File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
Original file line number Diff line number Diff line change 1+ - name : Apply netplan configuration
2+ ansible.builtin.command :
3+ cmd : netplan apply
4+
5+ - name : Restart dnsmasq
6+ ansible.builtin.service :
7+ name : dnsmasq.service
8+ state : restarted
9+
10+ - name : Restart nftables
11+ ansible.builtin.service :
12+ name : nftables.service
13+ state : restarted
Original file line number Diff line number Diff line change 1+ # Configure netplan
2+ - name : Copy armbian.yaml file
3+ ansible.builtin.copy :
4+ src : armbian.yaml
5+ dest : /etc/netplan/armbian.yaml
6+ mode : ' 0644'
7+ owner : root
8+ group : root
9+ notify :
10+ - Apply netplan configuration
11+
12+ # Configure dnsmasq
13+ - name : Ensure that dnsmasq is installed
14+ ansible.builtin.apt :
15+ name : dnsmasq
16+ state : present
17+ update_cache : yes
18+ - name : Copy lan.conf file
19+ ansible.builtin.copy :
20+ src : lan.conf
21+ dest : /etc/dnsmasq.d/lan.conf
22+ mode : ' 0644'
23+ owner : root
24+ group : root
25+ notify :
26+ - Restart dnsmasq
27+
28+ # Configure nftables
29+ - name : Ensure that nftables is installed
30+ ansible.builtin.apt :
31+ name : nftables
32+ state : present
33+ update_cache : yes
34+ - name : Copy nftables.conf file
35+ ansible.builtin.copy :
36+ src : nftables.conf
37+ dest : /etc/nftables.conf
38+ mode : ' 0644'
39+ owner : root
40+ group : root
41+ notify :
42+ - Restart nftables
43+
44+ # Configure ip forwarding
45+ - name : Copy 99-router.conf file
46+ ansible.builtin.copy :
47+ src : 99-router.conf
48+ dest : /etc/sysctl.d/99-router.conf
49+ mode : ' 0644'
50+ owner : root
51+ group : root
52+ notify :
53+ - Apply sysctl configuration
54+
55+ # Ensure services are enabled
56+ - name : Ensure dnsmasq service is enabled
57+ ansible.builtin.service :
58+ name : dnsmasq.service
59+ enabled : true
60+ - name : Ensure nftables service is enabled
61+ ansible.builtin.service :
62+ name : nftables.service
63+ enabled : true
Original file line number Diff line number Diff line change 1+ # Enable unattended-upgrades
2+ - name : Install unattended-upgrades and apt-list changes
3+ ansible.builtin.apt :
4+ name :
5+ - unattended-upgrades
6+ - apt-listchanges
7+ state : present
8+ update_cache : yes
9+
10+ - name : Enable auto updates
11+ ansible.builtin.shell : echo unattended-upgrades unattended-upgrades/enable_auto_updates boolean true | debconf-set-selections
12+
13+ - name : DPKG reconfigure
14+ ansible.builtin.command : dpkg-reconfigure -f noninteractive unattended-upgrades
15+
16+ # Secure configuration in /etc/ssh/ssh_config file
17+ - name : sshd secure configuration
18+ ansible.builtin.blockinfile :
19+ name : /etc/ssh/sshd_config
20+ block : |
21+ Port 22
22+ PermitRootLogin no
23+ PasswordAuthentication no
24+ PubkeyAuthentication yes
25+ X11Forwarding no
26+ marker : " # {mark} sshd configuration"
27+ insertafter : EOF
File renamed without changes.
Original file line number Diff line number Diff line change 1+ - name : Restart wireguard
2+ ansible.builtin.service :
3+ name : wg-quick@wg0.service
4+ state : restarted
Original file line number Diff line number Diff line change 1+ # Configure WireGuard
2+ - name : Ensure that wireguard-tools is installed
3+ ansible.builtin.apt :
4+ name : wireguard-tools
5+ state : present
6+ update_cache : yes
7+ - name : Create wireguard directory
8+ ansible.builtin.file :
9+ path : /etc/wireguard
10+ state : directory
11+ mode : ' 0700'
12+ owner : root
13+ group : root
14+ - name : Copy wg0.conf file
15+ ansible.builtin.copy :
16+ src : wg0.conf
17+ dest : /etc/wireguard/wg0.conf
18+ mode : ' 0600'
19+ owner : root
20+ group : root
21+ notify :
22+ - Restart wireguard
23+
24+ # Ensure wireguard is enabled
25+ - name : Ensure wireguard service is enabled
26+ ansible.builtin.service :
27+ name : wg-quick@wg0.service
28+ enabled : true
You can’t perform that action at this time.
0 commit comments