From 06e0f212a9f944e11851cdad57aa5efd02594370 Mon Sep 17 00:00:00 2001
From: Robin Krahl <me@robin-krahl.de>
Date: Mon, 21 Jan 2019 22:48:09 +0100
Subject: Add common role for basic system setup

---
 common/defaults/main.yaml  |  2 ++
 common/files/sshd_config   | 12 ++++++++++++
 common/files/sudoers       |  2 ++
 common/handlers/main.yaml  |  5 +++++
 common/tasks/main.yaml     |  6 ++++++
 common/tasks/packages.yaml | 16 ++++++++++++++++
 common/tasks/sh.yaml       |  8 ++++++++
 common/tasks/ssh.yaml      | 14 ++++++++++++++
 common/tasks/sudo.yaml     | 13 +++++++++++++
 common/tasks/user.yaml     | 12 ++++++++++++
 10 files changed, 90 insertions(+)
 create mode 100644 common/defaults/main.yaml
 create mode 100644 common/files/sshd_config
 create mode 100644 common/files/sudoers
 create mode 100644 common/handlers/main.yaml
 create mode 100644 common/tasks/main.yaml
 create mode 100644 common/tasks/packages.yaml
 create mode 100644 common/tasks/sh.yaml
 create mode 100644 common/tasks/ssh.yaml
 create mode 100644 common/tasks/sudo.yaml
 create mode 100644 common/tasks/user.yaml

(limited to 'common')

diff --git a/common/defaults/main.yaml b/common/defaults/main.yaml
new file mode 100644
index 0000000..f769afa
--- /dev/null
+++ b/common/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+openssh_server: openssh-server
diff --git a/common/files/sshd_config b/common/files/sshd_config
new file mode 100644
index 0000000..878b81f
--- /dev/null
+++ b/common/files/sshd_config
@@ -0,0 +1,12 @@
+# Authentication types
+ChallengeResponseAuthentication no
+PasswordAuthentication no
+PubkeyAuthentication yes
+
+# Authentication details
+AuthorizedKeysFile	.ssh/authorized_keys
+PermitRootLogin no
+UsePAM yes
+
+# Subsystems
+Subsystem	sftp	/usr/lib/ssh/sftp-server
diff --git a/common/files/sudoers b/common/files/sudoers
new file mode 100644
index 0000000..a85e3db
--- /dev/null
+++ b/common/files/sudoers
@@ -0,0 +1,2 @@
+root ALL=(ALL) NOPASSWD: ALL
+%sudo ALL=(ALL) NOPASSWD: ALL
diff --git a/common/handlers/main.yaml b/common/handlers/main.yaml
new file mode 100644
index 0000000..290a2c8
--- /dev/null
+++ b/common/handlers/main.yaml
@@ -0,0 +1,5 @@
+---
+- name: reload sshd
+  service:
+    name: sshd
+    state: reloaded
diff --git a/common/tasks/main.yaml b/common/tasks/main.yaml
new file mode 100644
index 0000000..819cbe6
--- /dev/null
+++ b/common/tasks/main.yaml
@@ -0,0 +1,6 @@
+---
+- include: packages.yaml
+- include: sh.yaml
+- include: ssh.yaml
+- include: sudo.yaml
+- include: user.yaml
diff --git a/common/tasks/packages.yaml b/common/tasks/packages.yaml
new file mode 100644
index 0000000..41b0aeb
--- /dev/null
+++ b/common/tasks/packages.yaml
@@ -0,0 +1,16 @@
+---
+- name: Install packages
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - bash
+    - dash
+    - "{{ openssh_server }}"
+    - sudo
+- name: Update all packages
+  apt:
+    name: "*"
+    state: latest
+    force_apt_get: true
+    update_cache: true
diff --git a/common/tasks/sh.yaml b/common/tasks/sh.yaml
new file mode 100644
index 0000000..6bc561e
--- /dev/null
+++ b/common/tasks/sh.yaml
@@ -0,0 +1,8 @@
+---
+- name: Configure dash as default sh
+  file:
+    src: /bin/sh
+    dest: dash
+    owner: root
+    group: root
+    state: link
diff --git a/common/tasks/ssh.yaml b/common/tasks/ssh.yaml
new file mode 100644
index 0000000..6adc5d3
--- /dev/null
+++ b/common/tasks/ssh.yaml
@@ -0,0 +1,14 @@
+- name: Copy sshd configuration
+  copy:
+    src: sshd_config
+    dest: /etc/ssh/sshd_config
+    owner: root
+    group: root
+    mode: u=rw,g=r,o=r
+  notify:
+    - reload sshd
+- name: Enable and start sshd
+  service:
+    name: sshd
+    enabled: yes
+    state: started
diff --git a/common/tasks/sudo.yaml b/common/tasks/sudo.yaml
new file mode 100644
index 0000000..468dd5b
--- /dev/null
+++ b/common/tasks/sudo.yaml
@@ -0,0 +1,13 @@
+---
+- name: Create sudo group
+  group:
+    name: sudo
+    gid: 27
+    state: present
+- name: Copy sudo configuration
+  copy:
+    src: sudoers
+    dest: /etc/sudoers
+    owner: root
+    group: root
+    mode: u=r,g=r,o=
diff --git a/common/tasks/user.yaml b/common/tasks/user.yaml
new file mode 100644
index 0000000..e8e5eb4
--- /dev/null
+++ b/common/tasks/user.yaml
@@ -0,0 +1,12 @@
+- name: "Create user {{ user_name }}"
+  user:
+    name: "{{ user_name }}"
+    comment: "{{ user_full_name }}"
+    shell: /bin/bash
+    uid: 1000
+    groups:
+      - sudo
+- name: "Configure authorized key for {{ user_name }}"
+  authorized_key:
+    user: "{{ user_name }}"
+    key: "{{ user_ssh_key }}"
-- 
cgit v1.2.1