--- install_docker: true install_fail2ban: true package_list: - name: python3-pip - name: proxychains ######## # USER # ######## management_user_list: - name: stephane shell: '/bin/bash' authorized_keys: - key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClVS1uxDfwS6OusQ4qgcZ6hBc8YRBE8MyXu0sUfGN7S3itjI3W2ixD18v80el8dVQVR12jCY0ueavgoV1cHrfGWkFoLKi+QrA4MuSNUChj0NBbyLTmdwPvne8LRv3ttCbRSJ/6bIEveX8y/7kGn/R1NDFlfE6b5R8ersBUKCQM6YxblAkv/XH8cJlQXhr1nLhVOl/ae+Q/pTCbgioB8qrmGEuMvOLmavcFf7IJbJcSgeiXSOnyIRl2n64X6lbRK+MRZ61pF6vAOXA+Ixyt/fAbO7sjqU0+cEhU5Br5/VcqG4Bc5nhWimtXIHPry3aLV5PtN6K9/i3eA5F6Jpa82JzmUMEbWSBIga02yIw9GjRyAI6ccH/kJGuB6QN5/YwGHpOF2f0FGiEAbUz41mLngN3SsXL1pdV2hT3x56/GIcGe6p/f1cytwVCyOaE7W87B05w5JYb1sSFj6QuGW0rHWfnHT5SY87Mk/H8VgZPaPbm+hSjLIQRAmUYQR+Rub1o9bXE= stephane" exclusive: yes sudo: hosts: ALL as: ALL commands: ALL nopasswd: ALL ################ # SSH - CLIENT # ################ # ssh_drop_in_name: null # #ssh_user: root # ssh: # # noqa var-naming # Compression: true # GSSAPIAuthentication: false # # wokeignore:rule=master # ControlMaster: auto # ControlPath: ~/.ssh/.cm%C # Match: # - Condition: "final all" # GSSAPIAuthentication: true # Host: # - Condition: example # Hostname: example.com # User: somebody # ssh_ForwardX11: false ################# # SSH - SERVEUR # ################# sshd_skip_defaults: true sshd_config_file: /etc/ssh/sshd_config sshd_AuthorizedKeysFile: .ssh/authorized_keys sshd_AcceptEnv: "LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT LC_IDENTIFICATION LC_ALL" sshd_Protocol: 2 sshd_LoginGraceTime: 30 sshd_SyslogFacility: AUTH sshd_LogLevel: VERBOSE sshd_PermitRootLogin: 'no' sshd_StrictModes: 'yes' sshd_IgnoreRhosts: 'yes' sshd_HostbasedAuthentication: 'no' sshd_PasswordAuthentication: 'no' sshd_PermitEmptyPasswords: 'no' sshd_ChallengeResponseAuthentication: 'no' sshd_GSSAPIAuthentication: 'no' sshd_X11DisplayOffset: 10 sshd_PrintMotd: 'yes' sshd_PrintLastLog: 'yes' sshd_TCPKeepAlive: 'yes' sshd_Subsystem: "sftp /usr/lib/openssh/sftp-server" sshd_UsePAM: 'yes' sshd_UseDNS: 'no' sshd_KexAlgorithms: "curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256" sshd_Ciphers: "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr" sshd_MACs: "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com" sshd_HostKey: - /etc/ssh/ssh_host_rsa_key ####### # APT # ####### apt_upgrade: true apt_repositories: [] apt_ppas: [] # # nginx ppa repo # - repo: ppa:nginx/stable # # not needed on ubuntu distribution # #codename: trusty # apt_packages: # - name: python3-pip ######### # ALERT # ######### alert_username: jingohalert alert_password: jMVmbM2VQ5gEiV alert_vault: "Jingoh0947;" alert_list_server: - '"163.172.84.28"' - '"37.187.127.90"' alert_server_ssl: gitea.jingoh.fr ########## # CHISEL # ########## chisel_version: 1.8.1 chisel_server_host: 163.172.84.28 chisel_server_port: 8080 chisel_client_auth_username: user chisel_client_auth_password: pass chisel_remove_all: - "{{ chisel_service_destination }}" - "{{ chisel_config_folder }}" - "{{ chisel_download_destination }}" - "{{ chisel_install_destination }}" - /var/log/chisel test_vault: !vault | $ANSIBLE_VAULT;1.2;AES256;prod 36663965646236326237623936646161653232306263353564666238626564633530363761633164 6166363235383964626463353061343635626431396664660a333231303661343362353162353938 32373332373362656635393365363635313137306532366536323765346464336634653366383961 3965626433316138320a366336393034383065363134623239646230396432356431383935346463 6330