aboutsummaryrefslogtreecommitdiffstats
path: root/playbooks
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks')
-rw-r--r--playbooks/init_bnewbold_nsa.yml50
1 files changed, 50 insertions, 0 deletions
diff --git a/playbooks/init_bnewbold_nsa.yml b/playbooks/init_bnewbold_nsa.yml
new file mode 100644
index 0000000..be66cc1
--- /dev/null
+++ b/playbooks/init_bnewbold_nsa.yml
@@ -0,0 +1,50 @@
+---
+- name: Initializing bnewbold.the-nsa.org
+ hosts: bnewbold.the-nsa.org
+ remote_user: bnewbold
+ sudo: True
+ sudo_user: root
+ gather_facts: True
+ vars_files:
+ - vars/vault.yml
+ - vars/bnewbold_nsa.yml
+
+ vars:
+ - admin_email: "bnewbold@the-nsa.org"
+ - main_user_name: bnewbold
+ - hostname_fqdn: bnewbold.the-nsa.org
+
+ roles:
+ - debian_jessie
+ - hostname
+ - common
+ - nullmailer
+ - nginx
+
+ tasks:
+ - name: Create main user account
+ user: name={{main_user_name}} state=present groups=sudo append=yes shell=/bin/bash
+ - name: Give main user account sudo power
+ template: src=roles/common/templates/sudoers.j2 dest=/etc/sudoers.d/sudoers owner=root group=root mode=0440 validate='visudo -cf %s'
+ - name: Install main user authorized SSH keys
+ authorized_key: user="{{ main_user_name}}" key="{{ item }}"
+ with_file:
+ - pubkeys/bnewbold.pub
+ - name: Install root user authorized SSH keys
+ authorized_key: user=root key="{{ item }}"
+ with_file:
+ - pubkeys/bnewbold.pub
+ - name: Extra packages for this host
+ apt: name={{item}} state=installed
+ with_items:
+ - socat
+ - rsyslog
+
+ post_tasks:
+ - name: Sanity check that we have IPv4 connectivity
+ command: /bin/ping -c 2 mit.edu
+ - name: Sanity check that we have IPv6 connectivity
+ command: /bin/ping6 -c 2 mit.edu
+ - name: Done
+ shell: echo 'Done!'
+