Commit 8c671815 authored by markus's avatar markus

Tweak deployment

parent 12b8b321
88.99.191.193 jitsi_meet_server_name=meet.fnord.group
88.99.191.193 jitsi_meet_server_name=meet.fnord.group netif=eth0
88.198.44.130 jitsi_meet_server_name=video.fnord.group netif=enp2s0
- hosts: all
tasks:
# General
- name: auto-upgrades
apt:
name: unattended-upgrades
- name: Install packages
apt:
name: "{{ packages }}"
......@@ -12,6 +9,7 @@
- unattended-upgrades
- htop
- screen
- sudo
- tmux
- nftables
- name: Remove useless packages from the cache
......@@ -49,7 +47,7 @@
- name: Disable Password Authentication
lineinfile:
dest=/etc/ssh/sshd_config
regexp='^#PasswordAuthentication'
regexp='^#?PasswordAuthentication'
line="PasswordAuthentication no"
state=present
notify:
......@@ -57,7 +55,7 @@
- name: Disable Root Login
lineinfile:
dest=/etc/ssh/sshd_config
regexp='^#PermitRootLogin'
regexp='^#?PermitRootLogin'
line="PermitRootLogin no"
state=present
notify:
......
......@@ -29,13 +29,13 @@ table inet filter {
table ip nat {
chain input {
type nat hook input priority 7;
iif eth0 snat 10.0.23.42;
iif {{ netif }} snat 10.0.23.42;
}
}
table ip6 nat {
chain input {
type nat hook input priority 5;
iif eth0 snat fec0::acab:2342;
iif {{ netif }} snat fec0::acab:2342;
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment