fix: update SSH configuration for security and add inotify limits

This commit is contained in:
Nik Afiq 2026-05-16 18:50:01 +09:00
parent 7a2caa824d
commit d3069eb234

View File

@ -34,10 +34,10 @@
line: "{{ item.line }}"
state: present
loop:
- { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' }
- { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' }
- { regexp: '^#?PubkeyAuthentication', line: 'PubkeyAuthentication yes' }
- { regexp: '^#?Port ', line: 'Port 430' }
- { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication no" }
- { regexp: "^#?PermitRootLogin", line: "PermitRootLogin no" }
- { regexp: "^#?PubkeyAuthentication", line: "PubkeyAuthentication yes" }
- { regexp: "^#?Port ", line: "Port 430" }
notify: Restart sshd
- name: Install UFW
@ -75,3 +75,13 @@
group: "{{ username }}"
mode: "0755"
loop: "{{ data_dirs }}"
- name: Set inotify limits
ansible.posix.sysctl:
name: "{{ item.name }}"
value: "{{ item.value }}"
sysctl_file: /etc/sysctl.d/99-inotify.conf
reload: true
loop:
- { name: fs.inotify.max_user_instances, value: 512 }
- { name: fs.inotify.max_user_watches, value: 524288 }