~tieong/ansible-role-bastion

My Bastion host configuration, it takes care of the nat,ssh,crowdsec config and the reverse proxying to my sites.
Added more tasks files
Added source files template for authelia
Added tasks files to handle mail

refs

master
browse  log 

clone

read-only
https://git.sr.ht/~tieong/ansible-role-bastion
read/write
git@git.sr.ht:~tieong/ansible-role-bastion

You can also use your local clone with git send-email.

#Bastion

My Bastion host configuration, it takes care of the nat,ssh,crowdsec config and the reverse proxying to my sites.

Note that this role was done for a personal use, if you want to reuse only the ssh,crowdsec part you'd have to comment out the irellevant tasks in tasks/main.yml.

#Requirements

ansible-galaxy install -r requirements.yml

#Bastion Variables

Most of my vars are in an encrypted vault file

sshd_port: 22
debian_release: bullseye for the crowdsec repo key
crowdsec_firewall_bouncer: iptables

authelia_jwt_secret:
authelia_session_secret:
authelia_storage_encryption_key:
authelia_admin_password:
authelia_admin_user:

## Config

authelia_interface:
authelia_port:
authelia_log_level:

# IP internal network

filegator_ip:
git_ip:
blog_ip:
grafana_ip:
drone_ip:
domain:

# SSLH

sslh_listen_interface:
sslh_tls_listen_interface:
sslh_ssh_listen_interface:
sslh_user:
sslh_pidfile:

# Nginx

nginx_listen_interface_ssl:
nginx_default_root:
nginx_csp_shasum:
nginx_filegator_max_body_size:
nginx_git_port:
nginx_grafana_port:
nginx_default_port:

#Example Playbook

- hosts: bastion
  roles:
    - { role: bastion, sshd_port: 2222, debian_release: bullseye }

- hosts: bastion
  vars_files:
    - /vars/external_vars.yml
  roles:
    - bastion

#Tests

molecule test

#License

GPLv3