114 lines
2.2 KiB
YAML
Executable File
114 lines
2.2 KiB
YAML
Executable File
---
|
|
## BASIC CONFIG
|
|
cloud_update: false
|
|
cloud_name: cloud
|
|
cloud_home: "/opt/{{ cloud_name }}"
|
|
cloud_type: "cloud"
|
|
cloud_env: production
|
|
cloud_env_path: "{{ cloud_home }}/{{ cloud_env }}"
|
|
cloud_host_group: server
|
|
cloud_control_version: 1.0.0
|
|
cloud_control_name: cloud-control
|
|
cloud_git_branch_main: main
|
|
cloud_stage: prod
|
|
|
|
cloud_tzdata: Europe/Berlin
|
|
|
|
cloud_apps: /opt
|
|
cloud_storage: /srv
|
|
cloud_python_envs: "{{ cloud_apps }}/pyenv"
|
|
|
|
cloud_internal_dns: 1.1.1.1
|
|
|
|
basis_apps:
|
|
- passwd
|
|
- vim
|
|
- unzip
|
|
- resolvconf
|
|
|
|
|
|
## HARDWARE
|
|
mount_points: []
|
|
# - path: /some/path
|
|
# dev: /dev/sdb
|
|
# fstype: ext4
|
|
# opts: noatime
|
|
# state: mounted
|
|
|
|
|
|
swap_on: true
|
|
swap_file: /swapfile
|
|
#block size * block count = swap size (Bytes)
|
|
swap_block_size: 1024
|
|
swap_block_count: 1048576
|
|
|
|
|
|
## USER + GROUPS
|
|
shared_group: "{{ cloud_name }}"
|
|
default_groups:
|
|
- "ssh"
|
|
- "users"
|
|
- "cdrom"
|
|
- "{{ cloud_shared_group }}"
|
|
users:
|
|
- name: username
|
|
displayname: User Name
|
|
shell: /bin/bash
|
|
groups:
|
|
- sudo
|
|
- username
|
|
state: present
|
|
ssh_key: "ssh-rsa ABCDEF"
|
|
|
|
## SSH
|
|
ssh_port: 22
|
|
ssh_configs:
|
|
- Protocol 2
|
|
- "Port {{ cloud_ssh_port }}"
|
|
- PermitRootLogin no
|
|
- PubkeyAuthentication yes
|
|
- PasswordAuthentication no
|
|
- PermitEmptyPasswords no
|
|
|
|
## FAIL2BAN
|
|
fail2ban_bantime: 1h
|
|
fail2ban_maxretry: 3
|
|
fail2ban_nginx_selfmade_filter:
|
|
- nginx-noscript
|
|
- nginx-nohome
|
|
- nginx-noproxy
|
|
fail2ban_nginx_default_filter:
|
|
- nginx-limit-req
|
|
- nginx-botsearch
|
|
fail2ban_activate_modules:
|
|
- sshd
|
|
- nginx
|
|
|
|
## WIREGUARD
|
|
wireguard_enabled: True
|
|
wireguard_is_gateway: False
|
|
wireguard_allow_adjacent_client_traffic: False
|
|
wireguard_keepalive: 25
|
|
|
|
wireguard_gateway_interface: eth0
|
|
wireguard_gateway_host: my-wireguard-server.tld
|
|
wireguard_gateway_port: 51820
|
|
wireguard_gateway_net_prefix: 10.10.10
|
|
wireguard_gateway_net_cidr: 24
|
|
wireguard_gateway_public_key: your-public-key
|
|
wireguard_gateway_private_key: your-privat-key
|
|
|
|
wireguard_gateway_forward: []
|
|
# - server_port: 22
|
|
# client_port: "{{ ssh_port }}"
|
|
# client_index: 0
|
|
|
|
|
|
wireguard_client_host: my-wireguard-client
|
|
wireguard_clients:
|
|
# my-wireguard-client:
|
|
# index: 0
|
|
# public_key: my-public-key
|
|
# private_key: my-private-key
|
|
|