First commit
This commit is contained in:
commit
4c7e68c276
6
ansible.cfg
Normal file
6
ansible.cfg
Normal file
@ -0,0 +1,6 @@
|
||||
[defaults]
|
||||
inventory = hosts
|
||||
remote_user = root
|
||||
forks = 8
|
||||
interpreter_python = /usr/bin/python3
|
||||
nocows=1
|
4
group_vars/all.yaml
Normal file
4
group_vars/all.yaml
Normal file
@ -0,0 +1,4 @@
|
||||
---
|
||||
ssh_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZtT/M5QIjvibJB6GMVAFykl3WPHDYUKm1XAKh7T2UD fr@filip-laptop
|
||||
|
25
hosts
Normal file
25
hosts
Normal file
@ -0,0 +1,25 @@
|
||||
[server]
|
||||
|
||||
10.123.0.1 # s3
|
||||
10.123.0.4 # rpi
|
||||
10.123.0.10 # microlab
|
||||
10.123.0.11 # media
|
||||
|
||||
[server:vars]
|
||||
|
||||
ansible_user=ansible
|
||||
ansible_ssh_private_key_file=~/.ssh/fofrweb/ansible@fofrweb.com.ssh
|
||||
ansible_become_method=doas
|
||||
|
||||
[pc]
|
||||
|
||||
10.123.0.100 # x230
|
||||
10.123.0.102 # filip-laptop
|
||||
10.123.0.103 # t480
|
||||
|
||||
[pc:vars]
|
||||
|
||||
ansible_user=fr
|
||||
# ansible_ssh_private_key_file=~/.ssh/fofrweb/ansible@fofrweb.com.ssh
|
||||
ansible_become_method=doas
|
||||
|
10
playbooks/packages.yaml
Normal file
10
playbooks/packages.yaml
Normal file
@ -0,0 +1,10 @@
|
||||
---
|
||||
- name: add basic packages
|
||||
hosts: server
|
||||
tasks:
|
||||
- name: ensure essential packages installed
|
||||
become: true
|
||||
apk:
|
||||
name: bash,vim,htop,neofetch
|
||||
state: latest
|
||||
|
7
playbooks/reboot.yaml
Normal file
7
playbooks/reboot.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: Reboot all machines
|
||||
hosts: all
|
||||
|
||||
tasks:
|
||||
- name: Reboot all machines
|
||||
ansible.builtin.reboot:
|
57
playbooks/setup.yaml
Normal file
57
playbooks/setup.yaml
Normal file
@ -0,0 +1,57 @@
|
||||
---
|
||||
- name: SSH
|
||||
hosts: server
|
||||
tasks:
|
||||
- name: Ensure ansible ssh directory exists
|
||||
file:
|
||||
path: /home/ansible/.ssh
|
||||
state: directory
|
||||
|
||||
- name: Import SSH keys
|
||||
authorized_key:
|
||||
user: ansible
|
||||
key: '{{ item }}'
|
||||
state: present
|
||||
loop: '{{ ssh_keys }}'
|
||||
|
||||
- name: Allow ansible user to only log in on wg0
|
||||
become: true
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
backup: true
|
||||
line: "{{ item }}"
|
||||
insertafter: EOF
|
||||
loop:
|
||||
- "\n# Allow Ansible user to log in only using SSH key and only on wg0 interface"
|
||||
- "Match User ansible Address !10.123.0.0/24"
|
||||
- " PermitRootLogin no"
|
||||
- " PasswordAuthentication no"
|
||||
- " AllowTcpForwarding no"
|
||||
- " X11Forwarding no"
|
||||
notify: restart sshd
|
||||
handlers:
|
||||
- name: restart sshd
|
||||
become: true
|
||||
service:
|
||||
name: sshd
|
||||
state: restarted
|
||||
|
||||
- name: Users
|
||||
hosts: all
|
||||
tasks:
|
||||
- name: Set bash as default shell for root
|
||||
become: true
|
||||
user:
|
||||
name: root
|
||||
shell: /bin/bash
|
||||
|
||||
#- name: User fr
|
||||
# user:
|
||||
# name: fr
|
||||
# password: $6$7Z.h8Q6CO9AevdIp$8W2nuvD7ZqeXBO.Azsayx2tJ4L0KD44hOz5aNzpGPN/hUtaROvmY7aJ0x7Ie3CPawp6lV4ln2fHQQ7V5Yuy7k0
|
||||
# groups:
|
||||
# # Arduino serial access
|
||||
# - dialout
|
||||
# - wheel
|
||||
# state: present
|
||||
|
7
playbooks/shutdown.yaml
Normal file
7
playbooks/shutdown.yaml
Normal file
@ -0,0 +1,7 @@
|
||||
---
|
||||
- name: Shutdown all machines
|
||||
hosts: all
|
||||
|
||||
tasks:
|
||||
- name: Shutting down
|
||||
community.general.shutdown:
|
17
playbooks/update.yaml
Normal file
17
playbooks/update.yaml
Normal file
@ -0,0 +1,17 @@
|
||||
---
|
||||
- name: update all servers (alpine)
|
||||
hosts: server
|
||||
tasks:
|
||||
- name: update packages
|
||||
become: true
|
||||
apk:
|
||||
upgrade: yes
|
||||
|
||||
- name: update all computers (voidlinux)
|
||||
hosts: pc
|
||||
tasks:
|
||||
- name: update packages
|
||||
become: true
|
||||
xbps:
|
||||
upgrade: yes
|
||||
|
Loading…
Reference in New Issue
Block a user