|
- hosts: webservers
|
|
become: True
|
|
gather_facts: True
|
|
vars:
|
|
ssh_server_ports: "{{ vault_ssh_server_ports }}"
|
|
sysctl_overwrite:
|
|
# Enable IPv4 traffic forwarding.
|
|
net.ipv4.ip_forward: 1
|
|
roles:
|
|
- role: dev-sec.os-hardening
|
|
- role: dev-sec.ssh-hardening
|
|
- role: jnv.unattended-upgrades
|