This commit is contained in:
Pim Kunis 2023-04-17 19:01:42 +02:00
parent 72d07aac36
commit 69cf0a1d4b
24 changed files with 15 additions and 178 deletions

View file

@ -6,7 +6,19 @@
- name: Start services
hosts: max
pre_tasks:
- name: Create base service directory
file:
path: "{{ base_service_dir }}"
state: directory
- name: Delete externally managed environment file
shell:
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
register: rm
changed_when: "rm.rc == 0"
failed_when: "false"
roles:
- {role: 'setup-apt', tags: 'setup-apt'}
- {role: 'watchtower', tags: 'watchtower'}
- {role: 'forgejo', tags: 'forgejo'}
- {role: 'syncthing', tags: 'syncthing'}

View file

@ -1,3 +1,3 @@
- name: cloudinit-wait
src: https://git.pim.kunis.nl/pim/ansible-role-cloudinit-wait
- name: setup-apt
src: https://github.com/sunscrapers/ansible-role-apt.git
scm: git

View file

@ -1,17 +0,0 @@
- name: APT upgrade
apt:
autoremove: true
upgrade: yes
state: latest
update_cache: yes
cache_valid_time: 86400 # One day
- name: Create base service directory
file:
path: "{{ base_service_dir }}"
state: directory
- name: Delete externally managed environment file
shell:
cmd: "rm /usr/lib/python*/EXTERNALLY-MANAGED"
register: rm
changed_when: "rm.rc == 0"
failed_when: "false"

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,16 +0,0 @@
- name: Install firewalld
apt:
pkg:
- firewalld
state: latest
update_cache: true
- name: Allow SSH
firewalld:
service: ssh
permanent: yes
state: enabled
- name: Start firewalld
systemd:
enabled: true
name: sshd
state: started

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,3 +1,2 @@
dependencies:
- role: common
- role: docker

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,54 +0,0 @@
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Include /etc/ssh/ssh_config.d/*.conf
Host *
# ForwardAgent no
# ForwardX11 no
# ForwardX11Trusted yes
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# GSSAPIKeyExchange no
# GSSAPITrustDNS no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
# StrictHostKeyChecking ask
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
# UserKnownHostsFile ~/.ssh/known_hosts.d/%k
SendEnv LANG LC_*
# set HashKnownHosts to no to make known_hosts human readable and reviewable.
# HashKnownHosts yes
# GSSAPIAuthentication yes

View file

@ -1,41 +0,0 @@
Include /etc/ssh/sshd_config.d/*.conf
HostKey /etc/ssh/ssh_host_ed25519_key
# Ciphers and keying
HostKeyAlgorithms ssh-ed25519
CASignatureAlgorithms ssh-ed25519
HostbasedAcceptedKeyTypes ssh-ed25519
HostKeyAlgorithms ssh-ed25519
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication no
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
KbdInteractiveAuthentication no
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the KbdInteractiveAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via KbdInteractiveAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and KbdInteractiveAuthentication to 'no'.
UsePAM yes
X11Forwarding yes
PrintMotd no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
# override default of no subsystems
Subsystem sftp /usr/lib/openssh/sftp-server

View file

@ -1,2 +0,0 @@
dependencies:
- role: common

View file

@ -1,16 +0,0 @@
- name: Copy sshd config
copy:
src: "{{ role_path }}/files/sshd_config"
dest: /etc/ssh/sshd_config
register: sshd_config
- name: Copy ssh config
copy:
src: "{{ role_path }}/files/ssh_config"
dest: /etc/ssh/ssh_config
register: ssh_config
- name: Restart SSH service
systemd:
enabled: true
name: sshd
state: reloaded
when: sshd_config.changed

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker
- role: traefik

View file

@ -1,3 +1,2 @@
dependencies:
- role: common
- role: docker

View file

@ -1,3 +1,2 @@
dependencies:
- role: common
- role: docker

View file

@ -1,4 +1,2 @@
dependencies:
- role: common
- role: docker