diff --git a/ansible/roles/common/tasks/main.yaml b/ansible/roles/common/tasks/main.yaml index 46d2dd5..e3eff0f 100644 --- a/ansible/roles/common/tasks/main.yaml +++ b/ansible/roles/common/tasks/main.yaml @@ -34,10 +34,10 @@ line: "{{ item.line }}" state: present loop: - - { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' } - - { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' } - - { regexp: '^#?PubkeyAuthentication', line: 'PubkeyAuthentication yes' } - - { regexp: '^#?Port ', line: 'Port 430' } + - { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication no" } + - { regexp: "^#?PermitRootLogin", line: "PermitRootLogin no" } + - { regexp: "^#?PubkeyAuthentication", line: "PubkeyAuthentication yes" } + - { regexp: "^#?Port ", line: "Port 430" } notify: Restart sshd - name: Install UFW @@ -75,3 +75,13 @@ group: "{{ username }}" mode: "0755" loop: "{{ data_dirs }}" + +- name: Set inotify limits + ansible.posix.sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + sysctl_file: /etc/sysctl.d/99-inotify.conf + reload: true + loop: + - { name: fs.inotify.max_user_instances, value: 512 } + - { name: fs.inotify.max_user_watches, value: 524288 }