ProjectSegfault/ansible
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

init

Browse Source
This commit is contained in:
Arya
2023-05-13 09:14:40 +08:00
commit 10f95ff535
34 changed files with 1385 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
all/files/arya.pub Normal file
View File

@@ -0,0 +1,2 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeUQKFE6j+legQS2aam8VlwaGJ1r5BfJevbMUxpAi6N aryakiran@zohomail.eu

2
all/files/devrand.pub Normal file
View File

@@ -0,0 +1,2 @@
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIE4EqdlXF8o8Fdf0v/I8sowP7Rw3tZiY5i/CP131AX5dAAAAC3NzaDp0ZXJtaXVz Generated By Termius

1
all/files/midou.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZRpxFYvYt3tfllosegLv3c/IV7+AhMUSfNQio/3kVY ServerAccess

109
all/playbook.yaml Normal file
View File

@@ -0,0 +1,109 @@
---
- name: Install shit
hosts: all
tasks:
- name: Std Repo stuff
apt:
update_cache: true
name:
- vim
- curl
- wget
- sudo
- net-tools
- nmap
- python3-pip
- python3-passlib
- vnstat
- name: Enable VNStat service
service:
name: vnstat
enabled: yes
state: started
- name: Add users
hosts: all
vars:
users:
- arya
- devrand
- midou
vars_prompt:
- name: password
prompt: What is password to be used for all accs? (initial if no password is already set)
encrypt: sha512_crypt
confirm: true
salt_size: 6
tasks:
- name: bashrc skel
template:
src: templates/bashrc.j2
dest: /etc/skel/.bashrc
- name: profile skel
template:
src: templates/profile.j2
dest: /etc/skel/.profile
- name: bash_aliases skel
template:
src: templates/bash_aliases.j2
dest: /etc/skel/.bash_aliases
- name: prompt skel
template:
src: templates/prompt.j2
dest: /etc/skel/.prompt
- name: bashrc root
template:
src: templates/bashrc.j2
dest: /root/.bashrc
- name: profile root
template:
src: templates/profile.j2
dest: /root/.profile
- name: bash_aliases root
template:
src: templates/bash_aliases.j2
dest: /root/.bash_aliases
- name: prompt root
template:
src: templates/prompt.j2
dest: /root/.prompt
- name: Add user
user:
name: "{{ item }}"
group: users
groups: users,sudo
password: "{{ password }}"
shell: /bin/bash
update_password: on_create # Add the same initial password for all users (can be overwritten by user)
with_items:
- "{{ users }}"
- name: "Add authorized keys"
authorized_key:
user: "{{ item }}"
key: "{{ lookup('file', 'files/'+ item + '.pub') }}"
with_items:
- "{{ users }}"
- name: "Allow admin users to sudo without a password"
lineinfile:
dest: "/etc/sudoers" # path: in version 2.3
state: "present"
regexp: "^%sudo"
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
- name: Configure SSHD
hosts: all
tasks:
- name: sshd configuration file update
template:
src: templates/sshd_config.j2
dest: /etc/ssh/sshd_config
backup: yes
owner: 0
group: 0
mode: 0644
validate: '/usr/sbin/sshd -T -f %s'
notify:
- restart sshd
handlers:
- name: restart sshd
service: name=sshd state=restarted

37
all/templates/bash_aliases.j2 Normal file
View File

@@ -0,0 +1,37 @@
# General
alias clear="printf '\033c'" # faster than ncurses clear by a lot
alias c='clear'
alias bashrc="vim ~/.bashrc && source ~/.bashrc"
# LS
alias ls='ls --color=auto -FAh'
alias ll='ls -l'
alias la='ls'
alias l.='ls | egrep "^\."'
alias l=ls
# GREP
alias grep='grep --color=auto'
alias egrep='egrep --color=auto'
alias fgrep='fgrep --color=auto'
# GIT
alias ga='git add'
alias gc='git commit'
alias gp='git push'
alias lc='fc -nl $HISTCMD'
# CADDY
alias rc='caddy reload --config ~/Caddyfile'
alias ft='caddy fmt --overwrite ~/Caddyfile'
alias vt='caddy validate --config ~/Caddyfile'
# DOCKER
alias dockup='docker compose pull; docker compose down && docker compose up -d --build --remove-orphans'
# Navigation
alias ..='cd ..'
alias ...='cd ../../'
alias ....='cd ../../../'
alias .....='cd ../../../../'
# Readability
alias cp="cp -iv"
alias mv='mv -iv'
alias rm='rm -iv'
alias df='df -h'
alias free='free -m'
alias mkdir='mkdir -pv'

