From d3069eb234020a8a2e820fded68c0a6b05727f9d Mon Sep 17 00:00:00 2001 From: Nik Afiq Date: Sat, 16 May 2026 18:50:01 +0900 Subject: [PATCH] fix: update SSH configuration for security and add inotify limits --- ansible/roles/common/tasks/main.yaml | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/ansible/roles/common/tasks/main.yaml b/ansible/roles/common/tasks/main.yaml index 46d2dd5..e3eff0f 100644 --- a/ansible/roles/common/tasks/main.yaml +++ b/ansible/roles/common/tasks/main.yaml @@ -34,10 +34,10 @@ line: "{{ item.line }}" state: present loop: - - { regexp: '^#?PasswordAuthentication', line: 'PasswordAuthentication no' } - - { regexp: '^#?PermitRootLogin', line: 'PermitRootLogin no' } - - { regexp: '^#?PubkeyAuthentication', line: 'PubkeyAuthentication yes' } - - { regexp: '^#?Port ', line: 'Port 430' } + - { regexp: "^#?PasswordAuthentication", line: "PasswordAuthentication no" } + - { regexp: "^#?PermitRootLogin", line: "PermitRootLogin no" } + - { regexp: "^#?PubkeyAuthentication", line: "PubkeyAuthentication yes" } + - { regexp: "^#?Port ", line: "Port 430" } notify: Restart sshd - name: Install UFW @@ -75,3 +75,13 @@ group: "{{ username }}" mode: "0755" loop: "{{ data_dirs }}" + +- name: Set inotify limits + ansible.posix.sysctl: + name: "{{ item.name }}" + value: "{{ item.value }}" + sysctl_file: /etc/sysctl.d/99-inotify.conf + reload: true + loop: + - { name: fs.inotify.max_user_instances, value: 512 } + - { name: fs.inotify.max_user_watches, value: 524288 }