diff --git a/roles/net-security/tasks/main.yml b/roles/net-security/tasks/main.yml index 83332f2..12fa6f2 100644 --- a/roles/net-security/tasks/main.yml +++ b/roles/net-security/tasks/main.yml @@ -1,6 +1,8 @@ -- name: Install fail2ban. +- name: Install fail2ban & ufw. apt: - name: fail2ban + name: + - fail2ban + - ufw state: present # TODO add proper fail2ban config @@ -11,4 +13,18 @@ state: started enabled: true -# TODO install UFW +- name: Ensure ufw is started & enabled. + service: + name: fail2ban + state: started + enabled: true + +- name: Allow SSH connections. + community.general.ufw: + rule: allow + port: 2222 + +- name: Block everything else by default & enable firewall. + community.general.ufw: + default: deny + state: enabled diff --git a/roles/traefik-deploy/templates/traefik.yml.j2 b/roles/traefik-deploy/templates/traefik.yml.j2 index 8173ad1..5154433 100644 --- a/roles/traefik-deploy/templates/traefik.yml.j2 +++ b/roles/traefik-deploy/templates/traefik.yml.j2 @@ -10,9 +10,6 @@ entryPoints: websecure: address: ":443" -api: - insecure: true - providers: docker: swarmMode: true