2
0
Fork 0

add readme and initial example

This commit is contained in:
Luca Bilke 2024-02-11 18:21:54 +01:00
commit 1447aa30fd
No known key found for this signature in database
GPG Key ID: AD6630D0A1E650AC
6 changed files with 47 additions and 0 deletions

15
README.md Normal file
View File

@ -0,0 +1,15 @@
# Beispiel Ansible
## Erste Schritte
Du musst einmal die `host_vars/server.example.com.yml` Datei umbennenen und die `inventory` Datei anpassen um deinen Host zu erreichen.
In `host_vars/server.example.com.yml` kannst du fail2ban und nftables konfigurieren.
## Dokumentation
### nftables
- [Rolle](https://github.com/ipr-cnrs/nftables/blob/master/README.md)
### fail2ban
- [Rolle](https://github.com/Oefenweb/ansible-fail2ban/blob/master/README.md)
- [Konfiguration](https://github.com/fail2ban/fail2ban/wiki/Proper-fail2ban-configuration)

2
ansible.cfg Normal file
View File

@ -0,0 +1,2 @@
[connection]
pipelining = True

View File

@ -0,0 +1,12 @@
---
nft_define_host:
input tcp accepted:
name: in_tcp_accept
value: '{ ssh, http, https }'
output tcp accepted:
name: out_tcp_accept
value: '{ ssh, http, https }'
fail2ban_services:
- name: sshd
backend: systemd

1
inventory Normal file
View File

@ -0,0 +1 @@
server.example.com ansible_host=0.0.0.0 ansible_ssh_user=example become=true become_user=root

6
requirements.yaml Normal file
View File

@ -0,0 +1,6 @@
roles:
- src: ipr-cnrs.nftables
version: v2.2.1
- src: Oefenweb.fail2ban
version: v4.0.8

11
site.yml Normal file
View File

@ -0,0 +1,11 @@
- name: Import nftables
hosts:
- all
roles:
- ipr-cnrs.nftables
- name: Import fail2ban
hosts:
- all
roles:
- Oefenweb.fail2ban