55fd2be9e5
Common role improvements: - Add systemd-resolved DNS configuration (Google + Cloudflare) - Ensures reliable DNS resolution for private network servers - Flush handlers immediately to apply DNS before other tasks Docker role improvements: - Enhanced Docker daemon configuration - Better support for private network deployments Scripts: - Update add-client-to-terraform.sh for new architecture These changes ensure private network clients can resolve DNS and access internet via NAT gateway. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
52 lines
1.1 KiB
YAML
52 lines
1.1 KiB
YAML
---
|
|
# Main tasks for common role - base system setup and hardening
|
|
|
|
- name: Ensure systemd-resolved config directory exists
|
|
file:
|
|
path: /etc/systemd/resolved.conf.d
|
|
state: directory
|
|
mode: '0755'
|
|
tags: [dns]
|
|
|
|
- name: Configure DNS (systemd-resolved)
|
|
copy:
|
|
dest: /etc/systemd/resolved.conf.d/dns_servers.conf
|
|
content: |
|
|
[Resolve]
|
|
DNS=8.8.8.8 8.8.4.4
|
|
FallbackDNS=1.1.1.1 1.0.0.1
|
|
mode: '0644'
|
|
notify: Restart systemd-resolved
|
|
tags: [dns]
|
|
|
|
- name: Flush handlers (apply DNS config immediately)
|
|
meta: flush_handlers
|
|
tags: [dns]
|
|
|
|
- name: Update apt cache
|
|
apt:
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
|
|
- name: Install common packages
|
|
apt:
|
|
name: "{{ common_packages }}"
|
|
state: present
|
|
|
|
- name: Set timezone
|
|
community.general.timezone:
|
|
name: "{{ common_timezone }}"
|
|
|
|
- name: Configure SSH hardening
|
|
include_tasks: ssh.yml
|
|
|
|
- name: Configure UFW firewall
|
|
include_tasks: firewall.yml
|
|
|
|
- name: Configure automatic updates
|
|
include_tasks: updates.yml
|
|
when: common_unattended_upgrades
|
|
|
|
- name: Configure fail2ban
|
|
include_tasks: fail2ban.yml
|
|
when: common_fail2ban_enabled
|