ansible/all/playbook.yaml

136 lines
3.8 KiB
YAML
Raw Normal View History

2023-05-13 09:14:40 +08:00
---
- name: Install shit
hosts: all
tasks:
- name: Std Repo stuff
apt:
update_cache: true
name:
- vim
- curl
- wget
- sudo
- net-tools
- nmap
- python3-pip
- python3-passlib
- vnstat
- chrony
2023-05-13 09:14:40 +08:00
- name: Enable VNStat service
service:
name: vnstat
enabled: yes
state: started
- name: Enable Chrony (NTP) service
service:
name: chrony
enabled: yes
state: started
2023-06-10 23:28:18 +05:30
- name: Sysctl
hosts: all
tasks:
- name: disable dmesg logging to console
sysctl:
name: kernel.printk
value: '3 4 1 3'
state: present
sysctl_set: yes
2023-05-13 09:14:40 +08:00
- name: Add users
hosts: all
vars:
users:
- arya
2023-06-27 15:18:54 +05:30
- mrlerien
2023-05-13 09:14:40 +08:00
- devrand
- midou
2023-07-05 18:12:41 +05:30
- ansiblerunner
2023-07-05 19:07:42 +05:30
password: d404559f602eab6fd602ac7680dacbfaadd13630335e951f097af3900e9de176b6db28512f2e000b9d04fba5133e8b1c6e8df59db3a8ab9d60be4b97cc9e81db
2023-05-13 09:14:40 +08:00
tasks:
- name: bashrc skel
template:
src: templates/bashrc.j2
dest: /etc/skel/.bashrc
- name: profile skel
template:
src: templates/profile.j2
dest: /etc/skel/.profile
- name: bash_aliases skel
template:
src: templates/bash_aliases.j2
dest: /etc/skel/.bash_aliases
- name: prompt skel
template:
src: templates/prompt.j2
dest: /etc/skel/.prompt
- name: bashrc root
template:
src: templates/bashrc.j2
dest: /root/.bashrc
- name: profile root
template:
src: templates/profile.j2
dest: /root/.profile
- name: bash_aliases root
template:
src: templates/bash_aliases.j2
dest: /root/.bash_aliases
- name: prompt root
template:
src: templates/prompt.j2
dest: /root/.prompt
- name: Add user
user:
name: "{{ item }}"
group: users
groups: users,sudo
password: "{{ password }}"
shell: /bin/bash
update_password: on_create # Add the same initial password for all users (can be overwritten by user)
with_items:
- "{{ users }}"
- name: "Add authorized keys"
authorized_key:
user: "{{ item }}"
key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
with_items:
- "{{ users }}"
- name: "Allow admin users to sudo without a password"
lineinfile:
dest: "/etc/sudoers" # path: in version 2.3
state: "present"
regexp: "^%sudo"
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
2023-05-31 18:13:54 +08:00
- name: Add extra authorized_key for soleil
hosts: soleil
2023-06-05 16:18:37 +08:00
vars:
users:
- arya
2023-06-27 15:18:54 +05:30
- mrlerien
2023-06-05 16:18:37 +08:00
- devrand
- midou
2023-05-31 18:13:54 +08:00
tasks:
- name: Add extra authorized_key for soleil
authorized_key:
user: "{{item}}"
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCn7RsO05kXSKBBopwzAri/MfhRwA+iuB1X96jQl0rhYvGmYVZLi0CPyXzE2laL5tRiyXYsIgHTVCfsn+CF+ilFXBa+xLcJ9Yau/SjtnZASixljeZuy0o3aTdl/IqcOcLVCdDaatuzOXFTjZCE+r67FqxFcaw9lzWi7QjtE1j8ar5+qo278XWWltYogxccHXBXqDr2chz95Ye0lAEIWp0LOgkSYjVNNKaAc7Y6kwr7SlwKMdlfbY6WPOyRQX5l1rnpU6Cw4mRf+l06+drpkGFIll3dulm0CNIoXYVy3W5Hr+C0Z6FT0bqZP1NuG1bDWTlwbMD3jIfBqhTI3V7oL5EvHCh3KsHfE7bS97F7MoeNx1xZrj2zIbkakdsxvm5oXra2RXpLbQXEzZDntGYoPaJT70yvnBSpxNDtzhUzZKwlTZIGN3LU/9USfmVTphZAR7l/BmT+j64eUZevuy3ht6iQQigkmi6KwXySXlUuUq2pXwTA/Dq1er3NclwTwT+v1QJ8= user@CoreVM"
with_items:
- "{{users}}"
2023-05-13 09:14:40 +08:00
- name: Configure SSHD
hosts: all
tasks:
- name: sshd configuration file update
template:
src: templates/sshd_config.j2
dest: /etc/ssh/sshd_config
backup: yes
owner: 0
group: 0
mode: 0644
validate: '/usr/sbin/sshd -T -f %s'
notify:
- restart sshd
handlers:
- name: restart sshd
service: name=sshd state=restarted