add "common" role for users, packages and ssh keys

This commit is contained in:
stratholme 2023-03-23 00:57:19 +01:00
parent 9f50095806
commit 42a664fba8
6 changed files with 92 additions and 0 deletions

View file

@ -0,0 +1,24 @@
---
packages:
- "vim"
- "htop"
- "sudo"
- "tmux"
- "zsh"
- "bash"
- "git"
- "build-essential"
- "docker.io"
- "docker-compose"
- "ncdu"
- "curl"
- "wget"
- "unzip"
- "tar"
- "gzip"
- "emacs-nox"
- "man"
- "mtr"
- "nmap"
- "netcat"
- "python3-venv"

View file

@ -0,0 +1,20 @@
---
users:
- name: bsod
uid: 1001
comment: bsod user
shell: /bin/bash
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1IX4cXX3VS6qpALQX+3COD1wPArr8CAMfyGZUYx3t3ZVhxyxvdNJFLZe5mIXEUlRI8Q7MzH9Cr2T9g0O7tJIpwTSiL0ZoUhpPf/fGcUxD+MP7L5Gd5qwxfzlafZGWb7pdcY3AsIfCdZKMGKS6B+D3acweENSKMFiKZ5QBnShjx0Tw6sFmVq6Yaxw82lSmRAu73UskL0wOBA81VkJj7+WOuQWw7aCiIEQGysquo5phMBlnMpl6s7yVL0TGJqMSya//mcwc3T7H7AHshaYYbbsWMURXcaLktXeQw3qTeWDH2JS/UBDfIth1artGQeMYG+ARlrDJVsgbVzZG7A+kMwkz bsod@glados"
- name: lino
uid: 1002
comment: Linus Erbil
shell: /bin/bash
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5vHIAhSnWT3se5lC+DesiTYqELzU7E9JKTh7gNIWS+"
- name: lod
uid: 1003
comment: lod
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHHP8fvK2xoz/WnrZdPT6Qe6l1uILxIiUPHhU+4TrHwgqcba1UmURrF0aZBbXxmZKpQrWQxu6zye27Wk3CYgUQNmyC+qvWT5XtKdy4nlnVj51N7ihEZ5CHtcMBA8vldpE87YCaIgREq0DY05mEHn+5U5GiSvUKkgPLeV3wqEdYVgoDR9/eQ8rwBsQN2wfWJDJx63Ay+wBOxdvmQ4oWquQBpE6gX/dvhtuBG9OCM8hvevvsBg2N9TuMf70mkk/ElLx2rMUPUk3EgKlUhnnHNVSx0HnKiyqs81FdNCOU4tpSht15+9GnI4+ETMjwG617SsyESa1770U5k7VHPwyo0wB1zdQ58DDaA9sWizcREv5ru6Fr7dW8PGFIdx+i8ZsRkIXCP8be1n3KfCySvrLNmGvCoC9avjw3TbGTItXeSFrEdRh/pLkJtfvViU3UnwnT+HuQwCd6BrVKyd1Ee9MSrKKw9rYWph1UUqJK+Q3L/IWIa7pOkO6pMDizCnj8HjyU1YzvEQAkrlCSEQsU78EP4hg/f1BTPH1t/3Uy8q36/0V4dQIa5d1G+DDSgrRukM1G67V0IPq7uKEf6WBaoMb6XTXt8/RB2bLaD0XuRlcA5wkgRAmL8S0dBR9dSzwLMQMM91eCiejxX1akyvDSaSsZ6t2MpHQeG0sTn8Jld8NjSsEkbw=="

View file

@ -0,0 +1,4 @@
- name: Install software
apt:
pkg: "{{ packages }}"

View file

@ -0,0 +1,6 @@
- name: install dependencies
include_tasks: apt.yml
- name: create users
include_tasks: users.yml
- name: configure SSH
include_tasks: ssh.yml

View file

@ -0,0 +1,22 @@
- name: Allow 'sudo' group to have passwordless sudo
lineinfile:
dest: /etc/sudoers
state: present
regexp: '^%sudo'
line: '%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
validate: visudo -cf %s
- name: root login is disabled
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: 'PermitRootLogin no'
notify: restart sshd
- name: SSH Password auth is disabled
lineinfile:
path: /etc/ssh/sshd_config
state: present
line: 'PasswordAuthentication no'
notify: restart sshd

View file

@ -0,0 +1,16 @@
---
- name: Add users
user:
name: "{{ item.name }}"
comment: "{{ item.comment }}"
uid: "{{ item.uid }}"
shell: "{{ item.shell }}"
groups: "sudo"
state: present
loop: "{{ users }}"
- name: Copy SSH Keys
authorized_key:
user: "{{ item.name }}"
key: "{{ item.key }}"
loop: "{{ users }}"