From b65ef77f652a90c02e922f811de643042504283a Mon Sep 17 00:00:00 2001
From: jowj <me@jowj.net>
Date: Wed, 25 Sep 2019 18:52:07 -0500
Subject: [PATCH] Build out naked server skeleton in ansible.

---
 deployments/serverBuild/hosts.yml       | 11 ++++++
 deployments/serverBuild/serverbuild.yml | 50 +++++++++++++++++++++++++
 2 files changed, 61 insertions(+)
 create mode 100644 deployments/serverBuild/hosts.yml
 create mode 100644 deployments/serverBuild/serverbuild.yml

diff --git a/deployments/serverBuild/hosts.yml b/deployments/serverBuild/hosts.yml
new file mode 100644
index 0000000..0f9247d
--- /dev/null
+++ b/deployments/serverBuild/hosts.yml
@@ -0,0 +1,11 @@
+all:
+  children:
+    dockerhosts:
+      hosts:
+        awful-1.awful.club:
+    vpn:
+      hosts:
+        vpn.awful.club:
+    dev:
+      hosts:
+        localhost:
diff --git a/deployments/serverBuild/serverbuild.yml b/deployments/serverBuild/serverbuild.yml
new file mode 100644
index 0000000..acfdddb
--- /dev/null
+++ b/deployments/serverBuild/serverbuild.yml
@@ -0,0 +1,50 @@
+- hosts: vpn
+  remote_user: root
+  gather_facts: false
+  vars:
+    create_user: josiah
+    copy_local_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/digitalocean.pub') }}"
+    sys_packages: [ 'curl', 'vim', 'git', 'fail2ban' ]
+
+  tasks:
+    - name: Make sure we have a 'sudo' group
+      group:
+        name: sudo
+        state: present
+
+    - name: Allow sudo group to have passwordless sudo
+      lineinfile:
+        path: /etc/sudoers
+        state: present
+        regexp: '^%sudo'
+        line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+        validate: '/usr/sbin/visudo -cf %s'
+
+    - name: Create a new regular user with sudo privileges
+      user:
+        name: "{{ create_user }}"
+        state: present
+        groups: sudo
+        append: true
+        create_home: true
+        shell: /bin/bash
+
+    - name: Set authorized key for remote user
+      authorized_key:
+        user: "{{ create_user }}"
+        state: present
+        key: "{{ copy_local_key }}"
+
+
+    - name: Disable password authentication for root
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        state: present
+        regexp: '^#?PermitRootLogin'
+        line: 'PermitRootLogin prohibit-password'
+
+    - name: Update apt
+      apt: update_cache=yes
+
+    - name: Install required system packages
+      apt: name={{ sys_packages }} state=latest