ansible/all/playbook.yaml

143 lines
3.8 KiB
YAML
Raw Normal View History

2023-05-13 09:14:40 +08:00
- name: Install shit
hosts: all
tasks:
2023-07-07 22:40:54 +05:30
- name: Std Repo stuff
ansible.builtin.apt:
update_cache: true
name:
2023-08-12 11:01:24 +05:30
- htop
2023-07-07 22:40:54 +05:30
- vim
- curl
- wget
- sudo
- net-tools
- nmap
- python3-pip
- python3-passlib
- vnstat
- chrony
2023-07-21 17:57:57 +05:30
- gdu
- btop
2023-08-12 11:01:24 +05:30
- iperf3
- neofetch
- tmux
- prometheus-node-exporter
2023-08-29 00:54:11 +01:00
- goaccess
2023-07-07 22:40:54 +05:30
- name: Enable VNStat service
ansible.builtin.service:
name: vnstat
enabled: true
state: started
- name: Enable Chrony (NTP) service
ansible.builtin.service:
name: chrony
enabled: true
state: started
- name: Enable Prometheus Node Exporter service
ansible.builtin.service:
name: prometheus-node-exporter
enabled: true
state: started
2023-06-10 23:28:18 +05:30
- name: Sysctl
hosts: all
tasks:
2023-07-07 22:40:54 +05:30
- name: Disable dmesg logging to console
ansible.posix.sysctl:
2023-06-10 23:28:18 +05:30
name: kernel.printk
2023-07-21 13:19:35 +01:00
value: "3 4 1 3"
2023-06-10 23:28:18 +05:30
state: present
2023-07-07 22:40:54 +05:30
sysctl_set: true
2023-05-13 09:14:40 +08:00
- name: Add users
hosts: all
vars:
users:
- arya
2023-06-27 15:18:54 +05:30
- mrlerien
2023-05-13 09:14:40 +08:00
- devrand
- midou
2023-07-05 18:12:41 +05:30
- ansiblerunner
2023-07-05 19:07:42 +05:30
password: d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db
2023-05-13 09:14:40 +08:00
tasks:
2023-07-07 22:40:54 +05:30
- name: Bashrc skel
ansible.builtin.template:
2023-05-13 09:14:40 +08:00
src: templates/bashrc.j2
dest: /etc/skel/.bashrc
2023-07-07 22:40:54 +05:30
mode: preserve
- name: Profile skel
ansible.builtin.template:
2023-05-13 09:14:40 +08:00
src: templates/profile.j2
dest: /etc/skel/.profile
2023-07-07 22:40:54 +05:30
mode: preserve
- name: Bash_aliases skel
ansible.builtin.template:
2023-05-13 09:14:40 +08:00
src: templates/bash_aliases.j2
dest: /etc/skel/.bash_aliases
2023-07-07 22:40:54 +05:30
mode: preserve
- name: Prompt skel
ansible.builtin.template:
2023-05-13 09:14:40 +08:00
src: templates/prompt.j2
dest: /etc/skel/.prompt
2023-07-07 22:40:54 +05:30
mode: preserve
- name: Bashrc root
ansible.builtin.template:
2023-05-13 09:14:40 +08:00
src: templates/bashrc.j2
dest: /root/.bashrc
2023-07-07 22:40:54 +05:30
mode: preserve
- name: Profile root
ansible.builtin.template:
2023-05-13 09:14:40 +08:00
src: templates/profile.j2
dest: /root/.profile
2023-07-07 22:40:54 +05:30
mode: preserve
- name: Bash_aliases root
ansible.builtin.template:
2023-05-13 09:14:40 +08:00
src: templates/bash_aliases.j2
dest: /root/.bash_aliases
2023-07-07 22:40:54 +05:30
mode: preserve
- name: Prompt root
ansible.builtin.template:
2023-05-13 09:14:40 +08:00
src: templates/prompt.j2
dest: /root/.prompt
2023-07-07 22:40:54 +05:30
mode: preserve
2023-05-13 09:14:40 +08:00
- name: Add user
2023-07-07 22:40:54 +05:30
ansible.builtin.user:
2023-05-13 09:14:40 +08:00
name: "{{ item }}"
group: users
groups: users,sudo
password: "{{ password }}"
shell: /bin/bash
update_password: on_create # Add the same initial password for all users (can be overwritten by user)
2023-07-07 22:40:54 +05:30
with_items:
2023-05-13 09:14:40 +08:00
- "{{ users }}"
- name: "Add authorized keys"
2023-07-07 22:40:54 +05:30
ansible.posix.authorized_key:
2023-05-13 09:14:40 +08:00
user: "{{ item }}"
2023-07-07 22:40:54 +05:30
key: "{{ lookup('file', 'files/' + item + '.pub') }}"
2023-05-13 09:14:40 +08:00
with_items:
- "{{ users }}"
- name: "Allow admin users to sudo without a password"
2023-07-07 22:40:54 +05:30
ansible.builtin.lineinfile:
2023-05-13 09:14:40 +08:00
dest: "/etc/sudoers" # path: in version 2.3
state: "present"
regexp: "^%sudo"
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
- name: Configure SSHD
hosts: all
tasks:
2023-07-07 22:40:54 +05:30
- name: Sshd configuration file update
ansible.builtin.template:
2023-05-13 09:14:40 +08:00
src: templates/sshd_config.j2
dest: /etc/ssh/sshd_config
2023-07-07 22:40:54 +05:30
backup: true
2023-05-13 09:14:40 +08:00
owner: 0
group: 0
2023-07-07 22:40:54 +05:30
mode: "0644"
2023-07-21 13:19:35 +01:00
validate: "/usr/sbin/sshd -T -f %s"
2023-05-13 09:14:40 +08:00
notify:
- Restart sshd
2023-05-13 09:14:40 +08:00
handlers:
2023-07-07 22:40:54 +05:30
- name: Restart sshd
ansible.builtin.service:
name: ssh
2023-07-07 22:40:54 +05:30
enabled: true
state: restarted