init

ansible/playbooks/harden/harden_node.yml

@@ -0,0 +1,20 @@
+---
+- name: harden node
+  hosts: ec2
+  become: true
+  roles:
+    - role: harden/fail2ban
+
+    - role: harden/unattended_upgrades
+
+    - role: harden/sshd_config
+      vars:
+        ssh_port: "{{ ssh_port }}"
+
+    - role: harden/nftables
+      vars:
+        ssh_port: "{{ ssh_port }}"
+        # ntp_port: "{{ ntp_port }}"
+        nftables_conf_name: "vm-nftables.conf.j2"
+
+  # ansible-playbook playbooks/harden/harden_node.yml -i inventory.ec2.ini -e "ssh_port=25105"

ansible/playbooks/harden/harden_proxmox.yml

@@ -0,0 +1,21 @@
+---
+- name: harden node
+  hosts:
+    - dev-kyiv01-psy-proxmox-main-01
+  become: true
+  roles:
+    - role: harden/fail2ban
+
+    - role: harden/unattended_upgrades
+
+    - role: harden/sshd_config
+      vars:
+        ssh_port: "25105"
+
+    - role: harden/nftables
+      vars:
+        nftables_conf_name: "proxmox-nftables.conf.j2"
+        ssh_port: "25105"
+        ntp_port: "123"
+
+  # ansible-playbook playbooks/harden/harden_proxmox.yml -i inventory.ini