boma/roles/base/tasks/main.yml

40 lines
995 B
YAML
Raw Permalink Normal View History

---
# `apply: tags:` propagates the concern tag to the INCLUDED tasks — without it a tag on
# a dynamic include_tasks only selects the include itself, not its contents, so
# `--tags <concern>` would run nothing (Ansible gotcha).
- name: Configure host firewall (nftables)
ansible.builtin.include_tasks:
file: firewall.yml
apply:
tags: [firewall]
tags: [firewall]
- name: SSH hardening
ansible.builtin.include_tasks:
file: ssh.yml
apply:
tags: [hardening]
tags: [hardening]
- name: Fail2ban intrusion deterrence
ansible.builtin.include_tasks:
file: fail2ban.yml
apply:
tags: [hardening]
tags: [hardening]
- name: AI-worker operational access (sudoers drop-in)
ansible.builtin.include_tasks:
file: operational_access.yml
apply:
tags: [users]
tags: [users]
- name: NetBird mesh enrollment
ansible.builtin.include_tasks:
file: mesh.yml
apply:
tags: [mesh]
when: base__mesh_enabled | bool
tags: [mesh]