diff options
| author | bnewbold <bnewbold@robocracy.org> | 2017-08-05 11:35:15 -0700 |
|---|---|---|
| committer | bnewbold <bnewbold@robocracy.org> | 2017-08-05 23:55:52 -0700 |
| commit | cb00f9f7462c5d8bce5b5071d1c26a6cc80243d8 (patch) | |
| tree | 03db8db754b76251e02cc5ca37c97c365e91fa0e | |
| parent | 6a637b468f08f4d6881e156a242a7010b3ba8aff (diff) | |
| download | infra-cb00f9f7462c5d8bce5b5071d1c26a6cc80243d8.tar.gz infra-cb00f9f7462c5d8bce5b5071d1c26a6cc80243d8.zip | |
commit bnewbold.the-nsa.org stuff
| -rw-r--r-- | playbooks/init_bnewbold_nsa.yml | 50 | ||||
| -rw-r--r-- | vars/bnewbold_nsa.yml | 17 |
2 files changed, 67 insertions, 0 deletions
diff --git a/playbooks/init_bnewbold_nsa.yml b/playbooks/init_bnewbold_nsa.yml new file mode 100644 index 0000000..be66cc1 --- /dev/null +++ b/playbooks/init_bnewbold_nsa.yml @@ -0,0 +1,50 @@ +--- +- name: Initializing bnewbold.the-nsa.org + hosts: bnewbold.the-nsa.org + remote_user: bnewbold + sudo: True + sudo_user: root + gather_facts: True + vars_files: + - vars/vault.yml + - vars/bnewbold_nsa.yml + + vars: + - admin_email: "bnewbold@the-nsa.org" + - main_user_name: bnewbold + - hostname_fqdn: bnewbold.the-nsa.org + + roles: + - debian_jessie + - hostname + - common + - nullmailer + - nginx + + tasks: + - name: Create main user account + user: name={{main_user_name}} state=present groups=sudo append=yes shell=/bin/bash + - name: Give main user account sudo power + template: src=roles/common/templates/sudoers.j2 dest=/etc/sudoers.d/sudoers owner=root group=root mode=0440 validate='visudo -cf %s' + - name: Install main user authorized SSH keys + authorized_key: user="{{ main_user_name}}" key="{{ item }}" + with_file: + - pubkeys/bnewbold.pub + - name: Install root user authorized SSH keys + authorized_key: user=root key="{{ item }}" + with_file: + - pubkeys/bnewbold.pub + - name: Extra packages for this host + apt: name={{item}} state=installed + with_items: + - socat + - rsyslog + + post_tasks: + - name: Sanity check that we have IPv4 connectivity + command: /bin/ping -c 2 mit.edu + - name: Sanity check that we have IPv6 connectivity + command: /bin/ping6 -c 2 mit.edu + - name: Done + shell: echo 'Done!' + diff --git a/vars/bnewbold_nsa.yml b/vars/bnewbold_nsa.yml new file mode 100644 index 0000000..0f20c93 --- /dev/null +++ b/vars/bnewbold_nsa.yml @@ -0,0 +1,17 @@ + +main_user_name: "bnewbold" +domain: "bnewbold.the-nsa.org" +email_domain: "the-nsa.org" +admin_email: "bnewbold@the-nsa.org" +friendly_networks: + - "robocracy.org" + - "bnewbold.net" + - "the-nsa.org" + - "numm.org" + +sshd_print_motd: "no" +sshd_allow_chall_resp: "yes" + +nullmailer_smtp_host: mail.the-nsa.org +nullmailer_smtp_user: nullmail@the-nsa.org +nullmailer_smtp_pass: "{{ vault_nullmailer_smtp_pass }}" |