chofstede

---
- name: Update docker containers
  hosts: localhost
  connection: local
  gather_facts: false

  tasks:
    - name: Update Docker containers to latest state and restart them
      community.docker.docker_compose:
        project_src: "{{ item }}"

chofstede

#!/bin/sh
#
# iptables firewall script v1.0
#
PATH=/usr/sbin:/sbin:/bin:/usr/bin
#den Namen eurer Netzwerkkarte könnt ihr mit dem Befehl ip addr herausfinden.
WAN=enp0s31f6

#IP Adressen sind ebenfalls mit dem Befehl ip addr herauszufinden.
IPv6=2a01:4f9:2b:a52::2

chofstede

[Verifying my cryptographic key: openpgp4fpr:0x4A314E80DD8E9D6D]

chofstede

openpgp4fpr:59287776A60D93FE54E25EC9D1D8D9E3F7C3FD81

chofstede

---
- name: Roll out latest openssh packages
  hosts: all
  become: true

  tasks:
    - name: Ensure openssh related packages on Debian based distros are on the latest state
      ansible.builtin.package:
        name:
          - openssh-server

chofstede

---
- name: Enable temporary mitigation for CVE-2024-6387 "regreSSHion"
  hosts: foreman_rhel9hosts
  become: true
  gather_facts: true

  tasks:
    - name: Change LoginGraceTime to 0 in sshd_config
      ansible.builtin.lineinfile:
        path: /etc/ssh/sshd_config

chofstede

proxy_cache_path   /tmp/nginx-cache-instance-media levels=1:2 keys_zone=s3_cache:10m max_size=10g
                    inactive=48h use_temp_path=off;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name media.burningboard.net;

    access_log off;

chofstede

1. Forgejo-runner Container definition (/var/lib/forgejo-runner/.config/containers/systemd/forgejo-runner.container)

[Unit]
Description=Forgejo Runner
After=network-online.target
Wants=network-online.target

[Container]
Exec=forgejo-runner daemon -c /data/runner.yaml 
Image=code.forgejo.org/forgejo/runner:6