infra/playbooks/roles/common/tasks/main.yml

---

- name: Apt upgrade, update
  ansible.builtin.apt:
    update_cache: true
    upgrade: "dist"

- name: Set a hostname specifying strategy
  ansible.builtin.hostname:
    name: "{{ inventory_hostname }}"
    use: systemd

- name: Install dependencies
  ansible.builtin.apt:
    name:
      - apt-transport-https
      - ca-certificates
      - curl
      - gnupg-agent
      - software-properties-common
      - systemd-timesyncd
      - systemd-resolved
      - vim
      - git
    state: latest
    update_cache: true
  notify:
    - Enable systemd-timesyncd

## SSH
- name: Copy sshd_config
  ansible.builtin.copy:
    src: files/sshd_config
    dest: /etc/ssh/sshd_config
    owner: root
    group: root
    mode: u=rw,g=r,o=r
  notify:
    - Restart sshd

## FAIL2BAN
- name: Install Fail2Ban
  ansible.builtin.apt:
    name: fail2ban
    state: present
  notify:
    - Enable fail2ban

## FIREWALL
- name: Install ufw
  ansible.builtin.apt:
    name: ufw
    state: present

- name: Allow ssh from rfc1918 networks
  loop: "{{ rfc1918_networks }}"
  community.general.ufw:
    rule: allow
    name: "OpenSSH"
    from: "{{ item }}"
    state: "enabled"
  notify:
    - Reload ufw

## DNS
- name: Configure systemd-resolved
  ansible.builtin.include_tasks:
    file: "systemd-resolved.yml"

## RSYNC
- name: Install rsync
  ansible.builtin.apt:
    name: rsync
    state: present
initial commit 2024-03-17 18:21:46 -04:00			`---`

			`- name: Apt upgrade, update`
			`ansible.builtin.apt:`
			`update_cache: true`
			`upgrade: "dist"`

			`- name: Set a hostname specifying strategy`
			`ansible.builtin.hostname:`
			`name: "{{ inventory_hostname }}"`
			`use: systemd`

			`- name: Install dependencies`
			`ansible.builtin.apt:`
			`name:`
			`- apt-transport-https`
			`- ca-certificates`
			`- curl`
			`- gnupg-agent`
			`- software-properties-common`
			`- systemd-timesyncd`
			`- systemd-resolved`
			`- vim`
			`- git`
			`state: latest`
			`update_cache: true`
			`notify:`
			`- Enable systemd-timesyncd`

			`## SSH`
			`- name: Copy sshd_config`
			`ansible.builtin.copy:`
			`src: files/sshd_config`
			`dest: /etc/ssh/sshd_config`
			`owner: root`
			`group: root`
			`mode: u=rw,g=r,o=r`
			`notify:`
			`- Restart sshd`

			`## FAIL2BAN`
			`- name: Install Fail2Ban`
			`ansible.builtin.apt:`
			`name: fail2ban`
			`state: present`
			`notify:`
			`- Enable fail2ban`

			`## FIREWALL`
			`- name: Install ufw`
			`ansible.builtin.apt:`
			`name: ufw`
			`state: present`

			`- name: Allow ssh from rfc1918 networks`
			`loop: "{{ rfc1918_networks }}"`
			`community.general.ufw:`
			`rule: allow`
			`name: "OpenSSH"`
			`from: "{{ item }}"`
ufw fixes 2024-03-17 18:55:51 -04:00			`state: "enabled"`
initial commit 2024-03-17 18:21:46 -04:00			`notify:`
ufw fixes 2024-03-17 18:55:51 -04:00			`- Reload ufw`
initial commit 2024-03-17 18:21:46 -04:00
			`## DNS`
			`- name: Configure systemd-resolved`
			`ansible.builtin.include_tasks:`
			`file: "systemd-resolved.yml"`

			`## RSYNC`
			`- name: Install rsync`
			`ansible.builtin.apt:`
			`name: rsync`
			`state: present`