ilia/ansible

ilia baf3e3de09 Refactor playbooks: servers/workstations, split monitoring, improve shell

2026-01-01 11:35:24 -05:00

553 B

Raw Blame History

Security reference

Overview

Security in this repo is implemented via:

hardened SSH + firewall defaults (roles/ssh/)
baseline system configuration (roles/base/)
monitoring/intrusion prevention on servers (roles/monitoring_server/)
secrets handled via Ansible Vault (inventories/production/group_vars/all/vault.yml)

Recommended execution

# Dry-run first
make check

# Apply security-tagged tasks
make security

Vault

Vault guide: docs/guides/vault.md

Canonical standards

project-docs/standards.md