bastian/deploy_home
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a69392c9b3a76f812753adcd7427ed70d5e05993
deploy_home/ansible/roles/podman/defaults/main.yml
Bastian de Byl 0e9fc3edc3 moved photoprism app to photos. from cloud.
2022-10-02 19:10:55 -04:00

156 lines
4.8 KiB
YAML
Raw Blame History

---
bookstack_path: "{{ podman_volumes }}/bookstack"
cloud_path: "{{ podman_volumes }}/cloud"
drone_path: "{{ podman_volumes }}/drone"
graylog_path: "{{ podman_volumes }}/graylog"
hass_path: "{{ podman_volumes }}/hass"
nginx_path: "{{ podman_volumes }}/nginx"
partkeepr_path: "{{ podman_volumes }}/partkeepr"
photos_path: "{{ podman_volumes }}/photos"
pihole_path: "{{ podman_volumes }}/pihole"
drone_server_proto: "https"
drone_runner_capacity: "4"
# nginx and modsec configuration
assistant_server_name: assistant.bdebyl.net
bookstack_server_name: wiki.skudakrennsport.com
ci_server_name: ci.bdebyl.net
cloud_server_name: cloud.bdebyl.net
home_server_name: home.bdebyl.net
logs_server_name: logs.bdebyl.net
parts_server_name: parts.bdebyl.net
photos_server_name: photos.bdebyl.net
pi_server_name: pi.bdebyl.net
video_server_name: video.bdebyl.net
nginx_conf_path: "{{ nginx_path }}/etc/conf"
modsec_log_path: /var/log/nginx/modsec_audit.log
modsec_rules_path: "{{ nginx_conf_path }}/rules"
modsec_crs_before_rule_conf: "{{ modsec_rules_path }}/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf"
modsec_crs_after_rule_conf: "{{ modsec_rules_path }}/REQUEST-999-EXCLUSION-RULES-AFTER-CRS.conf"
install_path: /usr/share
modsec_path: "{{ install_path }}/modsecurity"
crs_path: "{{ install_path }}/coreruleset"
crs_rules_path: "{{ crs_path }}/rules"
modsec_whitelist_local_re: >-
^SecRule.*REMOTE_ADDR.*192\.168\.1\.1/24.*$
modsec_whitelist_local: >-
SecRule REMOTE_ADDR "@ipMatch 192.168.1.1/24"
"id:1,phase:1,nolog,allow,ctl:ruleEngine=Off"
modsec_git_urls:
- src: "https://github.com/coreruleset/coreruleset.git"
dest: "{{ crs_path }}"
ver: "v3.3.2"
- src: "https://github.com/SpiderLabs/ModSecurity.git"
dest: "{{ modsec_path }}"
ver: "v3.0.6"
modsec_conf_replaces:
- regex: "^SecRuleEngine"
line: "SecRuleEngine On"
- regex: "^SecAuditLog"
line: "SecAuditLog {{ modsec_log_path }}"
modsec_conf_links:
- src: "{{ modsec_path }}/modsecurity.conf-recommended"
dest: "{{ nginx_path }}/etc/modsecurity.conf"
- src: "{{ modsec_path }}/unicode.mapping"
dest: "{{ nginx_path }}/etc/unicode.mapping"
- src: "{{ crs_path }}/crs-setup.conf.example"
dest: "{{ nginx_conf_path }}/crs-setup.conf"
- src: "{{ crs_rules_path }}/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf.example"
dest: "{{ modsec_rules_path }}/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf"
- src: "{{ crs_rules_path }}/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf.example"
dest: "{{ modsec_rules_path }}/RESPONSE-999-EXCLUSION-RULES-AFTER-CRS.conf"
crs_rule_links:
- name: REQUEST-901-INITIALIZATION
enabled: true
- name: REQUEST-903.9001-DRUPAL-EXCLUSION-RULES
enabled: true
- name: REQUEST-903.9002-WORDPRESS-EXCLUSION-RULES
enabled: true
- name: REQUEST-903.9003-NEXTCLOUD-EXCLUSION-RULES
enabled: true
- name: REQUEST-903.9004-DOKUWIKI-EXCLUSION-RULES
enabled: true
- name: REQUEST-903.9005-CPANEL-EXCLUSION-RULES
enabled: true
- name: REQUEST-903.9006-XENFORO-EXCLUSION-RULES
enabled: true
- name: REQUEST-905-COMMON-EXCEPTIONS
enabled: true
- name: REQUEST-910-IP-REPUTATION
enabled: true
- name: REQUEST-911-METHOD-ENFORCEMENT
enabled: true
- name: REQUEST-912-DOS-PROTECTION
enabled: true
- name: REQUEST-913-SCANNER-DETECTION
enabled: true
- name: REQUEST-920-PROTOCOL-ENFORCEMENT
enabled: true
- name: REQUEST-921-PROTOCOL-ATTACK
enabled: true
- name: REQUEST-930-APPLICATION-ATTACK-LFI
enabled: true
- name: REQUEST-931-APPLICATION-ATTACK-RFI
enabled: true
- name: REQUEST-932-APPLICATION-ATTACK-RCE
enabled: true
- name: REQUEST-933-APPLICATION-ATTACK-PHP
enabled: true
- name: REQUEST-934-APPLICATION-ATTACK-NODEJS
enabled: true
- name: REQUEST-941-APPLICATION-ATTACK-XSS
enabled: true
- name: REQUEST-942-APPLICATION-ATTACK-SQLI
enabled: true
- name: REQUEST-943-APPLICATION-ATTACK-SESSION-FIXATION
enabled: true
- name: REQUEST-944-APPLICATION-ATTACK-JAVA
enabled: true
- name: REQUEST-949-BLOCKING-EVALUATION
enabled: false
- name: RESPONSE-950-DATA-LEAKAGES
enabled: true
- name: RESPONSE-951-DATA-LEAKAGES-SQL
enabled: true
- name: RESPONSE-952-DATA-LEAKAGES-JAVA
enabled: true
- name: RESPONSE-953-DATA-LEAKAGES-PHP
enabled: true
- name: RESPONSE-954-DATA-LEAKAGES-IIS
enabled: true
- name: RESPONSE-959-BLOCKING-EVALUATION
enabled: true
- name: RESPONSE-980-CORRELATION
enabled: true
crs_data_links:
- crawlers-user-agents
- iis-errors
- java-classes
- java-code-leakages
- java-errors
- lfi-os-files
- php-config-directives
- php-errors
- php-function-names-933150
- php-function-names-933151
- php-variables
- restricted-files
- restricted-upload
- scanners-headers
- scanners-urls
- scanners-user-agents
- scripting-user-agents
- sql-errors
- unix-shell
- windows-powershell-commands
Reference in New Issue View Git Blame Copy Permalink