noah.knegt/ansible-automations
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update the setup tasks

Browse Source 
Signed-off-by: Noah Knegt <git@noahknegt.com>
This commit is contained in:
Noah Knegt
2024-04-12 15:12:30 +02:00
parent f12f17658b
commit 2cdea1f6c3
12 changed files with 116 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
roles/setup/tasks/main.yml
View File

@@ -9,16 +9,22 @@
# ===================================================================================================
---
- include_vars: "{{ ansible_distribution }}.yml"
- name: Include distribution variables
ansible.builtin.include_vars: "{{ ansible_distribution }}.yml"
# Setup the ansible user
- include_tasks: users/ansible.yml
- include_tasks: users/noahk.yml
- name: Create ansible user
ansible.builtin.include_tasks: users/ansible.yml
- name: Create usable user
ansible.builtin.include_tasks: users/noahk.yml
# Setup the sshd
- include_tasks: system/openssh.yml
# Setup the sshd
- name: Setup openssh
ansible.builtin.include_tasks: system/openssh.yml
# Setup the repositories for Debian based systems
- include_tasks: software/repositories.yml
- name: Setup Debian based repositories
ansible.builtin.include_tasks: software/repositories.yml
- include_tasks: software/acl.yml
- name: Install and configure UFW
ansible.builtin.include_tasks: software/ufw.yml

15
roles/setup/tasks/software/acl.yml
View File

@@ -1,15 +0,0 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 01-06-2023
# @description :
# ===================================================================================================
---
- name: Install acl
package:
name:
- acl
state: latest

4
roles/setup/tasks/software/repositories.yml
View File

@@ -9,9 +9,9 @@
---
- name: Install aptitude and software-properties-common
package:
ansible.builtin.package:
name:
- aptitude
- software-properties-common
state: latest
state: present
when: ansible_distribution in ["Debian", "Pop!_OS", "Ubuntu"]

47
roles/setup/tasks/software/ufw.yml Normal file
View File

@@ -0,0 +1,47 @@
# ===================================================================================================
# ? ABOUT
# @author : Noah Knegt
# @email : personal@noahknegt.com
# @repo : https://git.noahknegt.com/noah.knegt/ansible-automations
# @createdOn : 01-06-2023
# @description :
# ===================================================================================================
---
- name: Install UFW
ansible.builtin.package:
name: ufw
state: present
- name: UFW deny all incoming traffic
community.general.ufw:
default: deny
direction: incoming
- name: UFW allow all outbound traffic
community.general.ufw:
default: allow
direction: outgoing
- name: Allow all access from RFC1918 networks to this host
community.general.ufw:
direction: incoming
rule: allow
src: "{{ item }}"
loop:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16
- name: UFW allow default ssh port
community.general.ufw:
direction: incoming
rule: limit
port: ssh
- name: UFW allow custom ssh port
when: setup_openssh_port is defined
community.general.ufw:
direction: incoming
rule: allow
port: "{{ setup_openssh_port }}"

34
roles/setup/tasks/system/openssh.yml
View File

@@ -9,20 +9,22 @@
---
- name: Install or update openssh
package:
name: "{{ openssh_package }}"
state: latest
ansible.builtin.package:
name: "{{ setup_openssh_package }}"
state: present
notify:
- restart_sshd
- name: enable ssh daemon
service:
- name: Enable ssh daemon
when: inventory_hostname in groups['datacenter']
ansible.builtin.service:
name: "{{ openssh_service }}"
state: started
enabled: true
- name: configure sshd
template:
- name: Configure sshd
when: inventory_hostname in groups['datacenter']
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
@@ -31,10 +33,24 @@
notify:
- restart_sshd
- name: copy sshd banner
copy:
- name: Copy sshd banner
ansible.builtin.copy:
src: ssh_banner.net
dest: /etc/issue.net
owner: root
group: root
mode: 0644
- name: Copy ssh public key
ansible.builtin.authorized_key:
user: ansible
key: "{{ item }}"
with_file:
- ansible/ansible.pub
- name: Copy ssh public key
ansible.builtin.authorized_key:
user: noahk
key: "{{ item }}"
with_file:
- noahk/noahk.pub

17
roles/setup/tasks/users/ansible.yml
View File

@@ -9,12 +9,12 @@
---
- name: Add ansible group
group:
ansible.builtin.group:
name: ansible
state: present
- name: Add new ansible user
user:
ansible.builtin.user:
name: ansible
group: ansible
groups: ansible,{{ sudo_group }}
@@ -23,7 +23,7 @@
shell: /bin/bash
- name: Add ansible user to sudoers
copy:
ansible.builtin.copy:
src: ansible/ansible_sudoers
dest: /etc/sudoers.d/ansible
owner: root
@@ -31,18 +31,9 @@
mode: 0440
- name: Create .ssh directory
file:
ansible.builtin.file:
path: /home/ansible/.ssh
state: directory
owner: ansible
group: ansible
mode: 0700
with_items:
- dir: /home/ansible/.ssh
- name: Copy ssh public key
authorized_key:
user: ansible
key: "{{ item }}"
with_file:
- ansible/ansible.pub

21
roles/setup/tasks/users/noahk.yml
View File

@@ -9,21 +9,21 @@
---
- name: Create the group
group:
ansible.builtin.group:
name: noahk
state: present
- name: Create the user
user:
ansible.builtin.user:
name: noahk
group: noahk
groups: noahk,{{ sudo_group }}
password: "{{ noahk_password }}"
groups: noahk,{{ setup_sudo_group }}
password: "{{ setup_noahk_password }}"
state: present
shell: /bin/bash
- name: Add user to sudoers
copy:
ansible.builtin.copy:
src: noahk/noahk_sudoers
dest: /etc/sudoers.d/noahk
owner: root
@@ -31,18 +31,9 @@
mode: 0440
- name: Create .ssh directory
file:
ansible.builtin.file:
path: /home/noahk/.ssh
state: directory
owner: noahk
group: noahk
mode: 0700
with_items:
- dir: /home/noahk/.ssh
- name: Copy ssh public key
authorized_key:
user: noahk
key: "{{ item }}"
with_file:
- noahk/noahk.pub