mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-25 11:01:03 +02:00
61d48f1173
fail2ban role now protects postfix, dovecot and sshd. other roles can drop configuration files into /etc/fail2ban/jail.d/*.local to enable fail2ban to monitor it's service.
33 lines
1.6 KiB
YAML
33 lines
1.6 KiB
YAML
---
|
|
|
|
- name: setup orion
|
|
hosts: orion.archlinux.org
|
|
remote_user: root
|
|
vars:
|
|
archweb_db_host: 'apollo.archlinux.org'
|
|
dbscripts_commit: '20191022'
|
|
roles:
|
|
- { role: common, tags: ['common'] }
|
|
- { role: tools, tags: ['tools'] }
|
|
- { role: sshd, tags: ['sshd'] }
|
|
- { role: root_ssh, tags: ['root_ssh'] }
|
|
- { role: borg-client, tags: ['borg'] }
|
|
- { role: opendkim, dkim_selector: orion, tags: ['mail'] }
|
|
- { role: dovecot, tags: ['mail', "dovecot"] }
|
|
- { role: spampd, tags: ["mail", "spampd"] }
|
|
- { role: unbound, tags: ["mail", "unbound"] }
|
|
- { role: postfwd, tags: ['mail', "postfwd"] }
|
|
- { role: postfix, postfix_server: true, postfix_smtpd_public: true, tags: ['mail'] }
|
|
- { role: archusers, tags: ['archusers'] }
|
|
- { role: certbot }
|
|
- { role: nginx, tags: ["nginx"] }
|
|
- { role: dbscripts, repos_domain: "repos.archlinux.org", repos_rsync_domain: "rsync.archlinux.org", svntogit_repos: "/srv/svntogit/repos", postgres_ssl: 'on', tags: ['dbscripts', 'archusers'] }
|
|
- sogrep
|
|
- { role: sudo, tags: ['sudo', 'archusers'] }
|
|
- { role: archweb, archweb_site: false, archweb_services: true, archweb_donor_import: true, archweb_mirrorcheck_locations: [5, 6], tags: ['archweb'] }
|
|
- { role: sources, sources_domain: "sources.archlinux.org", sources_dir: "/srv/sources", tags: ['sources'] }
|
|
- { role: archive, archive_domain: "archive.archlinux.org", archive_dir: "/srv/archive", tags: ['archive'] }
|
|
- { role: hefur, ftp_iso_dir: '/srv/ftp/iso', tags: ['torrenttracker']}
|
|
- wkd
|
|
- { role: fail2ban, tags: ["fail2ban"] }
|