Add basic security role, it was not present before

blackandred · blackandred · commit 99af6f2f846b · 2020-08-29T22:42:16.000+02:00
diff --git a/.templates/inventory/group_vars/all.yaml b/.templates/inventory/group_vars/all.yaml
@@ -117,6 +117,22 @@ default_role_basic_security:
         - "80"
         - "443"
 
+    anonymize_logs: false
+    anonymize_logs_schedule:
+        minute: "00"
+        hour: "*/6"
+        day: "*"
+        weekday: "*"
+        month: "*"
+
+    clear_shell_history: false
+    clear_shell_history_schedule:
+        minute: "*/10"
+        hour: "*"
+        day: "*"
+        weekday: "*"
+        month: "*"
+
 
 # https://github.com/zwiazeksyndykalistowpolski/server-basic-software
 default_role_basic_software:
diff --git a/playbooks/prepare-machine.yml b/playbooks/prepare-machine.yml
@@ -15,6 +15,15 @@
         when: ssh_fallback_port is defined and ssh_fallback_port > 0
         vars:
             fallback_ssh_port: "{{ ssh_fallback_port }}"
+        tags:
+            - system_settings
+            - users
+            - basic_software
+            - basic_security
+            - tune
+            - logs
+            - fail2ban
+            - port-multiplexer
 
 
 #
@@ -63,6 +72,19 @@
 
           - include_role: name=blackandred.server_basic_software
 
+      # =============
+      # Security Role
+      # =============
+      - name: Basic Security role
+        when: role_basic_security is defined
+        tags: basic_security
+        block:
+          - name: Include required vars
+            set_fact:
+            args: "{{ default_role_basic_security | combine(role_basic_security | default({}), recursive=True) }}"
+
+          - include_role: name=blackandred.server_basic_security
+
       # ========
       # Tweaking
       # ========
