import basics from NSA's commission repo

1 files changed, 46 insertions, 0 deletions

diff --git a/playbooks/init_adze.yml b/playbooks/init_adze.yml
new file mode 100644
index 0000000..e2c1f79
--- /dev/null
+++ b/playbooks/init_adze.yml
@@ -0,0 +1,46 @@
+---
+- name: Initializing adze.robocracy.org
+  hosts: adze.robocracy.org
+  remote_user: root
+  gather_facts: True
+  vars_files:
+    - vars/vault.yml
+    - vars/default.yml
+
+  vars:
+    admin_email: "root@robocracy.org"
+    main_user_name: bnewbold
+
+  roles:
+    - debian_jessie
+    - common
+    - nullmailer
+    # TODO: nginx
+
+  tasks:
+    - name: Create main user account
+      user: name={{main_user_name}} state=present groups=sudo append=yes shell=/bin/bash
+    - name: Give main user account sudo power
+      template: src=roles/common/templates/sudoers.j2 dest=/etc/sudoers.d/sudoers owner=root group=root mode=0440 validate='visudo -cf %s'
+    - name: Install main user authorized SSH keys
+      authorized_key: user="{{ main_user_name}}" key="{{ item }}"
+      with_file:
+        - pubkeys/bnewbold.pub
+    - name: Install root user authorized SSH keys
+      authorized_key: user=root key="{{ item }}"
+      with_file:
+        - pubkeys/bnewbold.pub
+    - name: Extra packages for this host
+      apt: name={{item}} state=installed
+      with_items:
+            - socat
+            - rsyslog
+
+  post_tasks:
+    - name: Sanity check that we have IPv4 connectivity
+      command: /bin/ping -c 2 mit.edu
+    - name: Sanity check that we have IPv6 connectivity
+      command: /bin/ping6 -c 2 mit.edu
+    - name: Done
+      shell: echo 'Done!'
+