2017-04-24 12:22:51 +00:00
|
|
|
- hosts: webservers
|
|
|
|
become: True
|
|
|
|
gather_facts: True
|
2018-12-18 00:05:58 +00:00
|
|
|
vars:
|
|
|
|
ssh_server_ports: "{{ vault_ssh_server_ports }}"
|
|
|
|
nginx_add_header: []
|
2020-05-16 13:56:35 +00:00
|
|
|
sysctl_overwrite:
|
|
|
|
# Enable IPv4 traffic forwarding.
|
|
|
|
net.ipv4.ip_forward: 1
|
2017-04-24 12:22:51 +00:00
|
|
|
roles:
|
|
|
|
- role: dev-sec.os-hardening
|
2020-05-16 15:53:03 +00:00
|
|
|
- role: dev-sec.ssh-hardening
|
|
|
|
- role: nginxinc.nginx
|
|
|
|
- role: dev-sec.nginx-hardening
|
|
|
|
- role: jnv.unattended-upgrades
|