phfroidmont/self-hosting
1
0
Fork 0
mirror of https://github.com/phfroidmont/self-hosting.git synced 2025-12-25 05:36:59 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Custom harden-linux role

Browse source
This commit is contained in:
Paul-Henri Froidmont 2018-07-31 01:47:35 +02:00
parent 5d81de3cf9
commit bc0f0c4894
19 changed files with 1293 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

5
group_vars/all/vars
View file

@ -27,10 +27,7 @@ harden_linux_deploy_user_password: "{{k8s_scaleway_deploy_user_password}}"
harden_linux_deploy_user_home: /home/deploy
harden_linux_ufw_defaults_user:
"^DEFAULT_FORWARD_POLICY": 'DEFAULT_FORWARD_POLICY="ACCEPT"'
harden_linux_deploy_user_public_keys:
- authorized-keys/ansible-controller
- authorized-keys/froidmpa-laptop
- authorized-keys/froidmpa-desktop
harden_linux_deploy_user_public_keys: "{{ scw_authorized_keys }}"
harden_linux_ufw_allow_networks:
- "10.0.0.0/8"
- "172.16.0.0/12"

6
group_vars/k8s.yml
View file

@ -1,13 +1,13 @@
---
ansible_user: deploy
ansible_become: true
ansible_port: 2242
ansible_port: 22
harden_linux_sshd_settings_user:
"^Port ": "Port 2242"
"^Port ": "Port 22"
harden_linux_ufw_rules:
- rule: "allow"
to_port: "2242"
to_port: "22"
protocol: "tcp"
- rule: "allow"
to_port: "7000"

2
group_vars/k8s_worker
View file

@ -1,6 +1,6 @@
harden_linux_ufw_rules:
- rule: "allow"
to_port: "2242"
to_port: "22"
protocol: "tcp"
- rule: "allow"
to_port: "7000"