42
all/templates/bashrc.j2 Normal file
View File

@@ -0,0 +1,42 @@
# If not running interactively, don't do anything
case $- in
*i*) ;;
*) return;;
esac
export HISTCONTROL=ignoredups:erasedups
export HISTFILESIZE=
export HISTSIZE=
export HISTTIMEFORMAT="[%F %T] "
# Change the file location because certain bash sessions truncate .bash_history file upon close.
# http://superuser.com/questions/575479/bash-history-truncated-to-500-lines-on-each-login
export HISTFILE=~/.bash_history
# Force prompt to write history after every command.
# http://superuser.com/questions/20900/bash-history-loss
PROMPT_COMMAND="history -a; $PROMPT_COMMAND"
shopt -s autocd # change to named directory
shopt -s cdspell # autocorrects cd misspellings
shopt -s cmdhist # save multi-line commands in history as single line
shopt -s dotglob
shopt -s histappend # do not overwrite history
shopt -s expand_aliases # expand aliases
shopt -s extglob
#ignore upper and lowercase when TAB completion
bind "set completion-ignore-case on"
# colored GCC warnings and errors
export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
if [ -f ~/.bash_aliases ]; then
. ~/.bash_aliases
fi
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc and /etc/profile
# sources /etc/bash.bashrc).
if ! shopt -oq posix; then
if [ -f /usr/share/bash-completion/bash_completion ]; then
. /usr/share/bash-completion/bash_completion
elif [ -f /etc/bash_completion ]; then
. /etc/bash_completion
fi
fi

28
all/templates/profile.j2 Normal file
View File

@@ -0,0 +1,28 @@
# ~/.profile: executed by the command interpreter for login shells.
# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login
# exists.
# see /usr/share/doc/bash/examples/startup-files for examples.
# the files are located in the bash-doc package.
# the default umask is set in /etc/profile; for setting the umask
# for ssh logins, install and configure the libpam-umask package.
#umask 022
# if running bash
if [ -n "$BASH_VERSION" ]; then
# include .bashrc if it exists
if [ -f "$HOME/.bashrc" ]; then
. "$HOME/.bashrc"
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/bin" ] ; then
PATH="$HOME/bin:$PATH"
fi
# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
PATH="$HOME/.local/bin:$PATH"
fi
. "$HOME/.prompt"

57
all/templates/prompt.j2 Normal file
View File

@@ -0,0 +1,57 @@
__sig() {
# Giant switch case for getting the name of the signal (`kill -l`)
a=0
for i in $@; do
a=$((a+1))
case $i in
126) printf ACCES ;;
127) printf NOENT ;;
129) printf HUP ;;
130) printf INT ;;
131) printf QUIT ;;
132) printf ILL ;;
133) printf TRAP ;;
134) printf ABRT ;;
135) printf BUS ;;
136) printf FPE ;;
137) printf KILL ;;
138) printf USR1 ;;
139) printf SEGV ;;
140) printf USR2 ;;
141) printf PIPE ;;
142) printf ALRM ;;
143) printf TERM ;;
144) printf STKFLT ;;
145) printf CHLD ;;
146) printf CONT ;;
147) printf STOP ;;
148) printf TSTP ;;
149) printf TTIN ;;
150) printf TTOU ;;
151) printf URG ;;
152) printf XCPU ;;
153) printf XFSZ ;;
154) printf VTALRM ;;
155) printf PROF ;;
156) printf WINCH ;;
157) printf IO ;;
158) printf PWR ;;
159) printf SYS ;;
16[3-9]|1[7-8][0-9]|19[0-2]) printf RT$(($i-128)) ;; # Savagery
*) printf $i ;; # Print exit code if not in list
esac
done
}
sig() {
PLC=(${PIPESTATUS[@]})
printf "$(__sig ${PLC[@]})"
}
NO_COLOUR="\[\033[0m\]"
# Bold Colours
RED="\[\033[01;31m\]"
GREEN="\[\033[01;32m\]"
YELLOW="\[\033[01;33m\]"
BLUE="\[\033[01;34m\]"
PS1="[${RED}\$(sig)${NO_COLOUR}] [\t] [${RED}\u${NO_COLOUR}@${GREEN}\h${NO_COLOUR}|${BLUE}\w${NO_COLOUR}] [${YELLOW}#\#${NO_COLOUR}] ${GREEN}\$ ${NO_COLOUR}"

15
all/templates/sshd_config.j2 Normal file
View File

@@ -0,0 +1,15 @@
{% if inventory_hostname == 'eu' %}
Port 222
{% else %}
Port 22
{% endif %}
PermitRootLogin prohibit-password
PasswordAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM no
X11Forwarding no
PrintMotd yes
UseDNS no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server