diff options
-rw-r--r-- | playbooks/init_bnewbold_nsa.yml | 50 | ||||
-rw-r--r-- | vars/bnewbold_nsa.yml | 17 |
2 files changed, 67 insertions, 0 deletions
diff --git a/playbooks/init_bnewbold_nsa.yml b/playbooks/init_bnewbold_nsa.yml new file mode 100644 index 0000000..be66cc1 --- /dev/null +++ b/playbooks/init_bnewbold_nsa.yml @@ -0,0 +1,50 @@ +--- +- name: Initializing bnewbold.the-nsa.org + hosts: bnewbold.the-nsa.org + remote_user: bnewbold + sudo: True + sudo_user: root + gather_facts: True + vars_files: + - vars/vault.yml + - vars/bnewbold_nsa.yml + + vars: + - admin_email: "bnewbold@the-nsa.org" + - main_user_name: bnewbold + - hostname_fqdn: bnewbold.the-nsa.org + + roles: + - debian_jessie + - hostname + - common + - nullmailer + - nginx + + tasks: + - name: Create main user account + user: name={{main_user_name}} state=present groups=sudo append=yes shell=/bin/bash + - name: Give main user account sudo power + template: src=roles/common/templates/sudoers.j2 dest=/etc/sudoers.d/sudoers owner=root group=root mode=0440 validate='visudo -cf %s' + - name: Install main user authorized SSH keys + authorized_key: user="{{ main_user_name}}" key="{{ item }}" + with_file: + - pubkeys/bnewbold.pub + - name: Install root user authorized SSH keys + authorized_key: user=root key="{{ item }}" + with_file: + - pubkeys/bnewbold.pub + - name: Extra packages for this host + apt: name={{item}} state=installed + with_items: + - socat + - rsyslog + + post_tasks: + - name: Sanity check that we have IPv4 connectivity + command: /bin/ping -c 2 mit.edu + - name: Sanity check that we have IPv6 connectivity + command: /bin/ping6 -c 2 mit.edu + - name: Done + shell: echo 'Done!' + diff --git a/vars/bnewbold_nsa.yml b/vars/bnewbold_nsa.yml new file mode 100644 index 0000000..0f20c93 --- /dev/null +++ b/vars/bnewbold_nsa.yml @@ -0,0 +1,17 @@ + +main_user_name: "bnewbold" +domain: "bnewbold.the-nsa.org" +email_domain: "the-nsa.org" +admin_email: "bnewbold@the-nsa.org" +friendly_networks: + - "robocracy.org" + - "bnewbold.net" + - "the-nsa.org" + - "numm.org" + +sshd_print_motd: "no" +sshd_allow_chall_resp: "yes" + +nullmailer_smtp_host: mail.the-nsa.org +nullmailer_smtp_user: nullmail@the-nsa.org +nullmailer_smtp_pass: "{{ vault_nullmailer_smtp_pass }}" |