Post-Tyranny-Tech-Infrastructure/ansible/roles/common/handlers/main.yml at 7e2ade2d98c34275d74b01febb8fecc7a6335cae - Post-X-Society/Post-Tyranny-Tech-Infrastructure - Post-X Society Forgejo: Beyond coding. We Forge.

Post-X-Society/Post-Tyranny-Tech-Infrastructure

Pieter 171cbfbb32 WIP: Ansible base configuration - common role (#2 )

Progress on Issue #2: Ansible Base Configuration

Completed:
- ✅ Ansible installed via pipx (isolated Python environment)
- ✅ Hetzner Cloud dynamic inventory configured
- ✅ Ansible configuration (ansible.cfg)
- ✅ Common role for base system hardening:
  - SSH hardening (key-only, no root password)
  - UFW firewall configuration
  - Fail2ban for SSH protection
  - Automatic security updates
  - Timezone and system packages
- ✅ Comprehensive Ansible README with setup guide

Architecture Updates:
- Added Decision #15: pipx for isolated Python environments
- Updated ADR changelog with pipx adoption

Still TODO for #2:
- Docker role
- Traefik role
- Setup playbook
- Deploy playbook
- Testing against live server

Files added:
- ansible/README.md - Complete Ansible guide
- ansible/ansible.cfg - Ansible configuration
- ansible/hcloud.yml - Hetzner dynamic inventory
- ansible/roles/common/* - Base hardening role

Partial progress on #2

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-12-27 14:00:22 +01:00

17 lines

274 B

YAML

Raw Blame History

 ---
 # Handlers for common role
 - name: Restart SSH
   service:
     name: ssh
     state: restarted
 - name: Restart unattended-upgrades
   service:
     name: unattended-upgrades
     state: restarted
 - name: Restart fail2ban
   service:
     name: fail2ban
     state: restarted