mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-28 18:31:59 +02:00
992f81d766
For all hosts we want to have a working fail2ban for sshd brute force attempts through a group_vars/all. For some hosts an override is required to enable postfix or dovecot jails.
25 lines
657 B
YAML
25 lines
657 B
YAML
---
|
|
|
|
- name: setup state.archlinux.org (terraform state store)
|
|
hosts: state.archlinux.org
|
|
remote_user: root
|
|
roles:
|
|
- { role: common }
|
|
- { role: tools }
|
|
- { role: firewalld }
|
|
- { role: sshd }
|
|
- { role: unbound }
|
|
- { role: certbot }
|
|
- { role: borg_client, tags: ["borg"] }
|
|
- { role: root_ssh }
|
|
- role: postgres
|
|
postgres_listen_addresses: "*"
|
|
postgres_max_connections: 100
|
|
postgres_ssl: 'on'
|
|
postgres_shared_buffers: 512MB
|
|
postgres_ssl_hosts4: ['0.0.0.0/0']
|
|
postgres_ssl_hosts6: ['::/0']
|
|
- { role: terraform_state }
|
|
- { role: prometheus_exporters }
|
|
- { role: fail2ban }
|