2023-05-13 06:44:40 +05:30
|
|
|
- name: Install shit
|
|
|
|
|
hosts: all
|
|
|
|
|
tasks:
|
2023-07-07 22:40:54 +05:30
|
|
|
- name: Std Repo stuff
|
|
|
|
|
ansible.builtin.apt:
|
|
|
|
|
update_cache: true
|
|
|
|
|
name:
|
|
|
|
|
- vim
|
|
|
|
|
- curl
|
|
|
|
|
- wget
|
|
|
|
|
- sudo
|
|
|
|
|
- net-tools
|
|
|
|
|
- nmap
|
|
|
|
|
- python3-pip
|
|
|
|
|
- python3-passlib
|
|
|
|
|
- vnstat
|
|
|
|
|
- chrony
|
|
|
|
|
- name: Enable VNStat service
|
|
|
|
|
ansible.builtin.service:
|
|
|
|
|
name: vnstat
|
|
|
|
|
enabled: true
|
|
|
|
|
state: started
|
|
|
|
|
- name: Enable Chrony (NTP) service
|
|
|
|
|
ansible.builtin.service:
|
|
|
|
|
name: chrony
|
|
|
|
|
enabled: true
|
|
|
|
|
state: started
|
2023-06-10 23:28:18 +05:30
|
|
|
- name: Sysctl
|
|
|
|
|
hosts: all
|
|
|
|
|
tasks:
|
2023-07-07 22:40:54 +05:30
|
|
|
- name: Disable dmesg logging to console
|
|
|
|
|
ansible.posix.sysctl:
|
2023-06-10 23:28:18 +05:30
|
|
|
name: kernel.printk
|
|
|
|
|
value: '3 4 1 3'
|
|
|
|
|
state: present
|
2023-07-07 22:40:54 +05:30
|
|
|
sysctl_set: true
|
2023-05-13 06:44:40 +05:30
|
|
|
- name: Add users
|
|
|
|
|
hosts: all
|
|
|
|
|
vars:
|
|
|
|
|
users:
|
|
|
|
|
- arya
|
2023-06-27 15:18:54 +05:30
|
|
|
- mrlerien
|
2023-05-13 06:44:40 +05:30
|
|
|
- devrand
|
|
|
|
|
- midou
|
2023-07-05 18:12:41 +05:30
|
|
|
- ansiblerunner
|
2023-07-05 19:07:42 +05:30
|
|
|
password: d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db
|
2023-05-13 06:44:40 +05:30
|
|
|
tasks:
|
2023-07-07 22:40:54 +05:30
|
|
|
- name: Bashrc skel
|
|
|
|
|
ansible.builtin.template:
|
2023-05-13 06:44:40 +05:30
|
|
|
src: templates/bashrc.j2
|
|
|
|
|
dest: /etc/skel/.bashrc
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
|
|
|
|
- name: Profile skel
|
|
|
|
|
ansible.builtin.template:
|
2023-05-13 06:44:40 +05:30
|
|
|
src: templates/profile.j2
|
|
|
|
|
dest: /etc/skel/.profile
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
|
|
|
|
- name: Bash_aliases skel
|
|
|
|
|
ansible.builtin.template:
|
2023-05-13 06:44:40 +05:30
|
|
|
src: templates/bash_aliases.j2
|
|
|
|
|
dest: /etc/skel/.bash_aliases
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
|
|
|
|
- name: Prompt skel
|
|
|
|
|
ansible.builtin.template:
|
2023-05-13 06:44:40 +05:30
|
|
|
src: templates/prompt.j2
|
|
|
|
|
dest: /etc/skel/.prompt
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
|
|
|
|
- name: Bashrc root
|
|
|
|
|
ansible.builtin.template:
|
2023-05-13 06:44:40 +05:30
|
|
|
src: templates/bashrc.j2
|
|
|
|
|
dest: /root/.bashrc
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
|
|
|
|
- name: Profile root
|
|
|
|
|
ansible.builtin.template:
|
2023-05-13 06:44:40 +05:30
|
|
|
src: templates/profile.j2
|
|
|
|
|
dest: /root/.profile
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
|
|
|
|
- name: Bash_aliases root
|
|
|
|
|
ansible.builtin.template:
|
