First commit

2024-05-30 17:04:14 +02:00 · 2024-05-30 17:04:14 +02:00 · 4c7e68c276
commit 4c7e68c276
8 changed files with 133 additions and 0 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,6 @@
+[defaults]
+inventory = hosts
+remote_user = root
+forks = 8
+interpreter_python = /usr/bin/python3
+nocows=1
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@ -0,0 +1,4 @@
+---
+ssh_keys:
+  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZtT/M5QIjvibJB6GMVAFykl3WPHDYUKm1XAKh7T2UD fr@filip-laptop
+
--- a/25
+++ b/25
@ -0,0 +1,25 @@
+[server]
+
+10.123.0.1	# s3
+10.123.0.4	# rpi
+10.123.0.10	# microlab
+10.123.0.11	# media
+
+[server:vars]
+
+ansible_user=ansible
+ansible_ssh_private_key_file=~/.ssh/fofrweb/ansible@fofrweb.com.ssh
+ansible_become_method=doas
+
+[pc]
+
+10.123.0.100	# x230
+10.123.0.102	# filip-laptop
+10.123.0.103	# t480
+
+[pc:vars]
+
+ansible_user=fr
+# ansible_ssh_private_key_file=~/.ssh/fofrweb/ansible@fofrweb.com.ssh
+ansible_become_method=doas
+
--- a/playbooks/packages.yaml
+++ b/playbooks/packages.yaml
@ -0,0 +1,10 @@
+---
+  - name: add basic packages
+    hosts: server
+    tasks:
+      - name: ensure essential packages installed
+        become: true
+        apk:
+          name: bash,vim,htop,neofetch
+          state: latest
+
--- a/playbooks/reboot.yaml
+++ b/playbooks/reboot.yaml
@ -0,0 +1,7 @@
+---
+- name: Reboot all machines
+  hosts: all
+
+  tasks:
+    - name: Reboot all machines
+      ansible.builtin.reboot:
--- a/playbooks/setup.yaml
+++ b/playbooks/setup.yaml
@ -0,0 +1,57 @@
+---
+- name: SSH
+  hosts: server
+  tasks:
+    - name: Ensure ansible ssh directory exists
+      file:
+        path: /home/ansible/.ssh
+        state: directory
+
+    - name: Import SSH keys
+      authorized_key:
+        user: ansible
+        key: '{{ item }}'
+        state: present
+      loop: '{{ ssh_keys }}'
+
+    - name: Allow ansible user to only log in on wg0
+      become: true
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        backup: true
+        line: "{{ item }}"
+        insertafter: EOF
+      loop:
+        - "\n# Allow Ansible user to log in only using SSH key and only on wg0 interface"
+        - "Match User ansible Address !10.123.0.0/24"
+        - "    PermitRootLogin no"
+        - "    PasswordAuthentication no"
+        - "    AllowTcpForwarding no"
+        - "    X11Forwarding no"
+      notify: restart sshd
+  handlers:
+    - name: restart sshd
+      become: true
+      service:
+        name: sshd
+        state: restarted
+
+- name: Users
+  hosts: all
+  tasks:
+    - name: Set bash as default shell for root
+      become: true
+      user:
+        name: root
+        shell: /bin/bash
+
+    #- name: User fr
+    #  user:
+    #    name: fr
+    #    password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
+    #    groups:
+    #      # Arduino serial access
+    #      - dialout
+    #      - wheel
+    #    state: present
+
--- a/playbooks/shutdown.yaml
+++ b/playbooks/shutdown.yaml
@ -0,0 +1,7 @@
+---
+- name: Shutdown all machines
+  hosts: all
+
+  tasks:
+    - name: Shutting down
+      community.general.shutdown:
--- a/playbooks/update.yaml
+++ b/playbooks/update.yaml
@ -0,0 +1,17 @@
+---
+  - name: update all servers (alpine)
+    hosts: server
+    tasks:
+      - name: update packages
+        become: true
+        apk:
+          upgrade: yes
+
+  - name: update all computers (voidlinux)
+    hosts: pc
+    tasks:
+      - name: update packages
+        become: true
+        xbps:
+          upgrade: yes
+