From 1447aa30fdeb062c7d5f95705becc962be6f4674 Mon Sep 17 00:00:00 2001
From: Luca Bilke <luca@bil.ke>
Date: Sun, 11 Feb 2024 18:21:54 +0100
Subject: [PATCH] add readme and initial example

---
 README.md                        | 15 +++++++++++++++
 ansible.cfg                      |  2 ++
 host_vars/server.example.com.yml | 12 ++++++++++++
 inventory                        |  1 +
 requirements.yaml                |  6 ++++++
 site.yml                         | 11 +++++++++++
 6 files changed, 47 insertions(+)
 create mode 100644 README.md
 create mode 100644 ansible.cfg
 create mode 100644 host_vars/server.example.com.yml
 create mode 100644 inventory
 create mode 100644 requirements.yaml
 create mode 100644 site.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..8a98936
--- /dev/null
+++ b/README.md
@@ -0,0 +1,15 @@
+# Beispiel Ansible
+
+## Erste Schritte
+
+Du musst einmal die `host_vars/server.example.com.yml` Datei umbennenen und die `inventory` Datei anpassen um deinen Host zu erreichen.
+In `host_vars/server.example.com.yml` kannst du fail2ban und nftables konfigurieren. 
+
+## Dokumentation
+
+### nftables
+- [Rolle](https://github.com/ipr-cnrs/nftables/blob/master/README.md)
+
+### fail2ban
+- [Rolle](https://github.com/Oefenweb/ansible-fail2ban/blob/master/README.md)
+- [Konfiguration](https://github.com/fail2ban/fail2ban/wiki/Proper-fail2ban-configuration)
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..388b8d5
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,2 @@
+[connection]
+pipelining = True
diff --git a/host_vars/server.example.com.yml b/host_vars/server.example.com.yml
new file mode 100644
index 0000000..82f0291
--- /dev/null
+++ b/host_vars/server.example.com.yml
@@ -0,0 +1,12 @@
+---
+nft_define_host:
+  input tcp accepted:
+    name: in_tcp_accept
+    value: '{ ssh, http, https }'
+  output tcp accepted:
+    name: out_tcp_accept
+    value: '{ ssh, http, https }'
+
+fail2ban_services:
+  - name: sshd
+    backend: systemd
diff --git a/inventory b/inventory
new file mode 100644
index 0000000..53cabd6
--- /dev/null
+++ b/inventory
@@ -0,0 +1 @@
+server.example.com ansible_host=0.0.0.0 ansible_ssh_user=example become=true become_user=root
diff --git a/requirements.yaml b/requirements.yaml
new file mode 100644
index 0000000..9bbe49e
--- /dev/null
+++ b/requirements.yaml
@@ -0,0 +1,6 @@
+roles:
+  - src: ipr-cnrs.nftables
+    version: v2.2.1
+
+  - src: Oefenweb.fail2ban
+    version: v4.0.8
diff --git a/site.yml b/site.yml
new file mode 100644
index 0000000..2d842bf
--- /dev/null
+++ b/site.yml
@@ -0,0 +1,11 @@
+- name: Import nftables
+  hosts:
+    - all
+  roles:
+    - ipr-cnrs.nftables
+
+- name: Import fail2ban
+  hosts:
+    - all
+  roles:
+    - Oefenweb.fail2ban