jack/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
infra/roles/base/tasks/main.yml
jack 5befd48a50
Some checks are pending
CI/CD / deploy (push) Blocked by required conditions
Details
CI/CD / syntax-check (push) Successful in 41s
Details
fix: allow Docker bridge networks through UFW for runner + add unattended-upgrades 
firewall.yml:
- Allow 172.16.0.0/12 and 10.0.0.0/8 on ports 80/443 so act_runner
  job containers can reach git.csrx.ru (Forgejo via Traefik)
- Without this, Cloudflare-only rules broke CI/CD pipeline

unattended_upgrades.yml (new):
- Install unattended-upgrades + apt-listchanges
- Configure auto-apply of security patches only (not all updates)
- Auto-clean every 7 days, remove unused deps
- No auto-reboot (manual control over kernel reboots)

base/tasks/main.yml:
- Add unattended_upgrades.yml to task sequence

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-22 04:11:39 +07:00

8 lines
205 B
YAML
Raw Blame History

---
- import_tasks: packages.yml
- import_tasks: swap.yml
- import_tasks: sysctl.yml
- import_tasks: unattended_upgrades.yml
- import_tasks: users.yml
- import_tasks: sshd.yml
- import_tasks: firewall.yml
Reference in a new issue View git blame Copy permalink