add "common" role for users, packages and ssh keys
This commit is contained in:
parent
9f50095806
commit
42a664fba8
6 changed files with 92 additions and 0 deletions
24
ansible/group_vars/all/packages.yml
Normal file
24
ansible/group_vars/all/packages.yml
Normal file
|
@ -0,0 +1,24 @@
|
|||
---
|
||||
packages:
|
||||
- "vim"
|
||||
- "htop"
|
||||
- "sudo"
|
||||
- "tmux"
|
||||
- "zsh"
|
||||
- "bash"
|
||||
- "git"
|
||||
- "build-essential"
|
||||
- "docker.io"
|
||||
- "docker-compose"
|
||||
- "ncdu"
|
||||
- "curl"
|
||||
- "wget"
|
||||
- "unzip"
|
||||
- "tar"
|
||||
- "gzip"
|
||||
- "emacs-nox"
|
||||
- "man"
|
||||
- "mtr"
|
||||
- "nmap"
|
||||
- "netcat"
|
||||
- "python3-venv"
|
20
ansible/group_vars/all/users.yml
Normal file
20
ansible/group_vars/all/users.yml
Normal file
|
@ -0,0 +1,20 @@
|
|||
---
|
||||
users:
|
||||
- name: bsod
|
||||
uid: 1001
|
||||
comment: bsod user
|
||||
shell: /bin/bash
|
||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1IX4cXX3VS6qpALQX+3COD1wPArr8CAMfyGZUYx3t3ZVhxyxvdNJFLZe5mIXEUlRI8Q7MzH9Cr2T9g0O7tJIpwTSiL0ZoUhpPf/fGcUxD+MP7L5Gd5qwxfzlafZGWb7pdcY3AsIfCdZKMGKS6B+D3acweENSKMFiKZ5QBnShjx0Tw6sFmVq6Yaxw82lSmRAu73UskL0wOBA81VkJj7+WOuQWw7aCiIEQGysquo5phMBlnMpl6s7yVL0TGJqMSya//mcwc3T7H7AHshaYYbbsWMURXcaLktXeQw3qTeWDH2JS/UBDfIth1artGQeMYG+ARlrDJVsgbVzZG7A+kMwkz bsod@glados"
|
||||
|
||||
- name: lino
|
||||
uid: 1002
|
||||
comment: Linus Erbil
|
||||
shell: /bin/bash
|
||||
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5vHIAhSnWT3se5lC+DesiTYqELzU7E9JKTh7gNIWS+"
|
||||
|
||||
- name: lod
|
||||
uid: 1003
|
||||
comment: lod
|
||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHHP8fvK2xoz/WnrZdPT6Qe6l1uILxIiUPHhU+4TrHwgqcba1UmURrF0aZBbXxmZKpQrWQxu6zye27Wk3CYgUQNmyC+qvWT5XtKdy4nlnVj51N7ihEZ5CHtcMBA8vldpE87YCaIgREq0DY05mEHn+5U5GiSvUKkgPLeV3wqEdYVgoDR9/eQ8rwBsQN2wfWJDJx63Ay+wBOxdvmQ4oWquQBpE6gX/dvhtuBG9OCM8hvevvsBg2N9TuMf70mkk/ElLx2rMUPUk3EgKlUhnnHNVSx0HnKiyqs81FdNCOU4tpSht15+9GnI4+ETMjwG617SsyESa1770U5k7VHPwyo0wB1zdQ58DDaA9sWizcREv5ru6Fr7dW8PGFIdx+i8ZsRkIXCP8be1n3KfCySvrLNmGvCoC9avjw3TbGTItXeSFrEdRh/pLkJtfvViU3UnwnT+HuQwCd6BrVKyd1Ee9MSrKKw9rYWph1UUqJK+Q3L/IWIa7pOkO6pMDizCnj8HjyU1YzvEQAkrlCSEQsU78EP4hg/f1BTPH1t/3Uy8q36/0V4dQIa5d1G+DDSgrRukM1G67V0IPq7uKEf6WBaoMb6XTXt8/RB2bLaD0XuRlcA5wkgRAmL8S0dBR9dSzwLMQMM91eCiejxX1akyvDSaSsZ6t2MpHQeG0sTn8Jld8NjSsEkbw=="
|
||||
|
||||
|
4
ansible/roles/common/tasks/apt.yml
Normal file
4
ansible/roles/common/tasks/apt.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
- name: Install software
|
||||
apt:
|
||||
pkg: "{{ packages }}"
|
||||
|
6
ansible/roles/common/tasks/main.yml
Normal file
6
ansible/roles/common/tasks/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
- name: install dependencies
|
||||
include_tasks: apt.yml
|
||||
- name: create users
|
||||
include_tasks: users.yml
|
||||
- name: configure SSH
|
||||
include_tasks: ssh.yml
|
22
ansible/roles/common/tasks/ssh.yml
Normal file
22
ansible/roles/common/tasks/ssh.yml
Normal file
|
@ -0,0 +1,22 @@
|
|||
- name: Allow 'sudo' group to have passwordless sudo
|
||||
lineinfile:
|
||||
dest: /etc/sudoers
|
||||
state: present
|
||||
regexp: '^%sudo'
|
||||
line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
|
||||
validate: visudo -cf %s
|
||||
|
||||
- name: root login is disabled
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: present
|
||||
line: 'PermitRootLogin no'
|
||||
notify: restart sshd
|
||||
|
||||
- name: SSH Password auth is disabled
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
state: present
|
||||
line: 'PasswordAuthentication no'
|
||||
notify: restart sshd
|
||||
|
16
ansible/roles/common/tasks/users.yml
Normal file
16
ansible/roles/common/tasks/users.yml
Normal file
|
@ -0,0 +1,16 @@
|
|||
---
|
||||
- name: Add users
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
comment: "{{ item.comment }}"
|
||||
uid: "{{ item.uid }}"
|
||||
shell: "{{ item.shell }}"
|
||||
groups: "sudo"
|
||||
state: present
|
||||
loop: "{{ users }}"
|
||||
|
||||
- name: Copy SSH Keys
|
||||
authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
key: "{{ item.key }}"
|
||||
loop: "{{ users }}"
|
Loading…
Reference in a new issue