ilia
3415340e26
All checks were successful
CI / skip-ci-check (pull_request) Successful in 1m18s
CI / lint-and-test (pull_request) Successful in 1m21s
CI / ansible-validation (pull_request) Successful in 2m43s
CI / secret-scanning (pull_request) Successful in 1m19s
CI / dependency-scan (pull_request) Successful in 1m23s
CI / sast-scan (pull_request) Successful in 2m28s
CI / license-check (pull_request) Successful in 1m20s
CI / vault-check (pull_request) Successful in 2m21s
CI / playbook-test (pull_request) Successful in 2m19s
CI / container-scan (pull_request) Successful in 1m48s
CI / sonar-analysis (pull_request) Successful in 1m26s
CI / workflow-summary (pull_request) Successful in 1m17s
32 lines
840 B
YAML
32 lines
840 B
YAML
---
|
|
# Role: base_os
|
|
# Purpose: baseline OS configuration for app guests (packages, appuser, firewall).
|
|
|
|
base_os_packages:
|
|
- git
|
|
- curl
|
|
- ca-certificates
|
|
- openssh-server
|
|
- sudo
|
|
- ufw
|
|
- python3
|
|
- python3-apt
|
|
- nodejs
|
|
- npm
|
|
|
|
base_os_allow_ssh_port: 22
|
|
|
|
# App ports (override per project)
|
|
base_os_backend_port: "{{ app_backend_port | default(3001) }}"
|
|
base_os_frontend_port: "{{ app_frontend_port | default(3000) }}"
|
|
base_os_enable_backend: true
|
|
base_os_enable_frontend: true
|
|
|
|
base_os_user: "{{ appuser_name | default('appuser') }}"
|
|
base_os_user_shell: "{{ appuser_shell | default('/bin/bash') }}"
|
|
base_os_user_groups: "{{ appuser_groups | default(['sudo']) }}"
|
|
base_os_user_ssh_public_key: "{{ appuser_ssh_public_key | default('') }}"
|
|
|
|
# If true, create passwordless sudo for base_os_user.
|
|
base_os_passwordless_sudo: true
|