aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--playbooks/init_bnewbold_nsa.yml50
-rw-r--r--vars/bnewbold_nsa.yml17
2 files changed, 67 insertions, 0 deletions
diff --git a/playbooks/init_bnewbold_nsa.yml b/playbooks/init_bnewbold_nsa.yml
new file mode 100644
index 0000000..be66cc1
--- /dev/null
+++ b/playbooks/init_bnewbold_nsa.yml
@@ -0,0 +1,50 @@
+---
+- name: Initializing bnewbold.the-nsa.org
+ hosts: bnewbold.the-nsa.org
+ remote_user: bnewbold
+ sudo: True
+ sudo_user: root
+ gather_facts: True
+ vars_files:
+ - vars/vault.yml
+ - vars/bnewbold_nsa.yml
+
+ vars:
+ - admin_email: "bnewbold@the-nsa.org"
+ - main_user_name: bnewbold
+ - hostname_fqdn: bnewbold.the-nsa.org
+
+ roles:
+ - debian_jessie
+ - hostname
+ - common
+ - nullmailer
+ - nginx
+
+ tasks:
+ - name: Create main user account
+ user: name={{main_user_name}} state=present groups=sudo append=yes shell=/bin/bash
+ - name: Give main user account sudo power
+ template: src=roles/common/templates/sudoers.j2 dest=/etc/sudoers.d/sudoers owner=root group=root mode=0440 validate='visudo -cf %s'
+ - name: Install main user authorized SSH keys
+ authorized_key: user="{{ main_user_name}}" key="{{ item }}"
+ with_file:
+ - pubkeys/bnewbold.pub
+ - name: Install root user authorized SSH keys
+ authorized_key: user=root key="{{ item }}"
+ with_file:
+ - pubkeys/bnewbold.pub
+ - name: Extra packages for this host
+ apt: name={{item}} state=installed
+ with_items:
+ - socat
+ - rsyslog
+
+ post_tasks:
+ - name: Sanity check that we have IPv4 connectivity
+ command: /bin/ping -c 2 mit.edu
+ - name: Sanity check that we have IPv6 connectivity
+ command: /bin/ping6 -c 2 mit.edu
+ - name: Done
+ shell: echo 'Done!'
+
diff --git a/vars/bnewbold_nsa.yml b/vars/bnewbold_nsa.yml
new file mode 100644
index 0000000..0f20c93
--- /dev/null
+++ b/vars/bnewbold_nsa.yml
@@ -0,0 +1,17 @@
+
+main_user_name: "bnewbold"
+domain: "bnewbold.the-nsa.org"
+email_domain: "the-nsa.org"
+admin_email: "bnewbold@the-nsa.org"
+friendly_networks:
+ - "robocracy.org"
+ - "bnewbold.net"
+ - "the-nsa.org"
+ - "numm.org"
+
+sshd_print_motd: "no"
+sshd_allow_chall_resp: "yes"
+
+nullmailer_smtp_host: mail.the-nsa.org
+nullmailer_smtp_user: nullmail@the-nsa.org
+nullmailer_smtp_pass: "{{ vault_nullmailer_smtp_pass }}"