ansible-roles-bsd

:warning: This repository is not maintained anymore. Unfortunately, I stopped using and maintaining FreeBSD due to time constraints.

:information_source: For Ansible roles supporting the OpenBSD operating system, please use the new repository called ansible-roles-openbsd.

Index

• About
  • Features
  • Support
  • Dependencies
• Setup
  • Requirements
  • Installation
• Usage
• Roadmap
• Contributing
• License
• Contact
• Credits
• Appendix

About

ansible-roles-bsd is a collection of well curated Ansible roles for the FreeBSD and OpenBSD operating system. All Ansible roles are licensed under the Simplified BSD License.

Features

• Configurations follow the secure-by-default principle
• Roles are mostly self-contained and dependencies avoided
• Roles and services support multiple states (install, remove, enable, disable, inactive)
• Scripts and cronjobs support multiple states (enable, disable)
• Services can be monitored with Monit and exported via monit_exporter to Prometheus
• Scripts support Email and Prometheus monitoring
• Logs can be forwarded with syslog to Loki
• Roles can proxy HTTP/HTTPS traffic through Squid forward proxy
• Host-based firewall restricts ingress and egress traffic by default
• PF can be used as network-based/perimeter firewall
• Restic and rest-server are available as backup solution
• OpenNTPD is configurable as NTP client and server
• Unbound is available as resolving DNS server
• NSD is available as authoritative DNS server
• Prometheus has built-in alerting rules and Grafana dashboards
• Loki has built-in alerting rules and Grafana dashboards
• Parameters are documented with examples and marked when implemented
• Changes adhere to semantic versioning guidelines
• Roles contain changelog

Support

The following operating systems are supported:

• FreeBSD 12.2-*
• OpenBSD 7.1

Dependencies

The Ansible control machine depends on:

• Ansible >= 2.8.0

The Ansible managed node depends on:

• Python >= 2.7.0

Setup

Requirements

Installation

Usage

Roadmap

• Add IPv6 support (freebsd_pf, openbsd_pf...)
• Support monitoring via Coremon
• Add OpenBSD support (cron)
• Add FreeBSD support (opensmtpd, rest_server, rsyslog, suricata, tinc)

Contributing

License

Distributed under the Simplified BSD License.

See LICENSE file for more information.

Contact

Author: [email protected]

Project: ansible-roles-bsd

Credits

See CREDITS file for more information.

Appendix

Loki/Grafana Dashboards

Suricata

Prometheus/Grafana Dashboards

System Status	Script Status

Network Traffic	Ping Prober