Setup basic security in init playbook

[codeofmochi]

Init playbook should take care of setting up basic security such as:

• apt updates
• fail2ban
• unattended-upgrades
• firewall (careful with ufw since it conflicts with docker's usage of iptables)
• ...

[NoeTerrier]

@SidonieBouthors @Thechi2000 pin on this, what do you think of that ?

[codeofmochi]

Have a look at https://github.com/dev-sec/ansible-collection-hardening as well, though you will still have to setup a docker-compatible firewall (e.g. firewall-cmd).

[Thechi2000]

pin on this, what do you think of that ?

@NoeTerrier It could be useful, but it should not be too much to not be a problem in the future (e.g. for future managers). For example, I'm not sure setting up would be useful, since it might become complicated to correctly manage, and hinder development, and there already is one provided by Infomaniak (although it seems very light).

Have a look at https://github.com/dev-sec/ansible-collection-hardening as well, though you will still have to setup a docker-compatible firewall (e.g. firewall-cmd).

@codeofmochi It is interesting, but it is lacking a lot of documentation, or I wasn't able to find it.