add readme and initial example

2024-02-11 18:21:54 +01:00 · 2024-02-11 18:21:54 +01:00 · 1447aa30fd
commit 1447aa30fd
6 changed files with 47 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,15 @@
+# Beispiel Ansible
+
+## Erste Schritte
+
+Du musst einmal die `host_vars/server.example.com.yml` Datei umbennenen und die `inventory` Datei anpassen um deinen Host zu erreichen.
+In `host_vars/server.example.com.yml` kannst du fail2ban und nftables konfigurieren. 
+
+## Dokumentation
+
+### nftables
+- [Rolle](https://github.com/ipr-cnrs/nftables/blob/master/README.md)
+
+### fail2ban
+- [Rolle](https://github.com/Oefenweb/ansible-fail2ban/blob/master/README.md)
+- [Konfiguration](https://github.com/fail2ban/fail2ban/wiki/Proper-fail2ban-configuration)
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,2 @@
+[connection]
+pipelining = True
--- a/host_vars/server.example.com.yml
+++ b/host_vars/server.example.com.yml
@ -0,0 +1,12 @@
+---
+nft_define_host:
+  input tcp accepted:
+    name: in_tcp_accept
+    value: '{ ssh, http, https }'
+  output tcp accepted:
+    name: out_tcp_accept
+    value: '{ ssh, http, https }'
+
+fail2ban_services:
+  - name: sshd
+    backend: systemd
--- a/1
+++ b/1
@ -0,0 +1 @@
+server.example.com ansible_host=0.0.0.0 ansible_ssh_user=example become=true become_user=root
--- a/requirements.yaml
+++ b/requirements.yaml
@ -0,0 +1,6 @@
+roles:
+  - src: ipr-cnrs.nftables
+    version: v2.2.1
+
+  - src: Oefenweb.fail2ban
+    version: v4.0.8
--- a/site.yml
+++ b/site.yml
@ -0,0 +1,11 @@
+- name: Import nftables
+  hosts:
+    - all
+  roles:
+    - ipr-cnrs.nftables
+
+- name: Import fail2ban
+  hosts:
+    - all
+  roles:
+    - Oefenweb.fail2ban
				`@ -0,0 +1 @@`
				`server.example.com ansible_host=0.0.0.0 ansible_ssh_user=example become=true become_user=root`