add system cleanup role
This commit is contained in:
parent
fe4b5b69f4
commit
6bc5602607
3 changed files with 44 additions and 0 deletions
|
@ -67,6 +67,43 @@ With this configuration, the default `/etc/ssh/sshd_config` file on your server
|
|||
|
||||
There are various configuration options - check the defaults and adjust them to your needs.
|
||||
|
||||
### cleanup
|
||||
|
||||
Playbook may perform some housekeeping automatically, cleaning up unused docker resources, logs, even kernels (debian-only) and packages (debian-only). Here is how to enable different housekeeping tasks that will run on `setup-all`, `setup-cleanup`, `install-cleanup`:
|
||||
|
||||
|
||||
```yaml
|
||||
########################################################################
|
||||
# #
|
||||
# system #
|
||||
# #
|
||||
########################################################################
|
||||
|
||||
# runs `docker system prune -a -f --volumes` to remove unused images and containers
|
||||
system_cleanup_docker: true
|
||||
|
||||
# configures a systemd unit (and timer) that runs `journalctl --vacuum-time=7d` daily, you can control schedules using system_cleanup_logs_* vars
|
||||
system_cleanup_logs: true
|
||||
|
||||
# list of arbitrary absolute paths to remove on each invocation
|
||||
system_cleanup_paths: []
|
||||
|
||||
# The following options are Debian only, will have no effect on any other distro family
|
||||
|
||||
# runs safe-upgrade, apt autoclean, aptautoremove, etc.
|
||||
system_cleanup_apt: true
|
||||
|
||||
# WARNING: very dangerous! Purges old linux kernels, and their modules
|
||||
system_cleanup_kernels: false
|
||||
|
||||
########################################################################
|
||||
# #
|
||||
# /system #
|
||||
# #
|
||||
########################################################################
|
||||
```
|
||||
|
||||
|
||||
### fail2ban
|
||||
|
||||
To enable [fail2ban](https://fail2ban.org/wiki/index.php/Main_Page) installation, management and integration with SSHd, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
|
||||
|
|
|
@ -28,6 +28,9 @@
|
|||
version: v0.45.5-0
|
||||
name: changedetection
|
||||
activation_prefix: changedetection_
|
||||
- src: git+https://gitlab.com/etke.cc/roles/cleanup.git
|
||||
version: main
|
||||
activation_prefix: system_cleanup_
|
||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-clickhouse.git
|
||||
version: v23.10.5.20-0
|
||||
name: clickhouse
|
||||
|
|
|
@ -53,6 +53,10 @@
|
|||
- role: galaxy/swap
|
||||
# /role-specific:swap
|
||||
|
||||
# role-specific:cleanup
|
||||
- role: galaxy/cleanup
|
||||
# /role-specific:cleanup
|
||||
|
||||
# role-specific:ssh
|
||||
- when: system_security_ssh_enabled | bool
|
||||
role: galaxy/ssh
|
||||
|
|
Loading…
Reference in a new issue