Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

added base ansible role #147

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

added base ansible role #147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions base-setup.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
- name: Base role deployment playbook
hosts: all
remote_user: user
roles:
- base
12 changes: 12 additions & 0 deletions roles/base/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
## Base role for Ansible

### Prerequisites:
* Ansible must be installed
* community.general collection must be installed
* `ansible-galaxy collection install community.general`

The **files** subfolder should contain the `authorized_keys` file which contains ssh keys to be copied to target host. The **inventory** subfolder should contain the `hosts` inventory file. There is an example `hosts` file in the repo. You need to edit it.

The `base-setup.yml` file in the root directory of this repo contains the playbook to run this role. You need to edit it and specify the user for connections.

**Usage**: `ansible-playbook base-setup.yml -i roles/base/inventory`
Empty file added roles/base/files/authorized_keys
View file
Open in desktop
Empty file.
3 changes: 3 additions & 0 deletions roles/base/handlers/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
- name: restart ssh
service: name=ssh state=restarted
3 changes: 3 additions & 0 deletions roles/base/inventory/hosts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
[all]
# IPv4
0.0.0.0 ansible_connection=ssh
56 changes: 56 additions & 0 deletions roles/base/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
---
- name: Update apt
apt: update_cache=yes

- name: Install Zsh
apt: name=zsh state=latest

- name: Install Git
apt: name=git state=latest

- name: Install Oh-my-zsh
ansible.builtin.shell: wget https://raw.github.com/ohmyzsh/ohmyzsh/master/tools/install.sh -O -
args:
executable: /bin/sh

- name: "Create root user's .ssh directory"
file:
path: /root/.ssh
state: directory
owner: root
group: root
mode: 0700

- name: Copy authorized_keys for SSH
copy:
src: authorized_keys
dest: /root/.ssh/authorized_keys
owner: root
group: root
mode: 0600

- name: Disabe SSH password authentication
ansible.builtin.shell: |
sed -i 's/^#PasswordAuthentication/PasswordAuthentication/g' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config
args:
executable: /bin/sh

- name: Configure the kernel to keep connections alive when enabling the firewall
sysctl:
name: net.netfilter.nf_conntrack_tcp_be_liberal
value: 1
state: present
sysctl_set: yes
reload: yes

- name: Allow access to port 22
community.general.ufw:
rule: allow
port: '22'
direction: in

- name: Deny all incoming traffic and enable UFW
community.general.ufw:
state: enabled
policy: deny