Alan Orth
7a9a24ef5d
Actually, we do want to run fail2ban on all hosts because the sshd monitoring via systemd is nice. At the very least it reduces spam from failed logins in our systemd journal. |
||
---|---|---|
group_vars | ||
host_vars | ||
misc-plays | ||
roles | ||
vars | ||
.gitignore | ||
ansible.cfg | ||
LICENSE | ||
nomads.yml | ||
Pipfile | ||
Pipfile.lock | ||
README.md | ||
site.yml | ||
web.yml |
Ansible Playbook
Ansible playbook for base and initial configuration of the web server hosting my personal websites. After successful execution of this playbook, however, there is still some manual work to import databases, copy site content, etc.
Assumptions
Before you can run this, a few things are assumed:
- You have a clean, minimal Ubuntu 20.04 or Debian 11/12 host up and running
- Python 3 is installed on the remote server (requirement of Ansible)
- You have a user account with password-less SSH access to the machine
- You have sudo privileges on the remote host
- You have created a
hosts
file with something like:
[web]
web01
Use
Once you've satisfied the the above assumptions, you can execute:
$ ansible-playbook web.yml
Todo
- Switch from
cron-apt
tounattended-upgrades
License
Copyright (C) 2014–2021 Alan Orth
The contents of this repository are free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.