diff --git a/ansible/clients.yml b/ansible/clients.yml deleted file mode 100644 index 283a0b0..0000000 --- a/ansible/clients.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -- name: generate ios client config - hosts: dev #localhost - tasks: - - debug: msg="generate phone config" - roles: - - { name: wg_vpn } diff --git a/ansible/cloud_wg.yml b/ansible/cloud_wg.yml deleted file mode 100644 index be0d758..0000000 --- a/ansible/cloud_wg.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- - -- name: cloud wg config - hosts: vpn - tasks: - - debug: msg="Deploying wg to cloud server" - roles: - - { name: wg_vpn, tags: ['wg_vpn'] } diff --git a/ansible/roles/droplets/tasks/main.yml b/ansible/roles/droplets/tasks/main.yml new file mode 100644 index 0000000..213ad7f --- /dev/null +++ b/ansible/roles/droplets/tasks/main.yml @@ -0,0 +1,48 @@ +--- + +- name: Make sure we have a 'sudo' group + group: + name: sudo + state: present + +- name: Allow sudo group to have passwordless sudo + lineinfile: + path: /etc/sudoers + state: present + regexp: '^%sudo' + line: '%sudo ALL=(ALL) NOPASSWD: ALL' + validate: '/usr/sbin/visudo -cf %s' + +- name: Create a new regular user with sudo privileges + user: + name: "{{ create_user }}" + state: present + groups: sudo + append: true + create_home: true + shell: /bin/bash + +- name: Set authorized key for remote user + authorized_key: + user: "{{ create_user }}" + state: present + key: "{{ copy_local_key }}" + + +# - name: Disable password authentication for root +# lineinfile: +# path: /etc/ssh/sshd_config +# state: present +# regexp: '^#?PermitRootLogin' +# line: 'PermitRootLogin no' + +- name: Update apt + apt: update_cache=yes + +- name: Install required system packages + apt: name={{ sys_packages }} state=latest + +- name: Restart sshd + service: + name: sshd.service + state: restarted diff --git a/ansible/roles/droplets/tasks/serverbuild.yml b/ansible/roles/droplets/tasks/serverbuild.yml deleted file mode 100644 index 421f5f8..0000000 --- a/ansible/roles/droplets/tasks/serverbuild.yml +++ /dev/null @@ -1,55 +0,0 @@ -- hosts: vpn - remote_user: root - gather_facts: false - vars: - create_user: josiah - copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}" - sys_packages: [ 'curl', 'vim', 'git', 'fail2ban', 'mosh', 'dnsutils' ] - - tasks: - - name: Make sure we have a 'sudo' group - group: - name: sudo - state: present - - - name: Allow sudo group to have passwordless sudo - lineinfile: - path: /etc/sudoers - state: present - regexp: '^%sudo' - line: '%sudo ALL=(ALL) NOPASSWD: ALL' - validate: '/usr/sbin/visudo -cf %s' - - - name: Create a new regular user with sudo privileges - user: - name: "{{ create_user }}" - state: present - groups: sudo - append: true - create_home: true - shell: /bin/bash - - - name: Set authorized key for remote user - authorized_key: - user: "{{ create_user }}" - state: present - key: "{{ copy_local_key }}" - - - - name: Disable password authentication for root - lineinfile: - path: /etc/ssh/sshd_config - state: present - regexp: '^#?PermitRootLogin' - line: 'PermitRootLogin no' - - - name: Update apt - apt: update_cache=yes - - - name: Install required system packages - apt: name={{ sys_packages }} state=latest - - - name: Restart sshd - service: - name: sshd.service - state: restarted diff --git a/ansible/roles/droplets/vars/main.yml b/ansible/roles/droplets/vars/main.yml new file mode 100644 index 0000000..98ab11d --- /dev/null +++ b/ansible/roles/droplets/vars/main.yml @@ -0,0 +1,3 @@ +create_user: josiah +copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}" +sys_packages: [ 'curl', 'vim', 'git', 'fail2ban', 'mosh', 'dnsutils' ]