2023-05-13 06:44:40 +05:30
|
|
|
src: templates/bash_aliases.j2
|
|
|
|
|
dest: /root/.bash_aliases
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
|
|
|
|
- name: Prompt root
|
|
|
|
|
ansible.builtin.template:
|
2023-05-13 06:44:40 +05:30
|
|
|
src: templates/prompt.j2
|
|
|
|
|
dest: /root/.prompt
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: preserve
|
2023-05-13 06:44:40 +05:30
|
|
|
- name: Add user
|
2023-07-07 22:40:54 +05:30
|
|
|
ansible.builtin.user:
|
2023-05-13 06:44:40 +05:30
|
|
|
name: "{{ item }}"
|
|
|
|
|
group: users
|
|
|
|
|
groups: users,sudo
|
|
|
|
|
password: "{{ password }}"
|
|
|
|
|
shell: /bin/bash
|
|
|
|
|
update_password: on_create # Add the same initial password for all users (can be overwritten by user)
|
2023-07-07 22:40:54 +05:30
|
|
|
with_items:
|
2023-05-13 06:44:40 +05:30
|
|
|
- "{{ users }}"
|
|
|
|
|
- name: "Add authorized keys"
|
2023-07-07 22:40:54 +05:30
|
|
|
ansible.posix.authorized_key:
|
2023-05-13 06:44:40 +05:30
|
|
|
user: "{{ item }}"
|
2023-07-07 22:40:54 +05:30
|
|
|
key: "{{ lookup('file', 'files/' + item + '.pub') }}"
|
2023-05-13 06:44:40 +05:30
|
|
|
with_items:
|
|
|
|
|
- "{{ users }}"
|
|
|
|
|
- name: "Allow admin users to sudo without a password"
|
2023-07-07 22:40:54 +05:30
|
|
|
ansible.builtin.lineinfile:
|
2023-05-13 06:44:40 +05:30
|
|
|
dest: "/etc/sudoers" # path: in version 2.3
|
|
|
|
|
state: "present"
|
|
|
|
|
regexp: "^%sudo"
|
|
|
|
|
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
|
2023-05-31 15:43:54 +05:30
|
|
|
- name: Add extra authorized_key for soleil
|
|
|
|
|
hosts: soleil
|
2023-06-05 13:48:37 +05:30
|
|
|
vars:
|
|
|
|
|
users:
|
|
|
|
|
- arya
|
2023-06-27 15:18:54 +05:30
|
|
|
- mrlerien
|
2023-06-05 13:48:37 +05:30
|
|
|
- devrand
|
|
|
|
|
- midou
|
2023-05-31 15:43:54 +05:30
|
|
|
tasks:
|
|
|
|
|
- name: Add extra authorized_key for soleil
|
2023-07-07 22:40:54 +05:30
|
|
|
ansible.posix.authorized_key:
|
|
|
|
|
user: "{{ item }}"
|
2023-07-14 17:19:15 +05:30
|
|
|
key: corevm_ssh_key
|
2023-05-31 15:43:54 +05:30
|
|
|
with_items:
|
2023-07-07 22:40:54 +05:30
|
|
|
- "{{ users }}"
|
2023-05-13 06:44:40 +05:30
|
|
|
- name: Configure SSHD
|
|
|
|
|
hosts: all
|
|
|
|
|
tasks:
|
2023-07-07 22:40:54 +05:30
|
|
|
- name: Sshd configuration file update
|
|
|
|
|
ansible.builtin.template:
|
2023-05-13 06:44:40 +05:30
|
|
|
src: templates/sshd_config.j2
|
|
|
|
|
dest: /etc/ssh/sshd_config
|
2023-07-07 22:40:54 +05:30
|
|
|
backup: true
|
2023-05-13 06:44:40 +05:30
|
|
|
owner: 0
|
|
|
|
|
group: 0
|
2023-07-07 22:40:54 +05:30
|
|
|
mode: "0644"
|
2023-05-13 06:44:40 +05:30
|
|
|
validate: '/usr/sbin/sshd -T -f %s'
|
|
|
|
|
notify:
|
|
|
|
|
- restart sshd
|
|
|
|
|
handlers:
|
2023-07-07 22:40:54 +05:30
|
|
|
- name: Restart sshd
|
|
|
|
|
ansible.builtin.service:
|
|
|
|
|
name: sshd
|
|
|
|
|
enabled: true
|
|
|
|
|
state: restarted
|
