Enable UFW; add more pkgs; diff encrypted pass per user; add backports by def; add more sysctls; install docker; auto-configure borg, tailscale

2024-01-06 22:32:19 +05:30
parent bda495537a
commit 630724be56
10 changed files with 363 additions and 104 deletions
--- a/host_vars/us/healthchecks.yaml
+++ b/host_vars/us/healthchecks.yaml
@@ -1,11 +1,14 @@
 $ANSIBLE_VAULT;1.1;AES256
-32353133376437383030636135373334663838383965303761373666656236653335656430633735
-3861393933636337646535393837663336303538346635340a316664366632363461663734326437
-30623838643565633464393837343133313337393431613562303631366262646135633965346465
-3138613663343966310a353062613134393933373364373432356565363465316431613535393363
-37393935303434636365616235613831666231386632636161656135633734343266653636313261
-39623632376536643065313137396135623165356362616538386664393333333232383930663263
-38336439633239636339363961623837396334343064313736666235333434383762663231323263
-61633961623464643138633131666266323339363862326461323133383938356337393933613436
-38396563373133356330316333613263363935663163363337373836396238636637373735383833
-3037653434623331633666633533363561346364373965336432
+36393333323061396634373536623135376336653134303130336163316163343438613966313162
+6263613432353933633535656633383865643537386132320a623837636238386135376333623630
+35393233306435363332346562363239663636633863616362643931626563343037343463333365
+3632373132653830610a373763316130343737613233636237626534323030303430323461353562
+62333061376563343562386562313031363132326137333634316135343339626264623238343935
+31656639376339353439656632393363656664346362663031343931313534393862616532353732
+31663463363039386565653363653332396336306634356339616630623261643162373839356132
+64323038343430346433633865356462623133353339653336386261323637373731333630666333
+35643961316137356532653864613631633938303031663231343365646232636264633961373930
+36326239653963353562633134666262613332393963646239306336646338363734306161646562
+31366633336566393636616230326663363430333137656366336435656335343732393165363834
+34393766336138373164386332643661646162346166316265346664363530336336313334636366
+3132
--- a/host_vars/us/misc.yaml
+++ b/host_vars/us/misc.yaml
@@ -0,0 +1,35 @@
+---
+ufw_allow_rules:
+  - port: 443
+    proto: tcp
+  - port: 443
+    proto: udp
+  - port: 80
+    proto: tcp
+  - port: 53
+    proto: udp
+  - port: 53
+    proto: tcp
+  - port: 5201
+    proto: tcp
+bkp_source_directories:
+  - /home
+  - /etc
+  - /boot
+  - /root
+  - /opt
+  - /usr
+  - /var
+bkp_exclude_patterns:
+  - /var/log
+  - /var/lib/docker/buildkit
+  - /var/lib/docker/containers
+  - /var/lib/docker/image
+  - /var/lib/docker/overlay2
+  - /var/lib/docker/plugins
+  - /var/lib/docker/runtimes
+  - /var/lib/docker/swarm
+  - /var/lib/docker/tmp
+  - /var/lib/docker/trust
+bkp_postgresql_databases:
+  - name: invidious