More changes:
- Remove 'grub' role. We shouldn't touch anything related to the
bootloader here, as it's dangerous. I'll write docs for myself on
this.
- Fix linting here and there, so ansible-lint won't complain
- Refactor group_vars/all.yml to be more readable
- Fix the incorrect use of rate limit on ICMP rule ('over' keyword
matched over the rate limit)
- Use dynamic sets to limit connections on opened ports
- Naively whitelist all libvirt bridges. This includes the whole
192.168.0.0/16 subnet, so it probably will clash with the internal LAN
network. I control my own router :) so I don't mind (just use
a different private IPv4 address space).
- nftables: don't masquerade on IPv6 addresses as SNAT doesn't exist in
IPv6 realm (yet?)
- use `pamd`, `sysctl`, `kernel_blacklist`, `pam_limits`, `mount` Ansible
modules instead of copying files to the right places
- zram: use loops to dynamically configure zram devices
- essential:
- make polkit optional
- move /etc/hosts file to unbound role
- libvirt:
- make libvirt daemons configurable
- delete the firewall patch. Hardcode the rules by default (for now)
so that the playbook is compatible with `ansible-core`
- user: add pam_limits file (moved from dotfiles repository)
- sysctl: role deleted. The task was moved to essential role
- fstab: new role for /run, /tmp, /proc mounts
- add seatd as a 'seat_manager' option
- cron: use find command to restraint deleted files in /var/tmp
Hoang Nguyen