]
|
|
||||||
https://dl.cloudsmith.io/public/isc/kea-2-4/deb/{{ ansible_distribution|lower }} {{ ansible_distribution_release }} main"
|
|
||||||
state: present
|
|
||||||
filename: isc-kea-dhcp
|
|
||||||
|
|
||||||
- name: Install isc-kea-dhcp
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: isc-kea-dhcp4-server
|
|
||||||
notify:
|
|
||||||
- Enable isc-kea-dhcp4-server
|
|
||||||
|
|
||||||
- name: Configure isc-kea-dhcp
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: kea-dhcp4.conf.j2
|
|
||||||
dest: /etc/kea/kea-dhcp4.conf
|
|
||||||
owner: _kea
|
|
||||||
mode: '0640'
|
|
||||||
notify:
|
|
||||||
- Restart isc-kea-dhcp4-server
|
|
||||||
|
|
||||||
- name: Open required ports
|
|
||||||
community.general.ufw:
|
|
||||||
rule: allow
|
|
||||||
port: "{{ item }}"
|
|
||||||
proto: udp
|
|
||||||
with_items:
|
|
||||||
- '67'
|
|
|
@ -1,79 +0,0 @@
|
||||||
{
|
|
||||||
"Dhcp4": {
|
|
||||||
"interfaces-config": {
|
|
||||||
"interfaces": [ "eth0" ],
|
|
||||||
},
|
|
||||||
|
|
||||||
"control-socket": {
|
|
||||||
"socket-type": "unix",
|
|
||||||
"socket-name": "/tmp/kea4-ctrl-socket"
|
|
||||||
},
|
|
||||||
|
|
||||||
"lease-database": {
|
|
||||||
// Memfile is the simplest and easiest backend to use. It's an in-memory
|
|
||||||
// C++ database that stores its state in CSV file.
|
|
||||||
"type": "memfile",
|
|
||||||
"lfc-interval": 3600
|
|
||||||
},
|
|
||||||
|
|
||||||
"expired-leases-processing": {
|
|
||||||
"reclaim-timer-wait-time": 10,
|
|
||||||
"flush-reclaimed-timer-wait-time": 25,
|
|
||||||
"hold-reclaimed-time": 3600,
|
|
||||||
"max-reclaim-leases": 100,
|
|
||||||
"max-reclaim-time": 250,
|
|
||||||
"unwarned-reclaim-cycles": 5
|
|
||||||
},
|
|
||||||
|
|
||||||
"renew-timer": 900,
|
|
||||||
"rebind-timer": 1800,
|
|
||||||
"valid-lifetime": 3600,
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "domain-name-servers",
|
|
||||||
"data": "{{ resolver_ip }}"
|
|
||||||
},
|
|
||||||
{
|
|
||||||
"code": 15,
|
|
||||||
"data": "{{ domain }}"
|
|
||||||
},
|
|
||||||
|
|
||||||
{
|
|
||||||
"name": "domain-search",
|
|
||||||
"data": "{{ domain_search|join(', ') }}"
|
|
||||||
},
|
|
||||||
],
|
|
||||||
|
|
||||||
"subnet4": [
|
|
||||||
{% for network in networks %}
|
|
||||||
{
|
|
||||||
"subnet": "{{ network.subnet }}",
|
|
||||||
|
|
||||||
"pools": [ { "pool": "{{ network.start }} - {{ network.end }}" } ],
|
|
||||||
|
|
||||||
"option-data": [
|
|
||||||
{
|
|
||||||
"name": "routers",
|
|
||||||
"data": "{{ network.routers }}"
|
|
||||||
}
|
|
||||||
],
|
|
||||||
}{% if not loop.last %},{% endif %}
|
|
||||||
{% endfor %}
|
|
||||||
],
|
|
||||||
|
|
||||||
"loggers": [
|
|
||||||
{
|
|
||||||
"name": "kea-dhcp4",
|
|
||||||
"output_options": [
|
|
||||||
{
|
|
||||||
"output": "stdout",
|
|
||||||
}
|
|
||||||
],
|
|
||||||
"severity": "INFO",
|
|
||||||
|
|
||||||
"debuglevel": 0
|
|
||||||
}
|
|
||||||
]
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,12 +0,0 @@
|
||||||
$ORIGIN lab.r4.pm.
