diff options
author | Robin Krahl <me@robin-krahl.de> | 2019-01-21 22:48:09 +0100 |
---|---|---|
committer | Robin Krahl <me@robin-krahl.de> | 2019-01-21 23:02:41 +0100 |
commit | 06e0f212a9f944e11851cdad57aa5efd02594370 (patch) | |
tree | 0504a946a70ed0734201f7f1094dbc6d6bbdf6eb | |
download | ansible-roles-06e0f212a9f944e11851cdad57aa5efd02594370.tar.gz ansible-roles-06e0f212a9f944e11851cdad57aa5efd02594370.tar.bz2 |
Add common role for basic system setup
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | common/defaults/main.yaml | 2 | ||||
-rw-r--r-- | common/files/sshd_config | 12 | ||||
-rw-r--r-- | common/files/sudoers | 2 | ||||
-rw-r--r-- | common/handlers/main.yaml | 5 | ||||
-rw-r--r-- | common/tasks/main.yaml | 6 | ||||
-rw-r--r-- | common/tasks/packages.yaml | 16 | ||||
-rw-r--r-- | common/tasks/sh.yaml | 8 | ||||
-rw-r--r-- | common/tasks/ssh.yaml | 14 | ||||
-rw-r--r-- | common/tasks/sudo.yaml | 13 | ||||
-rw-r--r-- | common/tasks/user.yaml | 12 |
11 files changed, 91 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..1377554 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.swp diff --git a/common/defaults/main.yaml b/common/defaults/main.yaml new file mode 100644 index 0000000..f769afa --- /dev/null +++ b/common/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +openssh_server: openssh-server diff --git a/common/files/sshd_config b/common/files/sshd_config new file mode 100644 index 0000000..878b81f --- /dev/null +++ b/common/files/sshd_config @@ -0,0 +1,12 @@ +# Authentication types +ChallengeResponseAuthentication no +PasswordAuthentication no +PubkeyAuthentication yes + +# Authentication details +AuthorizedKeysFile .ssh/authorized_keys +PermitRootLogin no +UsePAM yes + +# Subsystems +Subsystem sftp /usr/lib/ssh/sftp-server diff --git a/common/files/sudoers b/common/files/sudoers new file mode 100644 index 0000000..a85e3db --- /dev/null +++ b/common/files/sudoers @@ -0,0 +1,2 @@ +root ALL=(ALL) NOPASSWD: ALL +%sudo ALL=(ALL) NOPASSWD: ALL diff --git a/common/handlers/main.yaml b/common/handlers/main.yaml new file mode 100644 index 0000000..290a2c8 --- /dev/null +++ b/common/handlers/main.yaml @@ -0,0 +1,5 @@ +--- +- name: reload sshd + service: + name: sshd + state: reloaded diff --git a/common/tasks/main.yaml b/common/tasks/main.yaml new file mode 100644 index 0000000..819cbe6 --- /dev/null +++ b/common/tasks/main.yaml @@ -0,0 +1,6 @@ +--- +- include: packages.yaml +- include: sh.yaml +- include: ssh.yaml +- include: sudo.yaml +- include: user.yaml diff --git a/common/tasks/packages.yaml b/common/tasks/packages.yaml new file mode 100644 index 0000000..41b0aeb --- /dev/null +++ b/common/tasks/packages.yaml @@ -0,0 +1,16 @@ +--- +- name: Install packages + package: + name: "{{ item }}" + state: present + with_items: + - bash + - dash + - "{{ openssh_server }}" + - sudo +- name: Update all packages + apt: + name: "*" + state: latest + force_apt_get: true + update_cache: true diff --git a/common/tasks/sh.yaml b/common/tasks/sh.yaml new file mode 100644 index 0000000..6bc561e --- /dev/null +++ b/common/tasks/sh.yaml @@ -0,0 +1,8 @@ +--- +- name: Configure dash as default sh + file: + src: /bin/sh + dest: dash + owner: root + group: root + state: link diff --git a/common/tasks/ssh.yaml b/common/tasks/ssh.yaml new file mode 100644 index 0000000..6adc5d3 --- /dev/null +++ b/common/tasks/ssh.yaml @@ -0,0 +1,14 @@ +- name: Copy sshd configuration + copy: + src: sshd_config + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: u=rw,g=r,o=r + notify: + - reload sshd +- name: Enable and start sshd + service: + name: sshd + enabled: yes + state: started diff --git a/common/tasks/sudo.yaml b/common/tasks/sudo.yaml new file mode 100644 index 0000000..468dd5b --- /dev/null +++ b/common/tasks/sudo.yaml @@ -0,0 +1,13 @@ +--- +- name: Create sudo group + group: + name: sudo + gid: 27 + state: present +- name: Copy sudo configuration + copy: + src: sudoers + dest: /etc/sudoers + owner: root + group: root + mode: u=r,g=r,o= diff --git a/common/tasks/user.yaml b/common/tasks/user.yaml new file mode 100644 index 0000000..e8e5eb4 --- /dev/null +++ b/common/tasks/user.yaml @@ -0,0 +1,12 @@ +- name: "Create user {{ user_name }}" + user: + name: "{{ user_name }}" + comment: "{{ user_full_name }}" + shell: /bin/bash + uid: 1000 + groups: + - sudo +- name: "Configure authorized key for {{ user_name }}" + authorized_key: + user: "{{ user_name }}" + key: "{{ user_ssh_key }}" |