Post-X-Society/Post-Tyranny-Tech-Infrastructure
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Post-Tyranny-Tech-Infrastru.../ansible/roles/common/tasks/main.yml

31 lines
639 B
YAML
Raw Normal View History

WIP: Ansible base configuration - common role (#2) Progress on Issue #2: Ansible Base Configuration Completed: - ✅ Ansible installed via pipx (isolated Python environment) - ✅ Hetzner Cloud dynamic inventory configured - ✅ Ansible configuration (ansible.cfg) - ✅ Common role for base system hardening: - SSH hardening (key-only, no root password) - UFW firewall configuration - Fail2ban for SSH protection - Automatic security updates - Timezone and system packages - ✅ Comprehensive Ansible README with setup guide Architecture Updates: - Added Decision #15: pipx for isolated Python environments - Updated ADR changelog with pipx adoption Still TODO for #2: - Docker role - Traefik role - Setup playbook - Deploy playbook - Testing against live server Files added: - ansible/README.md - Complete Ansible guide - ansible/ansible.cfg - Ansible configuration - ansible/hcloud.yml - Hetzner dynamic inventory - ansible/roles/common/* - Base hardening role Partial progress on #2 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-27 14:00:22 +01:00
---
# Main tasks for common role - base system setup and hardening
- name: Update apt cache
apt:
update_cache: yes
cache_valid_time: 3600
- name: Install common packages
apt:
name: "{{ common_packages }}"
state: present
- name: Set timezone
community.general.timezone:
name: "{{ common_timezone }}"
- name: Configure SSH hardening
include_tasks: ssh.yml
- name: Configure UFW firewall
include_tasks: firewall.yml
- name: Configure automatic updates
include_tasks: updates.yml
when: common_unattended_upgrades
- name: Configure fail2ban
include_tasks: fail2ban.yml
when: common_fail2ban_enabled
Reference in a new issue Copy permalink