add system cleanup role

This commit is contained in:
Aine 2023-12-09 18:58:15 +02:00
parent fe4b5b69f4
commit 6bc5602607
No known key found for this signature in database
GPG key ID: 34969C908CCA2804
3 changed files with 44 additions and 0 deletions

View file

@ -67,6 +67,43 @@ With this configuration, the default `/etc/ssh/sshd_config` file on your server
There are various configuration options - check the defaults and adjust them to your needs. There are various configuration options - check the defaults and adjust them to your needs.
### cleanup
Playbook may perform some housekeeping automatically, cleaning up unused docker resources, logs, even kernels (debian-only) and packages (debian-only). Here is how to enable different housekeeping tasks that will run on `setup-all`, `setup-cleanup`, `install-cleanup`:
```yaml
########################################################################
# #
# system #
# #
########################################################################
# runs `docker system prune -a -f --volumes` to remove unused images and containers
system_cleanup_docker: true
# configures a systemd unit (and timer) that runs `journalctl --vacuum-time=7d` daily, you can control schedules using system_cleanup_logs_* vars
system_cleanup_logs: true
# list of arbitrary absolute paths to remove on each invocation
system_cleanup_paths: []
# The following options are Debian only, will have no effect on any other distro family
# runs safe-upgrade, apt autoclean, aptautoremove, etc.
system_cleanup_apt: true
# WARNING: very dangerous! Purges old linux kernels, and their modules
system_cleanup_kernels: false
########################################################################
# #
# /system #
# #
########################################################################
```
### fail2ban ### fail2ban
To enable [fail2ban](https://fail2ban.org/wiki/index.php/Main_Page) installation, management and integration with SSHd, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process: To enable [fail2ban](https://fail2ban.org/wiki/index.php/Main_Page) installation, management and integration with SSHd, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:

View file

@ -28,6 +28,9 @@
version: v0.45.5-0 version: v0.45.5-0
name: changedetection name: changedetection
activation_prefix: changedetection_ activation_prefix: changedetection_
- src: git+https://gitlab.com/etke.cc/roles/cleanup.git
version: main
activation_prefix: system_cleanup_
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-clickhouse.git - src: git+https://github.com/mother-of-all-self-hosting/ansible-role-clickhouse.git
version: v23.10.5.20-0 version: v23.10.5.20-0
name: clickhouse name: clickhouse

View file

@ -53,6 +53,10 @@
- role: galaxy/swap - role: galaxy/swap
# /role-specific:swap # /role-specific:swap
# role-specific:cleanup
- role: galaxy/cleanup
# /role-specific:cleanup
# role-specific:ssh # role-specific:ssh
- when: system_security_ssh_enabled | bool - when: system_security_ssh_enabled | bool
role: galaxy/ssh role: galaxy/ssh