2024-01-06 16:46:48 +00:00
|
|
|
# Make a full system upgrade (using apt-get full-upgrade)
|
|
|
|
common_full_upgrade: false
|
2024-10-16 19:16:11 +00:00
|
|
|
common_allow_restart: false # allow restarting after update
|
2024-01-06 16:46:48 +00:00
|
|
|
|
|
|
|
# Install and configure UFW Firewall on the system
|
2024-10-16 20:18:38 +00:00
|
|
|
common_firewall_enabled: true
|
2024-01-06 16:46:48 +00:00
|
|
|
common_firewall_reject: false # reject all connections by default
|
2024-10-16 19:16:11 +00:00
|
|
|
|
|
|
|
# Default Firewall Rules
|
|
|
|
common_firewall:
|
|
|
|
- port: 22
|
2024-10-16 19:40:36 +00:00
|
|
|
rule: allow
|
|
|
|
state: present
|
2024-10-16 19:16:11 +00:00
|
|
|
interface: "{{ common_firewall_lan_interface if common_firewall_lan_interface }}"
|
|
|
|
comment: "Allow incoming connections on {{ common_firewall_lan_interface if common_firewall_lan_interface else 'all interfaces' }}"
|
2024-01-06 16:46:48 +00:00
|
|
|
|
|
|
|
# Configure SSH to only accept SSH Keys
|
|
|
|
common_ssh_configure: true
|
|
|
|
|
|
|
|
# This locks the root account *password*, but still allows SSH Key and sudo logins
|
|
|
|
# To unlock the password, set this to false.
|
2024-10-16 19:16:11 +00:00
|
|
|
common_lock_root: true
|