/ansible-roles-bsd

Ansible roles for FreeBSD and OpenBSD

Primary LanguageShellBSD 2-Clause "Simplified" LicenseBSD-2-Clause

ansible-roles-bsd

Contributors Forks Stargazers Issues BSD License

⚠️ This repository is not maintained anymore. Unfortunately, I stopped using and maintaining FreeBSD due to time constraints.

ℹ️ For Ansible roles supporting the OpenBSD operating system, please use the new repository called ansible-roles-openbsd.

Index

About

ansible-roles-bsd is a collection of well curated Ansible roles for the FreeBSD and OpenBSD operating system. All Ansible roles are licensed under the Simplified BSD License.

Features

  • Configurations follow the secure-by-default principle
  • Roles are mostly self-contained and dependencies avoided
  • Roles and services support multiple states (install, remove, enable, disable, inactive)
  • Scripts and cronjobs support multiple states (enable, disable)
  • Services can be monitored with Monit and exported via monit_exporter to Prometheus
  • Scripts support Email and Prometheus monitoring
  • Logs can be forwarded with syslog to Loki
  • Roles can proxy HTTP/HTTPS traffic through Squid forward proxy
  • Host-based firewall restricts ingress and egress traffic by default
  • PF can be used as network-based/perimeter firewall
  • Restic and rest-server are available as backup solution
  • OpenNTPD is configurable as NTP client and server
  • Unbound is available as resolving DNS server
  • NSD is available as authoritative DNS server
  • Prometheus has built-in alerting rules and Grafana dashboards
  • Loki has built-in alerting rules and Grafana dashboards
  • Parameters are documented with examples and marked when implemented
  • Changes adhere to semantic versioning guidelines
  • Roles contain changelog

Support

The following operating systems are supported:

  • FreeBSD 12.2-*
  • OpenBSD 7.1

Dependencies

The Ansible control machine depends on:

The Ansible managed node depends on:

Setup

Requirements

Installation

Usage

Roadmap

  • Add IPv6 support (freebsd_pf, openbsd_pf...)
  • Support monitoring via Coremon
  • Add OpenBSD support (cron)
  • Add FreeBSD support (opensmtpd, rest_server, rsyslog, suricata, tinc)

Contributing

License

Distributed under the Simplified BSD License.

See LICENSE file for more information.

Contact

Author: l@liv.io

Project: ansible-roles-bsd

Credits

See CREDITS file for more information.

Appendix

Loki/Grafana Dashboards

Suricata

Prometheus/Grafana Dashboards

System Status Script Status
Network Traffic Ping Prober