From 10d835e82c6c0282833a12f5aadc93a88ff539a3 Mon Sep 17 00:00:00 2001 From: Uumas Date: Fri, 19 Mar 2021 23:02:08 +0200 Subject: [PATCH] Add things --- .gitignore | 3 --- LICENSE | 2 +- README.md | 2 +- roles/docker/tasks/main.yml | 28 ++++++++++++++++++++++++++++ roles/packages/tasks/main.yml | 5 +++++ roles/ssh/handlers/main.yml | 6 ++++++ roles/ssh/tasks/main.yml | 28 ++++++++++++++++++++++++++++ roles/users/tasks/main.yml | 22 ++++++++++++++++++++++ 8 files changed, 91 insertions(+), 5 deletions(-) delete mode 100644 .gitignore create mode 100644 roles/docker/tasks/main.yml create mode 100644 roles/packages/tasks/main.yml create mode 100644 roles/ssh/handlers/main.yml create mode 100644 roles/ssh/tasks/main.yml create mode 100644 roles/users/tasks/main.yml diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 5c199eb..0000000 --- a/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -# ---> Ansible -*.retry - diff --git a/LICENSE b/LICENSE index 204b93d..4a62de4 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -MIT License Copyright (c) +MIT License Copyright (c) 2021 uumas Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 08dff54..44ee0fc 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,2 @@ -# ansible-collection +# Ansible collection diff --git a/roles/docker/tasks/main.yml b/roles/docker/tasks/main.yml new file mode 100644 index 0000000..16e744e --- /dev/null +++ b/roles/docker/tasks/main.yml @@ -0,0 +1,28 @@ +--- + +- name: Install dependencies + apt: + name: + - apt-transport-https + - ca-certificates + - curl + - gnupg + - lsb-release + update_cache: yes + +- name: Add docker repo signing key + apt_key: + id: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88' + url: 'https://download.docker.com/linux/debian/gpg' +- name: Add docker repo + apt_repository: + repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable" + filename: 'docker' + mode: '644' + +- name: Install docker + apt: + name: + - docker-ce + - docker-ce-cli + - containerd.io diff --git a/roles/packages/tasks/main.yml b/roles/packages/tasks/main.yml new file mode 100644 index 0000000..b70b97e --- /dev/null +++ b/roles/packages/tasks/main.yml @@ -0,0 +1,5 @@ +--- + +- name: Install packages + apt: + name: "{{ install_packages }}" diff --git a/roles/ssh/handlers/main.yml b/roles/ssh/handlers/main.yml new file mode 100644 index 0000000..1e3ceda --- /dev/null +++ b/roles/ssh/handlers/main.yml @@ -0,0 +1,6 @@ +--- + +- name: restart ssh + systemd: + name: ssh + state: restarted diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml new file mode 100644 index 0000000..0a81af1 --- /dev/null +++ b/roles/ssh/tasks/main.yml @@ -0,0 +1,28 @@ +--- + +- name: Disable SSH root login without password + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?PermitRootLogin .*$' + line: "PermitRootLogin prohibit-password" + state: present + validate: '/usr/sbin/sshd -t -f %s' + notify: restart ssh + +- name: Disable PasswordAuthentication + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#PasswordAuthentication .*$' + line: "PasswordAuthentication no" + state: present + validate: '/usr/sbin/sshd -t -f %s' + notify: restart ssh + +- name: Disable X11 forwarding + lineinfile: + path: /etc/ssh/sshd_config + regexp: '^#?X11Forwarding .*$' + line: "X11Forwarding no" + state: present + validate: '/usr/sbin/sshd -t -f %s' + notify: restart ssh diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml new file mode 100644 index 0000000..187b787 --- /dev/null +++ b/roles/users/tasks/main.yml @@ -0,0 +1,22 @@ +--- + +- name: Create users + user: + name: "{{ item.name }}" + password: "{{ item.password }}" + shell: "{{ item.shell | default('/bin/bash') }}" + groups: + - sudo + loop: "{{ users }}" + +- name: Set ssh authorized keys for users + authorized_key: + user: "{{ item.name }}" + key: "{{ item.ssh_pubkey }}" + loop: "{{ users }}" + +- name: Disable login as root with ssh key + file: + path: /root/.ssh/authorized_keys + state: absent + when: ansible_user | default('') != 'root'