-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
61 lines (54 loc) · 1.29 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
---
- hosts: all
become: true
roles:
- role: base
tags: base
- role: nickjj.docker
tags: docker
docker__users: [
"{{ ansible_ssh_user }}"
]
ignore_errors: true
- role: weareinteractive.ufw
tags: ufw
ufw_enabled: true
ufw_packages: ["ufw"]
ufw_rules:
- logging: "full"
- rule: allow
to_port: "443"
- rule: allow
to_port: "80"
- rule: allow
to_port: "{{ ssh_port }}"
# Wireguard
- rule: allow
to_port: "51820"
proto: udp
# Delete default rule
- rule: allow
name: Anywhere
delete: true
ufw_manage_config: true
ufw_config:
IPV6: "yes"
DEFAULT_INPUT_POLICY: DROP
DEFAULT_OUTPUT_POLICY: ACCEPT
DEFAULT_FORWARD_POLICY: DROP
DEFAULT_APPLICATION_POLICY: SKIP
MANAGE_BUILTINS: "no"
IPT_SYSCTL: /etc/ufw/sysctl.conf
IPT_MODULES: ""
- role: shell
tags: shell
- role: profile
tags: profile
- role: services
tags: services
- role: vitalk.secure-ssh
tags: ssh
ssh_user: "{{ ansible_ssh_user }}"
ssh_identity_key: "{{ ssh_identity_key_path }}"
- role: security
tags: security