5 KiB
System-related configuration
This Ansible playbook can install and configure various system-related things for you. All the sections below relate to the host OS instead of the managed containers.
swap
To enable swap management (also read more in the Swap article in the Arch Linux Wiki), add the following configuration to your vars.yml
file and re-run the installation process:
########################################################################
# #
# system #
# #
########################################################################
system_swap_enabled: true
########################################################################
# #
# /system #
# #
########################################################################
A swap file will be created in /var/swap
(configured using the system_swap_path
variable) and enabled in your /etc/fstab
file.
By default, the swap file will have the following size:
- on systems with
<= 2GB
of RAM, swap file size =total RAM * 2
- on systems with
> 2GB
of RAM, swap file size =1GB
To avoid these calculations and set your own size explicitly, set the system_swap_size
variable in megabytes, example (4gb):
system_swap_size: 4096
ssh
Warning
: advanced functionality! While the default config with a few adjustments was battle tested on hundreds of servers, you should use it with caution and verify everything before you apply the changes!
To enable ssh server config and authorized/unauthorized keys management, add the following configuration to your vars.yml
file and re-run the installation process:
########################################################################
# #
# system #
# #
########################################################################
system_security_ssh_enabled: true
system_security_ssh_port: 22
system_security_ssh_authorizedkeys: [] # list of authorized public keys
system_security_ssh_unauthorizedkeys: [] # list of unauthorized/revoked public keys
########################################################################
# #
# /system #
# #
########################################################################
The default configuration is good enough as-is, but we strongly suggest you to verify everything before applying any changes!, otherwise you may lock yourself out of the server.
With this configuration, the default /etc/ssh/sshd_config
file on your server will be replaced by a new one, managed by the ssh role (see its templates/etc/ssh/sshd_config.j2 file).
There are various configuration options - check the defaults and adjust them to your needs.
fail2ban
To enable fail2ban installation, management and integration with SSHd, add the following configuration to your vars.yml
file and re-run the installation process:
########################################################################
# #
# system #
# #
########################################################################
system_security_fail2ban_enabled: true
system_security_fail2ban_sshd_port: 22
# If you enabled playbook-managed ssh as described above,
# you can replace the line above with the following:
# system_security_fail2ban_sshd_port: "{{ system_security_ssh_port }}"
########################################################################
# #
# /system #
# #
########################################################################