moving files to old

2021-02-28 23:19:04 +00:00
parent 63657fbe47
commit 86d3a9a0ec
28 changed files with 0 additions and 0 deletions
--- a/old/group_vars/all.yml
+++ b/old/group_vars/all.yml
@@ -0,0 +1,30 @@
+---
+# general settings
+default_username: debian
+dot_forward_email: <YOUR_EMAIL_GOES_HERE>
+private_key: .ssh/id_rsa
+public_key: .ssh/id_rsa.pub
+ntpserver: pool.ntp.org
+timezone: Europe/Rome
+
+# default sshd port
+sshd_port: 22
+
+# generate random passwords for default user and root user
+default_password: "{{lookup('password', '/dev/null length=15 chars=ascii_letters,digits,punctuation')}}"
+root_password: "{{lookup('password', '/dev/null length=15 chars=ascii_letters,digits,punctuation')}}"
+
+# unattended packages install configuration
+unattended_mail: "{{dot_forward_email}}"
+unattended_remove_unused_dependencies: true
+unattended_automatic_reboot_time: "03:00"
+unattended_update_days: "Sat"
+unattended_clean_interval: 7
+
+# fail2ban
+fail2ban_loglevel: INFO
+fail2ban_services:
+  - name: ssh
+    port: ssh
+    filter: sshd
+    logpath: /var/log/auth.log
--- a/old/group_vars/apt.yml
+++ b/old/group_vars/apt.yml
@@ -0,0 +1,49 @@
+---
+# packages to install
+packages_to_install:
+    - sudo
+    - python-apt
+    - git-core
+    - ufw
+    - dnsutils
+    - build-essential
+    - acl
+    - screen
+    - bash-completion
+    - ntp
+    - jq
+    - htop
+    - psmisc
+    - python-pip
+    - python3-pip
+    - vim
+    - netcat
+    - net-tools
+    - nmap
+    - lynx
+    - wget
+    - curl
+    - gzip
+    - rsync
+    - logrotate
+    # - logcheck
+    - rkhunter
+    - cryptsetup
+    - python-glade2
+    - dos2unix
+    - mlocate
+    - rclone
+    - bc
+    - zsh
+    - hddtemp
+    - lm-sensors
+    - qemu-guest-agent
+    - atop
+    - sshfs
+    - reptyr
+    - lvm2
+    - parted
+    - rename
+    - glances
+    - gnupg
+    - exim4
--- a/old/group_vars/docker.yml
+++ b/old/group_vars/docker.yml
@@ -0,0 +1,23 @@
+---
+# flag to install or skip docker module installation and configuration
+install_docker: true
+
+# docker
+docker__channel: ["stable"]
+docker__version: "19.03.5"
+docker__state: "present"
+docker__compose_version: "1.25.0"
+docker__users: ["{{default_username}}"]
+docker__daemon_flags:
+  - "-H unix://"
+  #- "-H unix:// --iptables=false"
+# "a" removes unused images (useful in production).
+# "f" forces it to happen without prompting you to agree.
+docker__cron_jobs_prune_flags: "af"
+docker__cron_jobs:
+  - name: "Docker disk clean up"
+    job: "docker system prune -{{docker__cron_jobs_prune_flags}} > /dev/null 2>&1"
+    schedule: ["0", "0", "*", "*", "0"]
+    cron_file: "docker-disk-clean-up"
+    user: "{{(docker__users | first) | d('root')}}"
+    state: "present"
--- a/old/group_vars/monit.yml
+++ b/old/group_vars/monit.yml
@@ -0,0 +1,30 @@
+---
+# monit
+config_monit: true
+monit_enable_email_notifications: false
+monit_email_to: "{{dot_forward_email}}"
+monit_enable_web_server: false
+monit_web_server_allow_list:
+  - localhost
+monit_web_server_local_only: true
+monit_monitor_services:
+  - name: "cron"
+    monitored: true
+    pidfile: "/var/run/crond.pid"
+    start_program: "/usr/sbin/service cron start"
+    stop_program: "/usr/sbin/service cron stop"
+  - name: "fail2ban"
+    monitored: true
+    pidfile: "/var/run/fail2ban/fail2ban.pid"
+    start_program: "/etc/init.d/fail2ban start"
+    stop_program: "/etc/init.d/fail2ban stop"
+  - name: "sshd"
+    monitored: true
+    pidfile: "/var/run/sshd.pid"
+    start_program: "/etc/init.d/ssh start"
+    stop_program: "/etc/init.d/ssh stop"
+  - name: "syslogd"
+    monitored: true
+    pidfile: "/var/run/rsyslogd.pid"
+    start_program: "/etc/init.d/rsyslog start"
+    stop_program: "/etc/init.d/rsyslog stop"
--- a/old/group_vars/networking.yml
+++ b/old/group_vars/networking.yml
@@ -0,0 +1,14 @@
+---
+# Local LAN IP-range addresses
+local_lan: "192.168.0.0/16"
+docker_overlay_ips: "172.0.0.0/8"
+
+# ufw rules
+ufw_rules:
+  - {rule: allow, port: 22, src: "{{local_lan}}", proto: tcp, direction: "in"}
+  - {rule: allow, port: 22, src: "{{docker_overlay_ips}}", proto: tcp, direction: "in"}
+  # - {rule: allow, port: 80, src: "0.0.0.0/0", proto: tcp, direction: "in"}
+  # - {rule: allow, port: 443, src: "0.0.0.0/0", proto: tcp, direction: "in"}
+
+# network configuration for our server
+interfaces_template: "interfaces-dhcp-server.j2"
--- a/old/group_vars/vault.yml
+++ b/old/group_vars/vault.yml
@@ -0,0 +1,15 @@
+$ANSIBLE_VAULT;1.1;AES256
+36663239336238393633346563366232393635633365343535663163336438613066633062626133
+3630376365643565653430363030616132383332306339370a393139616163366461376133373935
+35386535363862353237306264336230646334346162316666613238343863303336633533626538
+3364313966306362330a626634313961326664303761363635633039333138353331306132636261
+35623366333637353962383730613966336461623936376235313365303661663238316563613838
+33303032306137373863303564643236653530333366366136363837666661663864376139626634
+64613839333335663237333533633464393831663331356437376133396330396661366366373461
+33353462393063313731316364333034373066653563336533363032363038326331303433666634
+62376637343463386538333566303234313330663234313664616433653563353165386366653638
+65613736633135316463316537653638326233353134343537393239663537613734313762346434
+63393437356366613332623666383532363365303239666637666362626366623862666334303537
+35333663343137643737383533323134363937386239616136326534653261636361386463326236
+64306433666465343066333136346434656537626631656632393737626565396130373036333530
+3265646137373062393035636531376339623231366139373664