87 lines
1.5 KiB
YAML
87 lines
1.5 KiB
YAML
- name: Install Debian packages
|
|
become: yes
|
|
ansible.builtin.apt:
|
|
name:
|
|
- docker-ce
|
|
- docker-compose-plugin
|
|
- firewalld
|
|
state: latest
|
|
|
|
- name: Upgrade Debian packages
|
|
become: yes
|
|
ansible.builtin.apt:
|
|
upgrade: dist
|
|
update_cache: yes
|
|
cache_valid_time: 3600
|
|
autoremove: yes
|
|
state: latest
|
|
register: apt_upgrades
|
|
|
|
- name: Ensure firewalld is running
|
|
become: yes
|
|
service:
|
|
name: firewalld
|
|
state: started
|
|
enabled: yes
|
|
|
|
- name: Allow SSH
|
|
become: yes
|
|
firewalld:
|
|
service: ssh
|
|
permanent: yes
|
|
state: enabled
|
|
immediate: yes
|
|
|
|
- name: Disallow Web
|
|
become: yes
|
|
firewalld:
|
|
service: http
|
|
permanent: yes
|
|
state: disabled
|
|
immediate: yes
|
|
|
|
- name: Allow Web Secure
|
|
become: yes
|
|
firewalld:
|
|
service: https
|
|
permanent: yes
|
|
state: enabled
|
|
immediate: yes
|
|
|
|
- name: Allow 443 udp for http3
|
|
become: yes
|
|
firewalld:
|
|
port: 443/udp
|
|
permanent: yes
|
|
state: enabled
|
|
immediate: yes
|
|
|
|
- name: Allow 514 tcp for syslog
|
|
become: yes
|
|
firewalld:
|
|
port: 514/tcp
|
|
permanent: yes
|
|
state: enabled
|
|
immediate: yes
|
|
|
|
- name: Allow 2222 tcp for pgrok ssh tunnel
|
|
become: yes
|
|
firewalld:
|
|
port: 2222/tcp
|
|
permanent: yes
|
|
state: enabled
|
|
immediate: yes
|
|
|
|
- name: Allow Syncthing
|
|
become: yes
|
|
firewalld:
|
|
service: syncthing
|
|
permanent: yes
|
|
state: enabled
|
|
immediate: yes
|
|
|
|
- name: Reboot if needed
|
|
become: yes
|
|
ansible.builtin.reboot:
|
|
when: apt_upgrades.changed
|