From 4c7e68c27666e43a167c8d8cf85e619e7ec9da7b Mon Sep 17 00:00:00 2001
From: Filip Rojek <filip@filiprojek.cz>
Date: Thu, 30 May 2024 17:04:14 +0200
Subject: [PATCH] First commit

---
 ansible.cfg             |  6 +++++
 group_vars/all.yaml     |  4 +++
 hosts                   | 25 ++++++++++++++++++
 playbooks/packages.yaml | 10 ++++++++
 playbooks/reboot.yaml   |  7 +++++
 playbooks/setup.yaml    | 57 +++++++++++++++++++++++++++++++++++++++++
 playbooks/shutdown.yaml |  7 +++++
 playbooks/update.yaml   | 17 ++++++++++++
 8 files changed, 133 insertions(+)
 create mode 100644 ansible.cfg
 create mode 100644 group_vars/all.yaml
 create mode 100644 hosts
 create mode 100644 playbooks/packages.yaml
 create mode 100644 playbooks/reboot.yaml
 create mode 100644 playbooks/setup.yaml
 create mode 100644 playbooks/shutdown.yaml
 create mode 100644 playbooks/update.yaml

diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..4c18d55
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,6 @@
+[defaults]
+inventory = hosts
+remote_user = root
+forks = 8
+interpreter_python = /usr/bin/python3
+nocows=1
diff --git a/group_vars/all.yaml b/group_vars/all.yaml
new file mode 100644
index 0000000..7b2918c
--- /dev/null
+++ b/group_vars/all.yaml
@@ -0,0 +1,4 @@
+---
+ssh_keys:
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZtT/M5QIjvibJB6GMVAFykl3WPHDYUKm1XAKh7T2UD fr@filip-laptop
+
diff --git a/hosts b/hosts
new file mode 100644
index 0000000..b1a8fcd
--- /dev/null
+++ b/hosts
@@ -0,0 +1,25 @@
+[server]
+
+10.123.0.1	# s3
+10.123.0.4	# rpi
+10.123.0.10	# microlab
+10.123.0.11	# media
+
+[server:vars]
+
+ansible_user=ansible
+ansible_ssh_private_key_file=~/.ssh/fofrweb/ansible@fofrweb.com.ssh
+ansible_become_method=doas
+
+[pc]
+
+10.123.0.100	# x230
+10.123.0.102	# filip-laptop
+10.123.0.103	# t480
+
+[pc:vars]
+
+ansible_user=fr
+# ansible_ssh_private_key_file=~/.ssh/fofrweb/ansible@fofrweb.com.ssh
+ansible_become_method=doas
+
diff --git a/playbooks/packages.yaml b/playbooks/packages.yaml
new file mode 100644
index 0000000..f39beec
--- /dev/null
+++ b/playbooks/packages.yaml
@@ -0,0 +1,10 @@
+---
+  - name: add basic packages
+    hosts: server
+    tasks:
+      - name: ensure essential packages installed
+        become: true
+        apk:
+          name: bash,vim,htop,neofetch
+          state: latest
+
diff --git a/playbooks/reboot.yaml b/playbooks/reboot.yaml
new file mode 100644
index 0000000..1713d97
--- /dev/null
+++ b/playbooks/reboot.yaml
@@ -0,0 +1,7 @@
+---
+- name: Reboot all machines
+  hosts: all
+
+  tasks:
+    - name: Reboot all machines
+      ansible.builtin.reboot:
diff --git a/playbooks/setup.yaml b/playbooks/setup.yaml
new file mode 100644
index 0000000..5fdf365
--- /dev/null
+++ b/playbooks/setup.yaml
@@ -0,0 +1,57 @@
+---
+- name: SSH
+  hosts: server
+  tasks:
+    - name: Ensure ansible ssh directory exists
+      file:
+        path: /home/ansible/.ssh
+        state: directory
+
+    - name: Import SSH keys
+      authorized_key:
+        user: ansible
+        key: '{{ item }}'
+        state: present
+      loop: '{{ ssh_keys }}'
+
+    - name: Allow ansible user to only log in on wg0
+      become: true
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        backup: true
+        line: "{{ item }}"
+        insertafter: EOF
+      loop:
+        - "\n# Allow Ansible user to log in only using SSH key and only on wg0 interface"
+        - "Match User ansible Address !10.123.0.0/24"
+        - "    PermitRootLogin no"
+        - "    PasswordAuthentication no"
+        - "    AllowTcpForwarding no"
+        - "    X11Forwarding no"
+      notify: restart sshd
+  handlers:
+    - name: restart sshd
+      become: true
+      service:
+        name: sshd
+        state: restarted
+
+- name: Users
+  hosts: all
+  tasks:
+    - name: Set bash as default shell for root
+      become: true
+      user:
+        name: root
+        shell: /bin/bash
+
+    #- name: User fr
+    #  user:
+    #    name: fr
+    #    password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
+    #    groups:
+    #      # Arduino serial access
+    #      - dialout
+    #      - wheel
+    #    state: present
+
diff --git a/playbooks/shutdown.yaml b/playbooks/shutdown.yaml
new file mode 100644
index 0000000..25c2574
--- /dev/null
+++ b/playbooks/shutdown.yaml
@@ -0,0 +1,7 @@
+---
+- name: Shutdown all machines
+  hosts: all
+
+  tasks:
+    - name: Shutting down
+      community.general.shutdown:
diff --git a/playbooks/update.yaml b/playbooks/update.yaml
new file mode 100644
index 0000000..0b39632
--- /dev/null
+++ b/playbooks/update.yaml
@@ -0,0 +1,17 @@
+---
+  - name: update all servers (alpine)
+    hosts: server
+    tasks:
+      - name: update packages
+        become: true
+        apk:
+          upgrade: yes
+
+  - name: update all computers (voidlinux)
+    hosts: pc
+    tasks:
+      - name: update packages
+        become: true
+        xbps:
+          upgrade: yes
+