diff options
Diffstat (limited to 'playbooks/security.yaml')
| -rw-r--r-- | playbooks/security.yaml | 24 |
1 files changed, 15 insertions, 9 deletions
diff --git a/playbooks/security.yaml b/playbooks/security.yaml index 14c3550..2a0424e 100644 --- a/playbooks/security.yaml +++ b/playbooks/security.yaml @@ -2,13 +2,11 @@ hosts: hollyhock become: true tasks: - - name: Configure ssh - ansible.builtin.copy: - src: sshd_config - dest: /etc/ssh/sshd_config - mode: "0644" - backup: true - notify: Restart ssh + - name: Install ufw + ansible.builtin.apt: + name: ufw + state: present + update_cache: true - name: Deny all incoming traffic by default community.general.ufw: @@ -23,7 +21,7 @@ - name: Allow ssh traffic through firewall community.general.ufw: rule: allow - port: 22 + port: "{{ ssh_port }}" proto: tcp - name: Enable ufw @@ -49,7 +47,15 @@ dest: /etc/apt/apt.conf.d/20auto-upgrades handlers: - - name: Restart ssh + - name: Restart ssh socket + ansible.builtin.systemd: + name: ssh.socket + state: restarted + daemon_reload: true + listen: Restart ssh + + - name: Restart ssh service ansible.builtin.systemd: name: ssh state: restarted + listen: Restart ssh |