From 4b84a1de90b11e2c62ce257b7eec9290fc29de31 Mon Sep 17 00:00:00 2001 From: heqnx Date: Tue, 24 Jun 2025 21:32:36 +0300 Subject: fixed indents for nested list --- README.md | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index bc325e3..ef4021d 100644 --- a/README.md +++ b/README.md @@ -23,14 +23,16 @@ The playbook is organized into several task files, templates, and configuration - **tasks/pve_setup.yaml**: Installs Proxmox VE, configures APT repositories, downloads and verifies the Proxmox GPG key, upgrades packages, and removes conflicting Debian kernels. - **tasks/pve_configure.yaml**: Configures network interfaces, sets up NAT rules, enables IP forwarding, deploys a static `/etc/resolv.conf`, and creates a Proxmox administrative user. - **tasks/harden.yaml**: Hardens the system by: - - Clearing MOTD and issue files. - - Restricting cron/at to root-only. - - Hardening SSH configuration (e.g., disabling root login, limiting authentication attempts). - - Regenerating SSH host keys. - - Enabling unattended upgrades. - - Configuring UFW with a deny-by-default policy. - - Setting up fail2ban with an aggressive SSH jail. - - Disabling IPv6 via GRUB. + + - Clearing MOTD and issue files. + - Restricting cron/at to root-only. + - Hardening SSH configuration (e.g., disabling root login, limiting authentication attempts). + - Regenerating SSH host keys. + - Enabling unattended upgrades. + - Configuring UFW with a deny-by-default policy. + - Setting up fail2ban with an aggressive SSH jail. + - Disabling IPv6 via GRUB. + - **tasks/wg_setup.yaml**: Installs and configures a WireGuard VPN server for secure management, including peer management scripts and firewall rules. ### Configuration Files (in `files/`) -- cgit v1.2.3