171cbfbb32
Progress on Issue #2: Ansible Base Configuration Completed: - ✅ Ansible installed via pipx (isolated Python environment) - ✅ Hetzner Cloud dynamic inventory configured - ✅ Ansible configuration (ansible.cfg) - ✅ Common role for base system hardening: - SSH hardening (key-only, no root password) - UFW firewall configuration - Fail2ban for SSH protection - Automatic security updates - Timezone and system packages - ✅ Comprehensive Ansible README with setup guide Architecture Updates: - Added Decision #15: pipx for isolated Python environments - Updated ADR changelog with pipx adoption Still TODO for #2: - Docker role - Traefik role - Setup playbook - Deploy playbook - Testing against live server Files added: - ansible/README.md - Complete Ansible guide - ansible/ansible.cfg - Ansible configuration - ansible/hcloud.yml - Hetzner dynamic inventory - ansible/roles/common/* - Base hardening role Partial progress on #2 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
30 lines
639 B
YAML
30 lines
639 B
YAML
---
|
|
# Main tasks for common role - base system setup and hardening
|
|
|
|
- name: Update apt cache
|
|
apt:
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
|
|
- name: Install common packages
|
|
apt:
|
|
name: "{{ common_packages }}"
|
|
state: present
|
|
|
|
- name: Set timezone
|
|
community.general.timezone:
|
|
name: "{{ common_timezone }}"
|
|
|
|
- name: Configure SSH hardening
|
|
include_tasks: ssh.yml
|
|
|
|
- name: Configure UFW firewall
|
|
include_tasks: firewall.yml
|
|
|
|
- name: Configure automatic updates
|
|
include_tasks: updates.yml
|
|
when: common_unattended_upgrades
|
|
|
|
- name: Configure fail2ban
|
|
include_tasks: fail2ban.yml
|
|
when: common_fail2ban_enabled
|