|
|
||||||
$TTL 3600
|
|
||||||
@ IN SOA knot.lab.r4.pm. admin.r4.pm. (
|
|
||||||
2024041800 ; serial number
|
|
||||||
12h ; refresh
|
|
||||||
15m ; update retry
|
|
||||||
3w ; expiry
|
|
||||||
2h ; minimum
|
|
||||||
)
|
|
||||||
|
|
||||||
@ 86400 IN NS knot.lab.r4.pm.
|
|
||||||
knot.lab.r4.pm. 86400 IN A 10.20.0.44
|
|
|
@ -1,15 +0,0 @@
|
||||||
---
|
|
||||||
- name: Restart knot
|
|
||||||
ansible.builtin.service:
|
|
||||||
state: restarted
|
|
||||||
name: knot
|
|
||||||
|
|
||||||
- name: Reload knot
|
|
||||||
ansible.builtin.service:
|
|
||||||
state: reloaded
|
|
||||||
name: knot
|
|
||||||
|
|
||||||
- name: Enable knot
|
|
||||||
ansible.builtin.service:
|
|
||||||
enabled: true
|
|
||||||
name: knot
|
|
|
@ -1,57 +0,0 @@
|
||||||
---
|
|
||||||
- name: Add knot pgp key
|
|
||||||
ansible.builtin.get_url:
|
|
||||||
url: https://pkg.labs.nic.cz/gpg
|
|
||||||
dest: /usr/share/keyrings/cznic-labs-pkg.gpg
|
|
||||||
mode: "0644"
|
|
||||||
validate_certs: true
|
|
||||||
checksum: sha512:e78a1404feff1040c86f4a199495e4a2cf82684b8ff22ffc318a9bffa0ddf45136e484bc17e4440660c089e1c186af77008c76fb463434611b1f60709b57ee52
|
|
||||||
changed_when: false
|
|
||||||
no_log: false
|
|
||||||
|
|
||||||
- name: Add knot repository
|
|
||||||
ansible.builtin.apt_repository:
|
|
||||||
repo: "deb [signed-by=/usr/share/keyrings/cznic-labs-pkg.gpg] https://pkg.labs.nic.cz/knot-dns {{ ansible_distribution_release }} main"
|
|
||||||
state: present
|
|
||||||
filename: knot-dns
|
|
||||||
|
|
||||||
- name: Install knot
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: knot
|
|
||||||
notify:
|
|
||||||
- Enable knot
|
|
||||||
- Restart knot
|
|
||||||
|
|
||||||
- name: Configure knot
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: knot.conf.j2
|
|
||||||
dest: /etc/knot/knot.conf
|
|
||||||
owner: knot
|
|
||||||
mode: '0640'
|
|
||||||
notify: Restart knot
|
|
||||||
|
|
||||||
- name: Allow port 53 (DNS)
|
|
||||||
community.general.ufw:
|
|
||||||
rule: allow
|
|
||||||
port: "{{ item.port }}"
|
|
||||||
proto: "{{ item.proto }}"
|
|
||||||
with_items:
|
|
||||||
- { port: "53", proto: tcp }
|
|
||||||
- { port: "53", proto: udp }
|
|
||||||
|
|
||||||
- name: Create knot zones directory
|
|
||||||
ansible.builtin.file:
|
|
||||||
path: /var/lib/knot/zones/
|
|
||||||
state: directory
|
|
||||||
mode: '0750'
|
|
||||||
owner: knot
|
|
||||||
|
|
||||||
- name: Copy zone
|
|
||||||
ansible.builtin.copy:
|
|
||||||
src: "{{ item }}"
|
|
||||||
dest: /var/lib/knot/zones/
|
|
||||||
owner: knot
|
|
||||||
mode: '0640'
|
|
||||||
with_fileglob:
|
|
||||||
- zones/*
|
|
||||||
notify: Reload knot
|
|
|
@ -1,32 +0,0 @@
|
||||||
server:
|
|
||||||
rundir: "/run/knot"
|
|
||||||
user: knot:knot
|
|
||||||
automatic-acl: on
|
|
||||||
