Modified ssh role

.gitignore

@@ -3,5 +3,3 @@ production
 .hidden
 .vscode
 *.swp
-set-up-control-node.yaml
-roles/ufw-control-node

roles/grub-opnxng/tasks/main.yaml

@@ -0,0 +1,14 @@
+- name: Set up Grub
+  template:
+    src: "grub.j2"
+    dest: "/etc/default/grub"
+    owner: 0
+    group: 0
+    mode: 0644
+  when: inventory_hostname in groups["oracle"]
+
+- name: System | GRUB | Update GRUB
+  become: true
+  ansible.builtin.command:
+    cmd: update-grub2
+  when: inventory_hostname in groups["oracle"]

roles/grub-opnxng/templates/grub.j2

@@ -0,0 +1,10 @@
+# If you change this file, run 'update-grub' afterwards to update
+# /boot/grub/grub.cfg.
+# For full documentation of the options in this file, see:
+#   info -f grub -n 'Simple configuration'
+
+GRUB_DEFAULT=0
+GRUB_TIMEOUT=5
+GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_CMDLINE_LINUX_DEFAULT="quiet splash fsck.mode=force fsck.repair=yes"
+GRUB_CMDLINE_LINUX=""

roles/set-vm-overcommit-memory/tasks/main.yaml

@@ -0,0 +1,5 @@
+- name: Add vm.overcommit_memory to sysctl.conf
+  lineinfile:
+    path: /etc/sysctl.conf
+    line: 'vm.overcommit_memory=1'
+    insertafter: EOF  # Add the line at the end of the file

roles/ssh/tasks/main.yaml

@@ -11,6 +11,7 @@
 - name: Restart SSH service
   systemd:
     name: sshd
+    enabled: true
     state: restarted
 
 # ----------------------------------------------------------------------------------------------------------------
@@ -32,4 +33,4 @@
     group: "1000"
 
 # stat -c "%a %n" .ssh/*
-# ls -al .ssh
+# ls -al .ssh

set-up.yaml

@@ -9,41 +9,44 @@
 # ----------------------------------------------------------------------------------------------------
 
   pre_tasks:
-    - name: Install packages
+#    - name: Install packages
-      apt:
+#      apt:
-        name:
+#        name:
-          - iputils-ping
+#          - iputils-ping
-          - cron
+#          - cron
-          - fzf
+#          - fzf
-          - git
+#          - git
-          - curl
+#          - curl
-          - zip
+#          - zip
-          - unzip
+#          - unzip
-          - trash-cli
+#          - trash-cli
-        state: latest
+#        state: latest
-        install_recommends: false
+#        install_recommends: false
-        update_cache: true
+#        update_cache: true
-        autoclean: true
+#        autoclean: true
-        autoremove: true
+#        autoremove: true
 
     - name: Touch .hushlogin
       file:
         path: "/home/{{ user }}/.hushlogin"
         state: touch
+
 # ----------------------------------------------------------------------------------------------------
 
   roles:
-    - neovim
+    - grub-opnxng
-    - disable-root
+#    - neovim
-    - timezone
+#    - disable-root
-    - chrony
+#    - timezone
-    - hostname
+#    - chrony
-    - systemd-resolved
+#    - hostname
-    - sources-list
+#    - systemd-resolved
-    - ssh
+#    - sources-list
-    - ufw-opnxng
+#    - ssh
-    - fail2ban
+#    - ufw-opnxng
-    - unattended-upgrades
+#    - fail2ban
-    - nfs-opnxng
+#    - unattended-upgrades
-    - docker
+#    - nfs-opnxng
+#    - docker
+#    - set-vm-overcommit-memory
     #- docker-buildx

vars/secrets.example.yaml

@@ -1,9 +1,6 @@
-user:
-ssh_port:
-docker_dir:
-
-oracle_ipv4_cidr_block:
-
 wireguard_mesh_subnet:
 wireguard_mesh_control_host:
-wireguard_port:
+oracle_ipv4_cidr_block:
+user:
+ssh_port:
+wireguard_port: