You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
67 lines
1.6 KiB
YAML
67 lines
1.6 KiB
YAML
---
|
|
- name: 'apply setup to {{ host | default("all") }}'
|
|
hosts: '{{ host | default("all") }}'
|
|
serial: "{{ serial_number | default(5) }}"
|
|
tasks:
|
|
- set_fact:
|
|
dev_prometheus_fqdn: 'dev-prometheus-01.{{ domain }}'
|
|
qa_prometheus_fqdn: 'qa-prometheus-01.{{ domain }}'
|
|
|
|
- set_fact:
|
|
dev_prometheus_ip: "{{ lookup('community.general.dig', dev_prometheus_fqdn ) }}"
|
|
qa_prometheus_ip: "{{ lookup('community.general.dig', qa_prometheus_fqdn ) }}"
|
|
|
|
- name: "Allow SSH in UFW"
|
|
ufw:
|
|
rule: limit
|
|
port: 22
|
|
proto: tcp
|
|
|
|
- name: "Allow port 9100 for node-exporter in UFW"
|
|
ufw:
|
|
rule: allow
|
|
port: 9100
|
|
proto: tcp
|
|
src: "{{ item }}"
|
|
loop:
|
|
- "{{ dev_prometheus_ip }}"
|
|
- "{{ qa_prometheus_ip }}"
|
|
|
|
- name: "Allow port 9115 for blackbox-exporter in UFW"
|
|
ufw:
|
|
rule: allow
|
|
port: 9115
|
|
proto: tcp
|
|
src: "{{ item }}"
|
|
loop:
|
|
- "{{ dev_prometheus_ip }}"
|
|
- "{{ qa_prometheus_ip }}"
|
|
|
|
- name: "Set firewall default policy"
|
|
ufw:
|
|
state: enabled
|
|
policy: reject
|
|
|
|
- name: "configure ssh_hardening"
|
|
include_role:
|
|
# include role from collection called 'devsec'
|
|
name: devsec.hardening.ssh_hardening
|
|
apply:
|
|
tags:
|
|
- ssh_hardening
|
|
tags:
|
|
- ssh_hardening
|
|
|
|
- name: "Install node-exporter via include_role"
|
|
include_role:
|
|
name: cloudalchemy.node-exporter
|
|
|
|
- name: "Install blackbox-exporter via include_role"
|
|
include_role:
|
|
name: cloudalchemy.blackbox-exporter
|
|
apply:
|
|
tags:
|
|
- blackbox
|
|
tags:
|
|
- blackbox
|