Compare commits
1 Commits
debian13
...
6124a0bc49
| Author | SHA1 | Date | |
|---|---|---|---|
6124a0bc49
|
@@ -3,7 +3,7 @@
|
||||
|
||||
# I'm currently not sure when we need to restart versus reload
|
||||
- name: reload caddy
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: caddy
|
||||
state: reloaded
|
||||
|
||||
|
||||
@@ -8,7 +8,7 @@ fail2ban_maxretry: 6
|
||||
fail2ban_findtime: 3600
|
||||
# 2 weeks in seconds
|
||||
fail2ban_bantime: 1209600
|
||||
fail2ban_ignoreip: 127.0.0.0/8
|
||||
fail2ban_ignoreip: 127.0.0.1/8
|
||||
|
||||
# Disable SSH passwords. Must use SSH keys. This is OK because we add the keys
|
||||
# before re-configuring the SSH daemon to disable passwords.
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
# ansible.builtin.file: roles/common/handlers/main.yml
|
||||
|
||||
- name: Reload sshd
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: "{{ sshd_service_name }}"
|
||||
state: reloaded
|
||||
|
||||
@@ -10,11 +10,11 @@
|
||||
ansible.builtin.command: sysctl -p /etc/sysctl.conf
|
||||
|
||||
- name: Reload systemd
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
daemon_reload: true
|
||||
|
||||
- name: Restart nftables
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: nftables
|
||||
state: restarted
|
||||
|
||||
@@ -22,6 +22,6 @@
|
||||
# in the order they are defined, not in the order they are listed in the task's
|
||||
# notify statement and we must restart fail2ban after updating the firewall.
|
||||
- name: Restart fail2ban
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: fail2ban
|
||||
state: restarted
|
||||
|
||||
@@ -47,7 +47,7 @@
|
||||
- Restart fail2ban
|
||||
|
||||
- name: Start and enable fail2ban service
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: fail2ban
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
@@ -76,11 +76,11 @@
|
||||
# need to reload to pick up service/timer/environment changes
|
||||
- name: Reload systemd daemon
|
||||
when: nftables_systemd_units is changed
|
||||
ansible.builtin.systemd_service: # noqa no-handler
|
||||
ansible.builtin.systemd: # noqa no-handler
|
||||
daemon_reload: true
|
||||
|
||||
- name: Start and enable nftables update timers
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: "{{ item }}"
|
||||
state: started
|
||||
enabled: true
|
||||
@@ -88,7 +88,7 @@
|
||||
- update-firehol-nftables.timer
|
||||
|
||||
- name: Start and enable nftables
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: nftables
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
@@ -22,7 +22,7 @@
|
||||
|
||||
- name: Start and enable systemd's NTP client
|
||||
when: ansible_service_mgr == 'systemd'
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: systemd-timesyncd
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
@@ -32,9 +32,3 @@ KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha51
|
||||
{% if ssh_allowed_users is defined and ssh_allowed_users %}
|
||||
AllowUsers {{ ssh_allowed_users|join(" ") }} {{ provisioning_user.name }}
|
||||
{% endif %}
|
||||
|
||||
PerSourcePenaltyExemptList {{ fail2ban_ignoreip | replace(" ", ",") }}
|
||||
|
||||
# Mask to use for IPv4 and IPv6 respectively when applying network penalties.
|
||||
# The default is 32:128.
|
||||
PerSourceNetBlockSize 24:56
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: restart mariadb
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: mariadb
|
||||
state: restarted
|
||||
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
---
|
||||
# ansible.builtin.file: roles/munin/handlers/main.yml
|
||||
- name: restart munin-node
|
||||
ansible.builtin.systemd_service: name=munin-node state=restarted
|
||||
ansible.builtin.systemd: name=munin-node state=restarted
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
- restart munin-node
|
||||
|
||||
- name: Start munin-node
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: munin-node
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
---
|
||||
- name: Reload nginx
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: reloaded
|
||||
|
||||
|
||||
@@ -82,7 +82,7 @@
|
||||
|
||||
# always issues daemon-reload just in case the service/timer changed
|
||||
- name: Start and enable systemd timer to renew Let's Encrypt certs
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: renew-letsencrypt.timer
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
@@ -119,7 +119,7 @@
|
||||
tags: nginx
|
||||
|
||||
- name: Start and enable nginx service
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: nginx
|
||||
state: started
|
||||
enabled: true
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
---
|
||||
# For Debian 12
|
||||
- name: Reload php8.2-fpm
|
||||
ansible.builtin.systemd_service:
|
||||
ansible.builtin.systemd:
|
||||
name: php8.2-fpm
|
||||
state: reloaded
|
||||
|
||||
|
||||
Reference in New Issue
Block a user