From 06e0f212a9f944e11851cdad57aa5efd02594370 Mon Sep 17 00:00:00 2001 From: Robin Krahl Date: Mon, 21 Jan 2019 22:48:09 +0100 Subject: Add common role for basic system setup --- common/defaults/main.yaml | 2 ++ common/files/sshd_config | 12 ++++++++++++ common/files/sudoers | 2 ++ common/handlers/main.yaml | 5 +++++ common/tasks/main.yaml | 6 ++++++ common/tasks/packages.yaml | 16 ++++++++++++++++ common/tasks/sh.yaml | 8 ++++++++ common/tasks/ssh.yaml | 14 ++++++++++++++ common/tasks/sudo.yaml | 13 +++++++++++++ common/tasks/user.yaml | 12 ++++++++++++ 10 files changed, 90 insertions(+) create mode 100644 common/defaults/main.yaml create mode 100644 common/files/sshd_config create mode 100644 common/files/sudoers create mode 100644 common/handlers/main.yaml create mode 100644 common/tasks/main.yaml create mode 100644 common/tasks/packages.yaml create mode 100644 common/tasks/sh.yaml create mode 100644 common/tasks/ssh.yaml create mode 100644 common/tasks/sudo.yaml create mode 100644 common/tasks/user.yaml (limited to 'common') diff --git a/common/defaults/main.yaml b/common/defaults/main.yaml new file mode 100644 index 0000000..f769afa --- /dev/null +++ b/common/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +openssh_server: openssh-server diff --git a/common/files/sshd_config b/common/files/sshd_config new file mode 100644 index 0000000..878b81f --- /dev/null +++ b/common/files/sshd_config @@ -0,0 +1,12 @@ +# Authentication types +ChallengeResponseAuthentication no +PasswordAuthentication no +PubkeyAuthentication yes + +# Authentication details +AuthorizedKeysFile .ssh/authorized_keys +PermitRootLogin no +UsePAM yes + +# Subsystems +Subsystem sftp /usr/lib/ssh/sftp-server diff --git a/common/files/sudoers b/common/files/sudoers new file mode 100644 index 0000000..a85e3db --- /dev/null +++ b/common/files/sudoers @@ -0,0 +1,2 @@ +root ALL=(ALL) NOPASSWD: ALL +%sudo ALL=(ALL) NOPASSWD: ALL diff --git a/common/handlers/main.yaml b/common/handlers/main.yaml new file mode 100644 index 0000000..290a2c8 --- /dev/null +++ b/common/handlers/main.yaml @@ -0,0 +1,5 @@ +--- +- name: reload sshd + service: + name: sshd + state: reloaded diff --git a/common/tasks/main.yaml b/common/tasks/main.yaml new file mode 100644 index 0000000..819cbe6 --- /dev/null +++ b/common/tasks/main.yaml @@ -0,0 +1,6 @@ +--- +- include: packages.yaml +- include: sh.yaml +- include: ssh.yaml +- include: sudo.yaml +- include: user.yaml diff --git a/common/tasks/packages.yaml b/common/tasks/packages.yaml new file mode 100644 index 0000000..41b0aeb --- /dev/null +++ b/common/tasks/packages.yaml @@ -0,0 +1,16 @@ +--- +- name: Install packages + package: + name: "{{ item }}" + state: present + with_items: + - bash + - dash + - "{{ openssh_server }}" + - sudo +- name: Update all packages + apt: + name: "*" + state: latest + force_apt_get: true + update_cache: true diff --git a/common/tasks/sh.yaml b/common/tasks/sh.yaml new file mode 100644 index 0000000..6bc561e --- /dev/null +++ b/common/tasks/sh.yaml @@ -0,0 +1,8 @@ +--- +- name: Configure dash as default sh + file: + src: /bin/sh + dest: dash + owner: root + group: root + state: link diff --git a/common/tasks/ssh.yaml b/common/tasks/ssh.yaml new file mode 100644 index 0000000..6adc5d3 --- /dev/null +++ b/common/tasks/ssh.yaml @@ -0,0 +1,14 @@ +- name: Copy sshd configuration + copy: + src: sshd_config + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: u=rw,g=r,o=r + notify: + - reload sshd +- name: Enable and start sshd + service: + name: sshd + enabled: yes + state: started diff --git a/common/tasks/sudo.yaml b/common/tasks/sudo.yaml new file mode 100644 index 0000000..468dd5b --- /dev/null +++ b/common/tasks/sudo.yaml @@ -0,0 +1,13 @@ +--- +- name: Create sudo group + group: + name: sudo + gid: 27 + state: present +- name: Copy sudo configuration + copy: + src: sudoers + dest: /etc/sudoers + owner: root + group: root + mode: u=r,g=r,o= diff --git a/common/tasks/user.yaml b/common/tasks/user.yaml new file mode 100644 index 0000000..e8e5eb4 --- /dev/null +++ b/common/tasks/user.yaml @@ -0,0 +1,12 @@ +- name: "Create user {{ user_name }}" + user: + name: "{{ user_name }}" + comment: "{{ user_full_name }}" + shell: /bin/bash + uid: 1000 + groups: + - sudo +- name: "Configure authorized key for {{ user_name }}" + authorized_key: + user: "{{ user_name }}" + key: "{{ user_ssh_key }}" -- cgit v1.2.3