alanorth/ansible-personal
1
0
Fork 0
Code Issues 4 Pull Requests Projects Releases Wiki Activity
5d506ebc65
ansible-personal/roles/common/tasks/main.yml
Alan Orth dd2f65947d
roles/common: Update list of abusive IP addresses 
This comes from the AbuseIPDB with a confidence level of 95%. I use
the following command to download and sort the IPs:

    $ curl -G https://api.abuseipdb.com/api/v2/blacklist -d \
      confidenceMinimum=95 -H "Key: $ABUSEIPDB_API_KEY" \
      -H "Accept: text/plain" | sort | sed -e '/:/w /tmp/ipv6.txt' \
      -e '/:/d' > /tmp/ipv4.txt

I manually add the XML formatting to each file and run them through
tidy:

    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv4.xml
    $ tidy -xml -utf8 -m -iq -w 0 roles/common/files/abusers-ipv6.xml
2020-11-06 15:44:57 +02:00

55 lines
1.6 KiB
YAML
Raw Blame History

---
- name: Import OS-specific variables
include_vars: "vars/{{ ansible_distribution }}.yml"
tags: always
- name: Configure network time
import_tasks: ntp.yml
tags: ntp
- name: Install common packages
include_tasks: packages_Debian.yml
when: ansible_distribution == 'Debian'
tags: packages
- name: Install common packages
include_tasks: packages_Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
tags: packages
- name: Configure firewall
include_tasks: firewall_Debian.yml
when: ansible_distribution == 'Debian'
tags: firewall
- name: Configure firewall
include_tasks: firewall_Ubuntu.yml
when: ansible_distribution == 'Ubuntu'
tags: firewall
- name: Configure secure shell daemon
import_tasks: sshd.yml
tags: sshd
# containers identify as virtualization hosts, which makes this tricky, because we have actual Debian VM hosts!
- name: Reconfigure /etc/sysctl.conf
when: ansible_virtualization_role != 'host'
template: src=sysctl_{{ ansible_distribution }}.j2 dest=/etc/sysctl.conf owner=root group=root mode=0644
notify:
- reload sysctl
tags: sysctl
- name: Reconfigure /etc/rc.local
when: ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('19.04', '<=')
template: src=rc.local_Ubuntu.j2 dest=/etc/rc.local owner=root group=root mode=0755
- name: Set I/O scheduler
template: src=etc/udev/rules.d/60-scheduler.rules.j2 dest=/etc/udev/rules.d/60-scheduler.rules owner=root group=root mode=0644
tags: udev
- name: Copy admin SSH keys
import_tasks: ssh-keys.yml
tags: ssh-keys
# vim: set sw=2 ts=2:
Reference in New Issue View Git Blame Copy Permalink