gitadmin/INSIGHT-MVP
1
0
Fork 0
mirror of http://172.20.10.11:3000/gitadmin/INSIGHT-MVP.git synced 2026-06-25 00:16:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
INSIGHT-MVP/repos/INSIGHT-Infra/ansible/roles/common/tasks/main.yml
Thomas Reitz d212a7623f fix(infra): Deutsche Locale in common-Role installieren 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-15 15:40:52 +01:00

82 lines
1.6 KiB
YAML
Raw Blame History

---
# Role: common
# Basis-Hardening für alle INSIGHT-Server
- name: "System-Pakete aktualisieren"
apt:
update_cache: true
upgrade: dist
cache_valid_time: 3600
- name: "Basis-Pakete installieren"
apt:
name:
- curl
- wget
- git
- htop
- vim
- unzip
- ca-certificates
- gnupg
- lsb-release
- ufw
- fail2ban
- chrony
- python3-pip
- locales
state: present
- name: "Deutsche Locale generieren"
locale_gen:
name: de_DE.UTF-8
state: present
- name: "Unattended-Upgrades installieren"
apt:
name: unattended-upgrades
state: present
- name: "Unattended-Upgrades aktivieren"
copy:
dest: /etc/apt/apt.conf.d/20auto-upgrades
content: |
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
- name: "Zeitzone setzen"
timezone:
name: "{{ timezone }}"
- name: "Chrony (NTP) konfigurieren"
template:
src: chrony.conf.j2
dest: /etc/chrony/chrony.conf
notify: restart chrony
- name: "SSH Hardening — sshd_config"
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
validate: 'sshd -t -f %s'
notify: restart sshd
- name: "UFW — Standard: alles ablehnen"
ufw:
state: enabled
policy: deny
direction: incoming
- name: "UFW — SSH erlauben"
ufw:
rule: allow
port: "{{ ssh_port }}"
proto: tcp
- name: "Fail2ban aktivieren"
service:
name: fail2ban
state: started
enabled: true
Reference in a new issue View git blame Copy permalink