many changes

added multiple tasks, files, configurations

roles/base/tasks/system_setup/cron.yml

@@ -0,0 +1,51 @@
+- name: system setup | cron | install cron package
+  tags: packages,cron
+  package:
+    name:
+      - "{{ cron_package }}"
+    state: latest
+
+- name: system setup | cron | start and enable cronie daemon
+  tags: cron
+  service:
+    name: cronie
+    state: started
+    enabled: true
+  when: ansible_distribution == "Archlinux"
+
+- name: system setup | cron | schedule automatic ansible provisioning
+  tags: cron
+  cron:
+    name: "ansible provision"
+    user: ansible
+    hour: "{{ ansible_cron_hour | default('*') }}"
+    minute: "{{ ansible_cron_minute | default('*/30') }}"
+    job: "/usr/local/bin/provision > /dev/null"
+
+- name: system setup | cron | schedule ansible cleanup at boot
+  tags: cron
+  cron:
+    name: "ansible refresh at boot"
+    user: ansible
+    special_time: reboot
+    job: "/bin/rm -rf /home/simone/.ansible"
+
+- name: system setup | cron | Send me a list of upgradeable packages daily
+  tags: cron
+  cron:
+    name: "Send me a list of upgradeable packages"
+    user: root
+    hour: "0"
+    minute: "0"
+    job: "apt list --upgradeable"
+  when: ansible_distribution in ["Debian", "Ubuntu"]
+
+- name: system setup | cron | Send me a list of upgradeable packages daily
+  tags: cron
+  cron:
+    name: "Send me a list of upgradeable packages"
+    user: root
+    hour: "0"
+    minute: "0"
+    job: "{{ root_home }} + '/bin/cron_pacman'"
+  when: ansible_distribution in ["Archlinux"]  

roles/base/tasks/system_setup/openssh.yml

@@ -20,11 +20,28 @@
     owner: root
     group: root
     mode: '0644'
+  notify: restart_sshd
 
-#  template:
-#    src: sshd_config.j2
-#    dest: /etc/ssh/sshd_config
-#    owner: root
-#    group: root
-#    mode: 0644
-#  notify: restart_sshd
+- name: system setup | openssh | install fail2ban
+  tags: fail2ban,ssh,system,settings
+  package:
+    name: fail2ban
+    state: latest
+  notify: restart_fail2ban
+
+-name: system setup | openssh | enable fail2ban
+  tags: fail2ban,ssh,system,settings
+  service:
+    name: fail2ban
+    enabled: yes
+  notify: restart_fail2ban
+
+-name: system setup | openssh | copy local jail for fail2ban
+  tags: fail2ban,ssh,system,settings
+  copy:
+    src: system_setup/jail.local
+    dest: /etc/fail2ban/jail.local
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart_fail2ban

roles/base/tasks/system_setup/scripts.yml

@@ -0,0 +1,8 @@
+- name: system setup | scripts | copy validate-rsync.sh script
+  tags: scripts
+  copy:
+    src: system_setup/validate-rsync.sh
+    dst: "{{ home_root }} + '/validate-rsync.sh'"
+    owner: root
+    group: root
+    mode: '0755'