add system cleanup role
This commit is contained in:
parent
fe4b5b69f4
commit
6bc5602607
3 changed files with 44 additions and 0 deletions
|
@ -67,6 +67,43 @@ With this configuration, the default `/etc/ssh/sshd_config` file on your server
|
||||||
|
|
||||||
There are various configuration options - check the defaults and adjust them to your needs.
|
There are various configuration options - check the defaults and adjust them to your needs.
|
||||||
|
|
||||||
|
### cleanup
|
||||||
|
|
||||||
|
Playbook may perform some housekeeping automatically, cleaning up unused docker resources, logs, even kernels (debian-only) and packages (debian-only). Here is how to enable different housekeeping tasks that will run on `setup-all`, `setup-cleanup`, `install-cleanup`:
|
||||||
|
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# system #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
|
||||||
|
# runs `docker system prune -a -f --volumes` to remove unused images and containers
|
||||||
|
system_cleanup_docker: true
|
||||||
|
|
||||||
|
# configures a systemd unit (and timer) that runs `journalctl --vacuum-time=7d` daily, you can control schedules using system_cleanup_logs_* vars
|
||||||
|
system_cleanup_logs: true
|
||||||
|
|
||||||
|
# list of arbitrary absolute paths to remove on each invocation
|
||||||
|
system_cleanup_paths: []
|
||||||
|
|
||||||
|
# The following options are Debian only, will have no effect on any other distro family
|
||||||
|
|
||||||
|
# runs safe-upgrade, apt autoclean, aptautoremove, etc.
|
||||||
|
system_cleanup_apt: true
|
||||||
|
|
||||||
|
# WARNING: very dangerous! Purges old linux kernels, and their modules
|
||||||
|
system_cleanup_kernels: false
|
||||||
|
|
||||||
|
########################################################################
|
||||||
|
# #
|
||||||
|
# /system #
|
||||||
|
# #
|
||||||
|
########################################################################
|
||||||
|
```
|
||||||
|
|
||||||
|
|
||||||
### fail2ban
|
### fail2ban
|
||||||
|
|
||||||
To enable [fail2ban](https://fail2ban.org/wiki/index.php/Main_Page) installation, management and integration with SSHd, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
|
To enable [fail2ban](https://fail2ban.org/wiki/index.php/Main_Page) installation, management and integration with SSHd, add the following configuration to your `vars.yml` file and re-run the [installation](../installing.md) process:
|
||||||
|
|
|
@ -28,6 +28,9 @@
|
||||||
version: v0.45.5-0
|
version: v0.45.5-0
|
||||||
name: changedetection
|
name: changedetection
|
||||||
activation_prefix: changedetection_
|
activation_prefix: changedetection_
|
||||||
|
- src: git+https://gitlab.com/etke.cc/roles/cleanup.git
|
||||||
|
version: main
|
||||||
|
activation_prefix: system_cleanup_
|
||||||
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-clickhouse.git
|
- src: git+https://github.com/mother-of-all-self-hosting/ansible-role-clickhouse.git
|
||||||
version: v23.10.5.20-0
|
version: v23.10.5.20-0
|
||||||
name: clickhouse
|
name: clickhouse
|
||||||
|
|
|
@ -53,6 +53,10 @@
|
||||||
- role: galaxy/swap
|
- role: galaxy/swap
|
||||||
# /role-specific:swap
|
# /role-specific:swap
|
||||||
|
|
||||||
|
# role-specific:cleanup
|
||||||
|
- role: galaxy/cleanup
|
||||||
|
# /role-specific:cleanup
|
||||||
|
|
||||||
# role-specific:ssh
|
# role-specific:ssh
|
||||||
- when: system_security_ssh_enabled | bool
|
- when: system_security_ssh_enabled | bool
|
||||||
role: galaxy/ssh
|
role: galaxy/ssh
|
||||||
|
|
Loading…
Reference in a new issue