playbook robot-server: restrict permissions on storage and activate f…

…ail2ban
UtrechtUniversity · Jan 6, 2025 · 07a14a5 · 07a14a5
1 parent 748fb14
commit 07a14a5
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/playbooks/robot-server.yml b/playbooks/robot-server.yml
@@ -1,9 +1,26 @@
 ---
 - name: Prepare a robot server
   hosts: localhost
-  gather_facts: true
+  gather_facts: false
 
   roles:
     - role: robotuser
       vars:
         robotuser_generate_ssh_key: true
+    - role: fact_workspace_info
+
+  tasks:
+
+    - name: Restrict permissions on data volumes
+      ansible.builtin.file:
+        path: "{{ item }}"
+        state: directory
+        owner: root
+        group: root
+        mode: "0750"
+      with_items: "{{ fact_workspace_storage }}"
+
+    - name: Ensure fail2ban is active
+      ansible.builtin.service:
+        name: fail2ban
+        state: started