summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRobin Krahl <me@robin-krahl.de>2019-01-21 22:48:09 +0100
committerRobin Krahl <me@robin-krahl.de>2019-01-21 23:02:41 +0100
commit06e0f212a9f944e11851cdad57aa5efd02594370 (patch)
tree0504a946a70ed0734201f7f1094dbc6d6bbdf6eb
downloadansible-roles-06e0f212a9f944e11851cdad57aa5efd02594370.tar.gz
ansible-roles-06e0f212a9f944e11851cdad57aa5efd02594370.tar.bz2
Add common role for basic system setup
-rw-r--r--.gitignore1
-rw-r--r--common/defaults/main.yaml2
-rw-r--r--common/files/sshd_config12
-rw-r--r--common/files/sudoers2
-rw-r--r--common/handlers/main.yaml5
-rw-r--r--common/tasks/main.yaml6
-rw-r--r--common/tasks/packages.yaml16
-rw-r--r--common/tasks/sh.yaml8
-rw-r--r--common/tasks/ssh.yaml14
-rw-r--r--common/tasks/sudo.yaml13
-rw-r--r--common/tasks/user.yaml12
11 files changed, 91 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1377554
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*.swp
diff --git a/common/defaults/main.yaml b/common/defaults/main.yaml
new file mode 100644
index 0000000..f769afa
--- /dev/null
+++ b/common/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+openssh_server: openssh-server
diff --git a/common/files/sshd_config b/common/files/sshd_config
new file mode 100644
index 0000000..878b81f
--- /dev/null
+++ b/common/files/sshd_config
@@ -0,0 +1,12 @@
+# Authentication types
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PubkeyAuthentication yes
+
+# Authentication details
+AuthorizedKeysFile .ssh/authorized_keys
+PermitRootLogin no
+UsePAM yes
+
+# Subsystems
+Subsystem sftp /usr/lib/ssh/sftp-server
diff --git a/common/files/sudoers b/common/files/sudoers
new file mode 100644
index 0000000..a85e3db
--- /dev/null
+++ b/common/files/sudoers
@@ -0,0 +1,2 @@
+root ALL=(ALL) NOPASSWD: ALL
+%sudo ALL=(ALL) NOPASSWD: ALL
diff --git a/common/handlers/main.yaml b/common/handlers/main.yaml
new file mode 100644
index 0000000..290a2c8
--- /dev/null
+++ b/common/handlers/main.yaml
@@ -0,0 +1,5 @@
+---
+- name: reload sshd
+ service:
+ name: sshd
+ state: reloaded
diff --git a/common/tasks/main.yaml b/common/tasks/main.yaml
new file mode 100644
index 0000000..819cbe6
--- /dev/null
+++ b/common/tasks/main.yaml
@@ -0,0 +1,6 @@
+---
+- include: packages.yaml
+- include: sh.yaml
+- include: ssh.yaml
+- include: sudo.yaml
+- include: user.yaml
diff --git a/common/tasks/packages.yaml b/common/tasks/packages.yaml
new file mode 100644
index 0000000..41b0aeb
--- /dev/null
+++ b/common/tasks/packages.yaml
@@ -0,0 +1,16 @@
+---
+- name: Install packages
+ package:
+ name: "{{ item }}"
+ state: present
+ with_items:
+ - bash
+ - dash
+ - "{{ openssh_server }}"
+ - sudo
+- name: Update all packages
+ apt:
+ name: "*"
+ state: latest
+ force_apt_get: true
+ update_cache: true
diff --git a/common/tasks/sh.yaml b/common/tasks/sh.yaml
new file mode 100644
index 0000000..6bc561e
--- /dev/null
+++ b/common/tasks/sh.yaml
@@ -0,0 +1,8 @@
+---
+- name: Configure dash as default sh
+ file:
+ src: /bin/sh
+ dest: dash
+ owner: root
+ group: root
+ state: link
diff --git a/common/tasks/ssh.yaml b/common/tasks/ssh.yaml
new file mode 100644
index 0000000..6adc5d3
--- /dev/null
+++ b/common/tasks/ssh.yaml
@@ -0,0 +1,14 @@
+- name: Copy sshd configuration
+ copy:
+ src: sshd_config
+ dest: /etc/ssh/sshd_config
+ owner: root
+ group: root
+ mode: u=rw,g=r,o=r
+ notify:
+ - reload sshd
+- name: Enable and start sshd
+ service:
+ name: sshd
+ enabled: yes
+ state: started
diff --git a/common/tasks/sudo.yaml b/common/tasks/sudo.yaml
new file mode 100644
index 0000000..468dd5b
--- /dev/null
+++ b/common/tasks/sudo.yaml
@@ -0,0 +1,13 @@
+---
+- name: Create sudo group
+ group:
+ name: sudo
+ gid: 27
+ state: present
+- name: Copy sudo configuration
+ copy:
+ src: sudoers
+ dest: /etc/sudoers
+ owner: root
+ group: root
+ mode: u=r,g=r,o=
diff --git a/common/tasks/user.yaml b/common/tasks/user.yaml
new file mode 100644
index 0000000..e8e5eb4
--- /dev/null
+++ b/common/tasks/user.yaml
@@ -0,0 +1,12 @@
+- name: "Create user {{ user_name }}"
+ user:
+ name: "{{ user_name }}"
+ comment: "{{ user_full_name }}"
+ shell: /bin/bash
+ uid: 1000
+ groups:
+ - sudo
+- name: "Configure authorized key for {{ user_name }}"
+ authorized_key:
+ user: "{{ user_name }}"
+ key: "{{ user_ssh_key }}"