Add system playbook and update security

2024-12-21 13:31:34 +03:00 · 2024-12-21 13:31:34 +03:00 · 9c5266deab
commit 9c5266deab
parent f843ef9f47
4 changed files with 43 additions and 35 deletions
--- a/.ansible-lint.yml
+++ b/.ansible-lint.yml
@ -0,0 +1,3 @@
+---
+exclude_paths:
+- 'galaxy.roles/'
--- a/playbook-configuration.yml
+++ b/playbook-configuration.yml
@ -1,43 +1,12 @@
 ---
 - hosts: all
-  vars:
-    base_port: 41080
-    notes_port: "{{ base_port + 1 }}"
-    dayoff_port: "{{ base_port + 2 }}"
-    homepage_port: "{{ base_port + 3 }}"
-    netdata_port: "{{ base_port + 4 }}"
-    wiki_port: "{{ base_port + 5 }}"
-    nomie_port: "{{ base_port + 6 }}"
-    nomie_db_port: "{{ base_port + 7 }}"
-    gitea_port: "{{ base_port + 8 }}"
-    keycloak_port: "{{ base_port + 9 }}"
-    outline_port: "{{ base_port + 10 }}"
+
  vars_files:
+    - vars/ports.yml
    - vars/vars.yml

  tasks:

-    - name: 'Install additional packages.'
-      apt:
-        name: '{{ packages }}'
-        update_cache: yes
-      vars:
-        packages:
-          - git
-          - python3-pip
-          - acl
-
-    - import_role:
-        name: yatesr.timezone
-      vars:
-        timezone: UTC
-
-    - import_role:
-        name: geerlingguy.security
-      vars:
-        security_ssh_permit_root_login: "yes"
-        security_autoupdate_enabled: "no"
-        security_fail2ban_enabled: "yes"

    - name: 'Install python docker lib.'
      pip:
--- a/playbook-system.yml
+++ b/playbook-system.yml
@ -0,0 +1,36 @@
+---
+- name: 'Configure base system parameters'
+  hosts: all
+
+  vars_files:
+    - vars/ports.yml
+    - vars/vars.yml
+
+  vars:
+    apt_packages:
+      - acl
+      - git
+      - python3-pip
+
+  tasks:
+
+    - name: 'Install additional apt packages'
+      ansible.builtin.apt:
+        name: '{{ apt_packages }}'
+        update_cache: true
+
+    - name: 'Configure timezone'
+      ansible.builtin.import_role:
+        name: yatesr.timezone
+      vars:
+        timezone: UTC
+      tags:
+        - skip_ansible_lint
+
+    - name: 'Configure security settings'
+      ansible.builtin.import_role:
+        name: geerlingguy.security
+      vars:
+        security_ssh_permit_root_login: "yes"
+        security_autoupdate_enabled: "no"
+        security_fail2ban_enabled: "yes"
--- a/requirements.yml
+++ b/requirements.yml
@ -1,9 +1,9 @@
 ---
 - src: yatesr.timezone
-  version: 1.2.0
+  version: 1.2.2

 - src: geerlingguy.security
-  version: 2.2.0
+  version: 2.4.0

 - src: geerlingguy.docker
  version: 6.1.0