chore: updated workflow for docker role
All checks were successful
Deploy / Prepare Build (push) Successful in 43s
All checks were successful
Deploy / Prepare Build (push) Successful in 43s
This commit is contained in:
89
main.yml
89
main.yml
@ -1,28 +1,56 @@
|
||||
---
|
||||
- hosts: base
|
||||
name: Configure all servers
|
||||
become: yes
|
||||
gather_facts: yes
|
||||
- name: Prepare all servers
|
||||
hosts: servers
|
||||
become: true
|
||||
vars_files:
|
||||
- group_vars/all_secrets.yml
|
||||
|
||||
pre_tasks:
|
||||
- name: Create directories
|
||||
file:
|
||||
path: "/data"
|
||||
state: directory
|
||||
|
||||
- name: Setup base system
|
||||
import_tasks: tasks/base.yml
|
||||
tags: base_setup
|
||||
roles:
|
||||
- role: base
|
||||
tags: base_install
|
||||
- role: geerlingguy.docker
|
||||
docker_users:
|
||||
- administrator
|
||||
- role: grzegorzfranus.fail2ban
|
||||
vars:
|
||||
fail2ban_ignoreip:
|
||||
- 127.0.0.1/8 # loopback
|
||||
- 10.0.0.0/8 # Private
|
||||
- 172.16.0.0/12 # Private
|
||||
- 192.168.0.0/16 # Private
|
||||
- 169.254.0.0/16 # link-local / APIPA
|
||||
- 100.64.0.0/10 # CGNAT
|
||||
- 203.0.113.0/24 # TEST-NETs
|
||||
- 192.0.2.0/24 # TEST-NETs
|
||||
- 198.51.100.0/24 # TEST-NETs
|
||||
- ::1 # ULA - fc00::/7 # Private
|
||||
- fe80::/10 # Private
|
||||
fail2ban_bantime: "1h"
|
||||
fail2ban_findtime: "30m"
|
||||
fail2ban_maxretry: 3
|
||||
fail2ban_custom_jail_files:
|
||||
- name: sshd-strict # This will create /etc/fail2ban/jail.d/sshd-strict.conf
|
||||
content: |
|
||||
[sshd-strict]
|
||||
enabled = true
|
||||
filter = sshd
|
||||
port = ssh
|
||||
logpath = journal
|
||||
backend = systemd
|
||||
maxretry = 3
|
||||
bantime = 3600
|
||||
findtime = 300
|
||||
|
||||
- hosts: cloud
|
||||
become: yes
|
||||
roles:
|
||||
- role: oefenweb.fail2ban
|
||||
vars:
|
||||
fail2ban_services:
|
||||
- name: sshd
|
||||
port: 22
|
||||
maxretry: 3
|
||||
bantime: -1
|
||||
tags: fail2ban
|
||||
|
||||
- role: docker
|
||||
tags: docker_install
|
||||
|
||||
- name: traefik
|
||||
vars:
|
||||
traefik_host: traefik01.comprofix.com
|
||||
@ -53,17 +81,6 @@
|
||||
tags: iscsi_connect
|
||||
|
||||
roles:
|
||||
- role: oefenweb.fail2ban
|
||||
vars:
|
||||
fail2ban_services:
|
||||
- name: sshd
|
||||
port: 22
|
||||
maxretry: 3
|
||||
bantime: -1
|
||||
tags: fail2ban
|
||||
|
||||
- role: docker
|
||||
tags: docker_install
|
||||
- role: nfs
|
||||
mounts:
|
||||
- name: Data share
|
||||
@ -157,21 +174,7 @@
|
||||
|
||||
- hosts: omada
|
||||
become: yes
|
||||
pre_tasks:
|
||||
- name: Run base role to update packages
|
||||
import_role:
|
||||
name: base
|
||||
tags: base_install
|
||||
|
||||
- name: Create directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: directory
|
||||
with_items:
|
||||
- "/data"
|
||||
roles:
|
||||
- role: docker
|
||||
tags: docker_install
|
||||
- role: nfs
|
||||
mounts:
|
||||
- name: Data share
|
||||
|
||||
Reference in New Issue
Block a user