First commit

This commit is contained in:
Filip Rojek 2024-05-30 17:04:14 +02:00
commit 4c7e68c276
8 changed files with 133 additions and 0 deletions

6
ansible.cfg Normal file
View File

@ -0,0 +1,6 @@
[defaults]
inventory = hosts
remote_user = root
forks = 8
interpreter_python = /usr/bin/python3
nocows=1

4
group_vars/all.yaml Normal file
View File

@ -0,0 +1,4 @@
---
ssh_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZtT/M5QIjvibJB6GMVAFykl3WPHDYUKm1XAKh7T2UD fr@filip-laptop

25
hosts Normal file
View File

@ -0,0 +1,25 @@
[server]
10.123.0.1 # s3
10.123.0.4 # rpi
10.123.0.10 # microlab
10.123.0.11 # media
[server:vars]
ansible_user=ansible
ansible_ssh_private_key_file=~/.ssh/fofrweb/ansible@fofrweb.com.ssh
ansible_become_method=doas
[pc]
10.123.0.100 # x230
10.123.0.102 # filip-laptop
10.123.0.103 # t480
[pc:vars]
ansible_user=fr
# ansible_ssh_private_key_file=~/.ssh/fofrweb/ansible@fofrweb.com.ssh
ansible_become_method=doas

10
playbooks/packages.yaml Normal file
View File

@ -0,0 +1,10 @@
---
- name: add basic packages
hosts: server
tasks:
- name: ensure essential packages installed
become: true
apk:
name: bash,vim,htop,neofetch
state: latest

7
playbooks/reboot.yaml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Reboot all machines
hosts: all
tasks:
- name: Reboot all machines
ansible.builtin.reboot:

57
playbooks/setup.yaml Normal file
View File

@ -0,0 +1,57 @@
---
- name: SSH
hosts: server
tasks:
- name: Ensure ansible ssh directory exists
file:
path: /home/ansible/.ssh
state: directory
- name: Import SSH keys
authorized_key:
user: ansible
key: '{{ item }}'
state: present
loop: '{{ ssh_keys }}'
- name: Allow ansible user to only log in on wg0
become: true
lineinfile:
path: /etc/ssh/sshd_config
backup: true
line: "{{ item }}"
insertafter: EOF
loop:
- "\n# Allow Ansible user to log in only using SSH key and only on wg0 interface"
- "Match User ansible Address !10.123.0.0/24"
- " PermitRootLogin no"
- " PasswordAuthentication no"
- " AllowTcpForwarding no"
- " X11Forwarding no"
notify: restart sshd
handlers:
- name: restart sshd
become: true
service:
name: sshd
state: restarted
- name: Users
hosts: all
tasks:
- name: Set bash as default shell for root
become: true
user:
name: root
shell: /bin/bash
#- name: User fr
# user:
# name: fr
# password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
# groups:
# # Arduino serial access
# - dialout
# - wheel
# state: present

7
playbooks/shutdown.yaml Normal file
View File

@ -0,0 +1,7 @@
---
- name: Shutdown all machines
hosts: all
tasks:
- name: Shutting down
community.general.shutdown:

17
playbooks/update.yaml Normal file
View File

@ -0,0 +1,17 @@
---
- name: update all servers (alpine)
hosts: server
tasks:
- name: update packages
become: true
apk:
upgrade: yes
- name: update all computers (voidlinux)
hosts: pc
tasks:
- name: update packages
become: true
xbps:
upgrade: yes