listen: [ {{ listen_ip }}@53 ]
|
|
||||||
|
|
||||||
log:
|
|
||||||
- target: syslog
|
|
||||||
any: info
|
|
||||||
|
|
||||||
database:
|
|
||||||
storage: "/var/lib/knot"
|
|
||||||
|
|
||||||
acl:
|
|
||||||
{% for acl in acls %}
|
|
||||||
- id: {{ acl.id }}
|
|
||||||
address: {{ acl.address }}
|
|
||||||
action: {{ acl.action }}
|
|
||||||
{% endfor %}
|
|
||||||
|
|
||||||
template:
|
|
||||||
- id: default
|
|
||||||
storage: "/var/lib/knot/zones"
|
|
||||||
file: "%s.zone"
|
|
||||||
dnssec-signing: on
|
|
||||||
serial-policy: dateserial
|
|
||||||
|
|
||||||
zone:
|
|
||||||
{% for zone in zones %}
|
|
||||||
- domain: {{ zone.domain }}
|
|
||||||
acl: {{ zone.acl }}
|
|
||||||
{% endfor %}
|
|
|
@ -19,12 +19,3 @@
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
notify:
|
notify:
|
||||||
- Restart knot resolver
|
- Restart knot resolver
|
||||||
|
|
||||||
- name: Allow port 53 (DNS)
|
|
||||||
community.general.ufw:
|
|
||||||
rule: allow
|
|
||||||
port: "{{ item.port }}"
|
|
||||||
proto: "{{ item.proto }}"
|
|
||||||
with_items:
|
|
||||||
- { port: "53", proto: tcp }
|
|
||||||
- { port: "53", proto: udp }
|
|
||||||
|
|
|
@ -22,9 +22,5 @@ view:addr('{{ prefix }}', policy.all(policy.PASS))
|
||||||
view:addr('0.0.0.0/0', policy.all(policy.DROP))
|
view:addr('0.0.0.0/0', policy.all(policy.DROP))
|
||||||
view:addr('::/0', policy.all(policy.DROP))
|
view:addr('::/0', policy.all(policy.DROP))
|
||||||
|
|
||||||
{% for zones in forward %}
|
|
||||||
policy.add(policy.suffix(policy.FORWARD('{{ zones.address }}'), {todname('{{ zones.zone }}')}))
|
|
||||||
trust_anchors.add('{{ zones.ds }}')
|
|
||||||
{% endfor %}
|
|
||||||
log_target('stdout')
|
log_target('stdout')
|
||||||
log_level('info')
|
log_level('debug')
|
0
ansible/roles/timesyncd/tasks/main.yml
Normal file → Executable file
0
ansible/roles/timesyncd/tasks/main.yml
Normal file → Executable file
|
@ -1,14 +0,0 @@
|
||||||
---
|
|
||||||
- name: Install UFW
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name: ufw
|
|
||||||
|
|
||||||
- name: Allow 22/tcp (SSH)
|
|
||||||
community.general.ufw:
|
|
||||||
rule: allow
|
|
||||||
port: "22"
|
|
||||||
proto: tcp
|
|
||||||
|
|
||||||
- name: Enable UFW
|
|
||||||
community.general.ufw:
|
|
||||||
state: enabled
|
|
|
@ -1,16 +0,0 @@
|
||||||
---
|
|
||||||
- name: Upgreade
|
|
||||||
hosts: all
|
|
||||||
become: true
|
|
||||||
tasks:
|
|
||||||
- name: Ugrade debian based
|
|
||||||
ansible.builtin.apt:
|
|
||||||
update_cache: true
|
|
||||||
upgrade: true
|
|
||||||
when: ansible_facts['os_family'] == "Debian"
|
|
||||||
|
|
||||||
- name: Upgrade all packages
|
|
||||||
ansible.builtin.dnf:
|
|
||||||
name: "*"
|
|
||||||
state: latest
|
|
||||||
when: ansible_facts['os_family'] == "RedHat"
|
|
Loading…
Reference in a new issue