107 lines
1.5 KiB
YAML
107 lines
1.5 KiB
YAML
|
---
|
||
|
|
||
|
- name: Install packages
|
||
|
community.general.pacman:
|
||
|
state: present
|
||
|
name:
|
||
|
- base-devel
|
||
|
- borg
|
||
|
- cronie
|
||
|
- dfc
|
||
|
- fail2ban
|
||
|
- firejail
|
||
|
- git
|
||
|
- htop
|
||
|
- iftop
|
||
|
- inetutils
|
||
|
- iotop
|
||
|
- mlocate
|
||
|
- mosh
|
||
|
- neovim
|
||
|
- nethogs
|
||
|
- nftables
|
||
|
- nginx
|
||
|
- nmap
|
||
|
- nsd
|
||
|
- pacman-contrib
|
||
|
- prometheus-node-exporter
|
||
|
- sslh
|
||
|
- strace
|
||
|
- sudo
|
||
|
- tinc
|
||
|
- tmux
|
||
|
- tree
|
||
|
- uptimed
|
||
|
- vim
|
||
|
- vnstat
|
||
|
- wget
|
||
|
- zsh
|
||
|
|
||
|
- name: install fail2ban conf
|
||
|
copy:
|
||
|
dest: /etc/fail2ban/jail.d/local.conf
|
||
|
src: local.conf
|
||
|
|
||
|
- name: Enable fail2ban
|
||
|
systemd:
|
||
|
enabled: true
|
||
|
state: started
|
||
|
name: fail2ban
|
||
|
|
||
|
- name: Enable cronie
|
||
|
systemd:
|
||
|
enabled: true
|
||
|
state: started
|
||
|
name: cronie
|
||
|
|
||
|
- name: Enable vnstat
|
||
|
systemd:
|
||
|
enabled: true
|
||
|
state: started
|
||
|
name: vnstat
|
||
|
|
||
|
- name: Enable uptimed
|
||
|
systemd:
|
||
|
state: started
|
||
|
enabled: true
|
||
|
name: uptimed
|
||
|
|
||
|
- name: Install default nftables conf
|
||
|
copy:
|
||
|
dest: /etc/nftables.conf
|
||
|
src: nftables.conf
|
||
|
force: no
|
||
|
|
||
|
- name: Enable nftables
|
||
|
systemd:
|
||
|
state: started
|
||
|
enabled: true
|
||
|
name: nftables
|
||
|
|
||
|
- name: Add paccache cron
|
||
|
cron:
|
||
|
name: paccache
|
||
|
job: paccache -rk2
|
||
|
hour: "1"
|
||
|
minute: "30"
|
||
|
|
||
|
- name: Add pkg user
|
||
|
user:
|
||
|
name: pkg
|
||
|
group: users
|
||
|
create_home: yes
|
||
|
|
||
|
- name: Install sslh config
|
||
|
copy:
|
||
|
dest: /etc/sslh.cfg
|
||
|
src: sslh.cfg
|
||
|
force: no
|
||
|
|
||
|
- name: Enable sslh
|
||
|
systemd:
|
||
|
enabled: true
|
||
|
state: started
|
||
|
name: sslh-select
|
||
|
|
||
|
- include: yay.yml
|