moved tasks to other role
This commit is contained in:
@@ -1,15 +1,79 @@
|
||||
---
|
||||
name: Update & Ubuntu & Debian
|
||||
- name: Update & Ubuntu & Debian
|
||||
apt:
|
||||
name: "*"
|
||||
state: latest
|
||||
update_cache: true
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
name: Install basic software
|
||||
- name: Install basic software
|
||||
apt:
|
||||
name: "{{ sk_ubuntu_software }}"
|
||||
state: latest
|
||||
update_cache: true
|
||||
update_cache: true
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Set timezone to Warsaw
|
||||
timezone:
|
||||
name: Europe/Warsaw
|
||||
|
||||
- name: Hostname Configuration
|
||||
hostname:
|
||||
name: "{{ sk_host }}.{{ sk_domain }}"
|
||||
use: systemd
|
||||
|
||||
# UFW configuration
|
||||
- name: Disable UFW
|
||||
community.general.ufw:
|
||||
state: disabled
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Reset UFW to default
|
||||
community.general.ufw:
|
||||
state: reset
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Set default policy for incoming traffic to 'deny'
|
||||
community.general.ufw:
|
||||
direction: incoming
|
||||
policy: deny
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Set default policy for outgoing traffic to 'allow'
|
||||
community.general.ufw:
|
||||
direction: outgoing
|
||||
policy: allow
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Allow access from {{ sk_wan_network }} to any port "{{sk_ssh_port}}"
|
||||
community.general.ufw:
|
||||
rule: allow
|
||||
src: {{ sk_wan_network }}
|
||||
to_port: "{{sk_ssh_port}}"
|
||||
comment: 'SSH'
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Limit log from "{{ sk_lan_network }}" to tcp port "{{sk_ssh_port}}"
|
||||
community.general.ufw:
|
||||
rule: limit
|
||||
log: yes
|
||||
src: "{{ sk_lan_network }}"
|
||||
to_port: "{{sk_ssh_port}}"
|
||||
proto: tcp
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Reload UFW
|
||||
community.general.ufw:
|
||||
state: reloaded
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Enable UFW
|
||||
community.general.ufw:
|
||||
state: enabled
|
||||
when: ansible_os_family == "Debian"
|
||||
|
||||
- name: Enable chronyd
|
||||
service:
|
||||
name: chronyd
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
Reference in New Issue
Block a user