From 9c5266deab9e7f24425066d9db455e649e509d9c Mon Sep 17 00:00:00 2001
From: Anton Vakhrushev <anwinged@ya.ru>
Date: Sat, 21 Dec 2024 13:31:34 +0300
Subject: [PATCH] Add system playbook and update security

---
 .ansible-lint.yml          |  3 +++
 playbook-configuration.yml | 35 ++---------------------------------
 playbook-system.yml        | 36 ++++++++++++++++++++++++++++++++++++
 requirements.yml           |  4 ++--
 4 files changed, 43 insertions(+), 35 deletions(-)
 create mode 100644 .ansible-lint.yml
 create mode 100644 playbook-system.yml

diff --git a/.ansible-lint.yml b/.ansible-lint.yml
new file mode 100644
index 0000000..a4930f3
--- /dev/null
+++ b/.ansible-lint.yml
@@ -0,0 +1,3 @@
+---
+exclude_paths:
+- 'galaxy.roles/'
diff --git a/playbook-configuration.yml b/playbook-configuration.yml
index 892e1db..10c1091 100644
--- a/playbook-configuration.yml
+++ b/playbook-configuration.yml
@@ -1,43 +1,12 @@
 ---
 - hosts: all
-  vars:
-    base_port: 41080
-    notes_port: "{{ base_port + 1 }}"
-    dayoff_port: "{{ base_port + 2 }}"
-    homepage_port: "{{ base_port + 3 }}"
-    netdata_port: "{{ base_port + 4 }}"
-    wiki_port: "{{ base_port + 5 }}"
-    nomie_port: "{{ base_port + 6 }}"
-    nomie_db_port: "{{ base_port + 7 }}"
-    gitea_port: "{{ base_port + 8 }}"
-    keycloak_port: "{{ base_port + 9 }}"
-    outline_port: "{{ base_port + 10 }}"
+
   vars_files:
+    - vars/ports.yml
     - vars/vars.yml
 
   tasks:
 
-    - name: 'Install additional packages.'
-      apt:
-        name: '{{ packages }}'
-        update_cache: yes
-      vars:
-        packages:
-          - git
-          - python3-pip
-          - acl
-
-    - import_role:
-        name: yatesr.timezone
-      vars:
-        timezone: UTC
-
-    - import_role:
-        name: geerlingguy.security
-      vars:
-        security_ssh_permit_root_login: "yes"
-        security_autoupdate_enabled: "no"
-        security_fail2ban_enabled: "yes"
 
     - name: 'Install python docker lib.'
       pip:
diff --git a/playbook-system.yml b/playbook-system.yml
new file mode 100644
index 0000000..8178b58
--- /dev/null
+++ b/playbook-system.yml
@@ -0,0 +1,36 @@
+---
+- name: 'Configure base system parameters'
+  hosts: all
+
+  vars_files:
+    - vars/ports.yml
+    - vars/vars.yml
+
+  vars:
+    apt_packages:
+      - acl
+      - git
+      - python3-pip
+
+  tasks:
+
+    - name: 'Install additional apt packages'
+      ansible.builtin.apt:
+        name: '{{ apt_packages }}'
+        update_cache: true
+
+    - name: 'Configure timezone'
+      ansible.builtin.import_role:
+        name: yatesr.timezone
+      vars:
+        timezone: UTC
+      tags:
+        - skip_ansible_lint
+
+    - name: 'Configure security settings'
+      ansible.builtin.import_role:
+        name: geerlingguy.security
+      vars:
+        security_ssh_permit_root_login: "yes"
+        security_autoupdate_enabled: "no"
+        security_fail2ban_enabled: "yes"
diff --git a/requirements.yml b/requirements.yml
index c5f5311..a5b0fb6 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -1,9 +1,9 @@
 ---
 - src: yatesr.timezone
-  version: 1.2.0
+  version: 1.2.2
 
 - src: geerlingguy.security
-  version: 2.2.0
+  version: 2.4.0
 
 - src: geerlingguy.docker
   version: 6.1.0