diff options
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 18 |
1 files changed, 10 insertions, 8 deletions
@@ -23,14 +23,16 @@ The playbook is organized into several task files, templates, and configuration - **tasks/pve_setup.yaml**: Installs Proxmox VE, configures APT repositories, downloads and verifies the Proxmox GPG key, upgrades packages, and removes conflicting Debian kernels. - **tasks/pve_configure.yaml**: Configures network interfaces, sets up NAT rules, enables IP forwarding, deploys a static `/etc/resolv.conf`, and creates a Proxmox administrative user. - **tasks/harden.yaml**: Hardens the system by: - - Clearing MOTD and issue files. - - Restricting cron/at to root-only. - - Hardening SSH configuration (e.g., disabling root login, limiting authentication attempts). - - Regenerating SSH host keys. - - Enabling unattended upgrades. - - Configuring UFW with a deny-by-default policy. - - Setting up fail2ban with an aggressive SSH jail. - - Disabling IPv6 via GRUB. + + - Clearing MOTD and issue files. + - Restricting cron/at to root-only. + - Hardening SSH configuration (e.g., disabling root login, limiting authentication attempts). + - Regenerating SSH host keys. + - Enabling unattended upgrades. + - Configuring UFW with a deny-by-default policy. + - Setting up fail2ban with an aggressive SSH jail. + - Disabling IPv6 via GRUB. + - **tasks/wg_setup.yaml**: Installs and configures a WireGuard VPN server for secure management, including peer management scripts and firewall rules. ### Configuration Files (in `files/`) |