Add things

2021-03-19 23:02:08 +02:00
parent c5bd95bebe
commit 10d835e82c
8 changed files with 91 additions and 5 deletions
--- a/roles/docker/tasks/main.yml
+++ b/roles/docker/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+
+- name: Install dependencies
+  apt:
+    name:
+      - apt-transport-https
+      - ca-certificates
+      - curl
+      - gnupg
+      - lsb-release
+    update_cache: yes
+
+- name: Add docker repo signing key
+  apt_key:
+    id: '9DC858229FC7DD38854AE2D88D81803C0EBFCD88'
+    url: 'https://download.docker.com/linux/debian/gpg'
+- name: Add docker repo
+  apt_repository:
+    repo: "deb [arch=amd64] https://download.docker.com/linux/debian {{ ansible_distribution_release }} stable"
+    filename: 'docker'
+    mode: '644'
+
+- name: Install docker
+  apt:
+    name: 
+      - docker-ce
+      - docker-ce-cli
+      - containerd.io
--- a/roles/packages/tasks/main.yml
+++ b/roles/packages/tasks/main.yml
@@ -0,0 +1,5 @@
+---
+
+- name: Install packages
+  apt:
+    name: "{{ install_packages }}"
--- a/roles/ssh/handlers/main.yml
+++ b/roles/ssh/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+
+- name: restart ssh
+  systemd:
+    name: ssh
+    state: restarted
--- a/roles/ssh/tasks/main.yml
+++ b/roles/ssh/tasks/main.yml
@@ -0,0 +1,28 @@
+---
+
+- name: Disable SSH root login without password
+  lineinfile: 
+    path: /etc/ssh/sshd_config
+    regexp: '^#?PermitRootLogin .*$'
+    line: "PermitRootLogin prohibit-password" 
+    state: present
+    validate: '/usr/sbin/sshd -t -f %s'
+  notify: restart ssh
+
+- name: Disable PasswordAuthentication
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#PasswordAuthentication .*$'
+    line: "PasswordAuthentication no"
+    state: present
+    validate: '/usr/sbin/sshd -t -f %s'
+  notify: restart ssh
+
+- name: Disable X11 forwarding
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?X11Forwarding .*$'
+    line: "X11Forwarding no"
+    state: present
+    validate: '/usr/sbin/sshd -t -f %s'
+  notify: restart ssh
--- a/roles/users/tasks/main.yml
+++ b/roles/users/tasks/main.yml
@@ -0,0 +1,22 @@
+---
+
+- name: Create users
+  user:
+    name: "{{ item.name }}"
+    password: "{{ item.password }}"
+    shell: "{{ item.shell | default('/bin/bash') }}"
+    groups:
+      - sudo
+  loop: "{{ users }}"
+
+- name: Set ssh authorized keys for users
+  authorized_key:
+    user: "{{ item.name }}"
+    key: "{{ item.ssh_pubkey }}"
+  loop: "{{ users }}"
+
+- name: Disable login as root with ssh key
+  file:
+    path: /root/.ssh/authorized_keys
+    state: absent
+  when: ansible_user | default('') != 'root'