.gitignore

@@ -4,13 +4,10 @@ inventory/
 # Ignore .secret files.... you know, there secret...
 *.secret
 .vault-*
+vault.secret
 
 # Ignore Caching
 cache/
 
 # Ignore Testplaybook
-playbooks/global/testserver.yml
-
-# Ignore unneccessary Files
-.vscode
-.ansible
+playbooks/global/testserver.yml

ansible.cfg

@@ -2,7 +2,6 @@
 inventory = ./inventory/
 host_key_checking = False
 retry_files_enabled = False
-private_key_file = ~/.ssh/ansible_key
 
 # Caching-Einstellungen
 gathering = smart
@@ -27,4 +26,4 @@ become_ask_pass = False
 
 [ssh_connection]
 ssh_args = -o ControlMaster=auto -o ControlPersist=60s
-pipelining = True
+pipelining = True

playbooks/heyer.systems/all.yml

@@ -1,5 +0,0 @@
----
-- name: Install and start Apache web server
-  hosts: all
-  roles:
-    - server_install_ssh

playbooks/heyer.systems/calibre.yml

@@ -1,6 +0,0 @@
----
-- name: Install and start Apache web server
-  hosts: calibre
-  roles:
-    - server_install_ssh
-    - server_install_fail2ban

playbooks/heyer.systems/docker1.yml

@@ -3,4 +3,3 @@
   hosts: docker1
   roles:
     - server_install_ssh
-    - server_install_fail2ban

playbooks/heyer.systems/minecraft.yml

@@ -1,6 +0,0 @@
----
-- name: Install and start Apache web server
-  hosts: minecraft
-  roles:
-    - server_install_ssh
-    - server_install_fail2ban

playbooks/heyer.systems/pihole.yml

@@ -1,6 +0,0 @@
----
-- name: Install and start Apache web server
-  hosts: pihole
-  roles:
-    - server_install_ssh
-    - server_install_fail2ban

playbooks/heyer.systems/pve1.yml

@@ -1,6 +0,0 @@
----
-- name: Install and start Apache web server
-  hosts: pve1
-  roles:
-    - server_install_ssh
-    - server_install_fail2ban

playbooks/heyer.systems/pve2.yml

@@ -1,6 +0,0 @@
----
-- name: Install and start Apache web server
-  hosts: pve2
-  roles:
-    - server_install_ssh
-    - server_install_fail2ban

playbooks/heyer.systems/pve3.yml

@@ -1,6 +0,0 @@
----
-- name: Install and start Apache web server
-  hosts: pve3
-  roles:
-    - server_install_ssh
-    - server_install_fail2ban

roles/server_install_fail2ban/defaults/main.yml

@@ -1,5 +0,0 @@
----
-fail2ban_ssh_enabled: true
-fail2ban_ssh_maxretry: 5
-fail2ban_ssh_bantime: 1h
-fail2ban_ssh_findtime: 1h

roles/server_install_fail2ban/handlers/main.yml

@@ -1,5 +0,0 @@
----
-- name: Restart fail2ban
-  ansible.builtin.service:
-    name: fail2ban
-    state: restarted

roles/server_install_fail2ban/tasks/main.yml

@@ -1,23 +0,0 @@
----
-- name: Update apt package index
-  ansible.builtin.apt:
-    update_cache: true
-    cache_valid_time: 3600
-
-- name: Install Fail2Ban
-  ansible.builtin.apt:
-    name: fail2ban
-    state: present
-
-- name: Ensure Fail2Ban service is enabled and running
-  ansible.builtin.service:
-    name: fail2ban
-    enabled: true
-    state: started
-
-- name: Configure Fail2Ban for SSH
-  ansible.builtin.template:
-    src: jail.local.j2
-    dest: /etc/fail2ban/jail.local
-    mode: '0644'
-  notify: Restart fail2ban

roles/server_install_fail2ban/templates/jail.local.j2

@@ -1,15 +0,0 @@
-[DEFAULT]
-# Ignore local IP addresses
-ignoreip = 127.0.0.1/8 ::1
-
-# Ban settings
-bantime = {{ fail2ban_ssh_bantime }}
-findtime = {{ fail2ban_ssh_findtime }}
-maxretry = {{ fail2ban_ssh_maxretry }}
-
-[sshd]
-enabled = {{ fail2ban_ssh_enabled | lower }}
-port = ssh
-filter = sshd
-logpath = %(sshd_log)s
-maxretry = {{ fail2ban_ssh_maxretry }}

roles/server_install_ssh/templates/sshd_config.j2

@@ -6,6 +6,7 @@ PasswordAuthentication no
 ChallengeResponseAuthentication no
 UsePAM yes
 X11Forwarding no
+AllowUsers {{ ssh_user }}
 ClientAliveInterval 300
 ClientAliveCountMax 2
 LoginGraceTime 30