Added more tasks files
Added source files template for authelia
Added tasks files to handle mail
My Bastion host configuration, it takes care of the nat,ssh,crowdsec config and the reverse proxying to my sites.
Note that this role was done for a personal use, if you want to reuse only the ssh,crowdsec part you'd have to comment out the irellevant tasks in tasks/main.yml.
ansible-galaxy install -r requirements.yml
Most of my vars are in an encrypted vault file
sshd_port: 22
debian_release: bullseye for the crowdsec repo key
crowdsec_firewall_bouncer: iptables
authelia_jwt_secret:
authelia_session_secret:
authelia_storage_encryption_key:
authelia_admin_password:
authelia_admin_user:
## Config
authelia_interface:
authelia_port:
authelia_log_level:
# IP internal network
filegator_ip:
git_ip:
blog_ip:
grafana_ip:
drone_ip:
domain:
# SSLH
sslh_listen_interface:
sslh_tls_listen_interface:
sslh_ssh_listen_interface:
sslh_user:
sslh_pidfile:
# Nginx
nginx_listen_interface_ssl:
nginx_default_root:
nginx_csp_shasum:
nginx_filegator_max_body_size:
nginx_git_port:
nginx_grafana_port:
nginx_default_port:
- hosts: bastion
roles:
- { role: bastion, sshd_port: 2222, debian_release: bullseye }
- hosts: bastion
vars_files:
- /vars/external_vars.yml
roles:
- bastion
molecule test
GPLv3