Added sysctl config

2026-04-08 16:35:48 +02:00 · 2021-12-13 15:52:04 +01:00 · 2021-12-13 15:52:04 +01:00 · 6f16d38311
commit 6f16d38311
parent b21aea7621
5 changed files with 84 additions and 1 deletions
--- a/roles/networking/tasks/main.yml
+++ b/roles/networking/tasks/main.yml
@ -0,0 +1,40 @@
+- name: Install fail2ban & ufw.
+  apt:
+    name:
+      - fail2ban
+      - ufw
+    state: present
+
+# TODO add proper fail2ban config
+
+- name: Ensure fail2ban is started & enabled.
+  service:
+    name: fail2ban
+    state: started
+    enabled: true
+
+- name: Ensure ufw is started & enabled.
+  service:
+    name: fail2ban
+    state: started
+    enabled: true
+
+- name: Allow SSH connections.
+  community.general.ufw:
+    rule: allow
+    port: 2222
+
+- name: Open necessary ports for Docker swarm communication.
+  community.general.ufw:
+    rule: allow
+    port: "{{ item }}"
+  loop:
+    - 2377  # cluster management communications
+    - 7946  # communication among nodes
+    - 4789  # overlay network traffic
+    - 9001  # Portainer communication
+
+- name: Block everything else by default & enable firewall.
+  community.general.ufw:
+    default: deny
+    state: enabled