|
|
@ -10,7 +10,9 @@
|
|
|
|
- vim
|
|
|
|
- vim
|
|
|
|
become: yes
|
|
|
|
become: yes
|
|
|
|
|
|
|
|
|
|
|
|
# ssh
|
|
|
|
# Security
|
|
|
|
|
|
|
|
#
|
|
|
|
|
|
|
|
# https://www.raspberrypi.org/documentation/configuration/security.md
|
|
|
|
|
|
|
|
|
|
|
|
- hosts: attitude-adjuster
|
|
|
|
- hosts: attitude-adjuster
|
|
|
|
tasks:
|
|
|
|
tasks:
|
|
|
@ -33,11 +35,51 @@
|
|
|
|
password: !
|
|
|
|
password: !
|
|
|
|
become: yes
|
|
|
|
become: yes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: install ufw and fail2ban
|
|
|
|
|
|
|
|
package:
|
|
|
|
|
|
|
|
name: "{{ item }}"
|
|
|
|
|
|
|
|
state: present
|
|
|
|
|
|
|
|
become: yes
|
|
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
|
|
- ufw
|
|
|
|
|
|
|
|
- fail2ban
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: allow access to dns, http, and https
|
|
|
|
|
|
|
|
ufw:
|
|
|
|
|
|
|
|
rule: allow
|
|
|
|
|
|
|
|
name: "{{ item }}"
|
|
|
|
|
|
|
|
with_items:
|
|
|
|
|
|
|
|
- DNS
|
|
|
|
|
|
|
|
- WWW Full
|
|
|
|
|
|
|
|
become: yes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: limit ssh access
|
|
|
|
|
|
|
|
ufw:
|
|
|
|
|
|
|
|
rule: limit
|
|
|
|
|
|
|
|
name: OpenSSH
|
|
|
|
|
|
|
|
become: yes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: enable ufw
|
|
|
|
|
|
|
|
ufw:
|
|
|
|
|
|
|
|
state: enabled
|
|
|
|
|
|
|
|
become: yes
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- name: create jail.local
|
|
|
|
|
|
|
|
copy:
|
|
|
|
|
|
|
|
src: jail.local
|
|
|
|
|
|
|
|
dest: /etc/fail2ban/
|
|
|
|
|
|
|
|
become: yes
|
|
|
|
|
|
|
|
notify: reload fail2ban
|
|
|
|
|
|
|
|
|
|
|
|
handlers:
|
|
|
|
handlers:
|
|
|
|
- name: reload ssh
|
|
|
|
- name: reload ssh
|
|
|
|
service:
|
|
|
|
service:
|
|
|
|
name: ssh
|
|
|
|
name: ssh
|
|
|
|
state: reloaded
|
|
|
|
state: reloaded
|
|
|
|
|
|
|
|
- name: reload fail2ban
|
|
|
|
|
|
|
|
service:
|
|
|
|
|
|
|
|
name: fail2ban
|
|
|
|
|
|
|
|
state: reloaded
|
|
|
|
|
|
|
|
|
|
|
|
# Pi-Hole
|
|
|
|
# Pi-Hole
|
|
|
|
|
|
|
|
|
|
|
|