64 lines
1.3 KiB
YAML
64 lines
1.3 KiB
YAML
# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
---
|
|
- name: Install and enable firewall
|
|
hosts: all
|
|
remote_user: atm
|
|
pre_tasks:
|
|
- name: Ensure all VMs are reachable
|
|
ansible.builtin.ping:
|
|
|
|
tasks:
|
|
- name: Update all packages
|
|
become: true
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
upgrade: safe
|
|
|
|
- name: Install git, zip, nginx, wget, curl & other utils
|
|
become: true
|
|
ansible.builtin.apt:
|
|
update_cache: true
|
|
pkg:
|
|
- git
|
|
- wget
|
|
- curl
|
|
- gpg
|
|
- ca-certificates
|
|
- ntp
|
|
- zip
|
|
- python3-pip
|
|
- virtualenv
|
|
- ufw
|
|
- python3-setuptools
|
|
|
|
|
|
- name: Set logging
|
|
become: true
|
|
community.general.ufw:
|
|
logging: "on"
|
|
|
|
- name: Allow port 22 and enable UFW
|
|
become: true
|
|
community.general.ufw:
|
|
state: enabled
|
|
rule: allow
|
|
proto: tcp
|
|
port: "22"
|
|
|
|
|
|
- name: Enable and start ufw service
|
|
become: true
|
|
ansible.builtin.service:
|
|
name: ufw
|
|
enabled: true
|
|
state: started
|
|
|
|
- name: Enable and start ufw service
|
|
become: true
|
|
ansible.builtin.service:
|
|
name: ntp
|
|
enabled: true
|
|
state: started
|