changed role based setup
This commit is contained in:
parent
8861b3c696
commit
79416ace67
@ -1,39 +0,0 @@
|
|||||||
- name: Make sure we have a 'wheel' group
|
|
||||||
group:
|
|
||||||
name: wheel
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: Allow 'wheel' group to have passwordless sudo
|
|
||||||
lineinfile:
|
|
||||||
path: /etc/sudoers
|
|
||||||
state: present
|
|
||||||
regexp: '^%wheel'
|
|
||||||
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
|
|
||||||
validate: '/usr/sbin/visudo -cf %s'
|
|
||||||
|
|
||||||
- name: Create a new regular user with sudo privileges
|
|
||||||
user:
|
|
||||||
name: freifunk
|
|
||||||
state: present
|
|
||||||
groups: wheel
|
|
||||||
append: true
|
|
||||||
create_home: true
|
|
||||||
shell: /bin/bash
|
|
||||||
|
|
||||||
- name: Set authorized key for Stefan
|
|
||||||
authorized_key:
|
|
||||||
user: freifunk
|
|
||||||
state: present
|
|
||||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux"
|
|
||||||
|
|
||||||
- name: Set authorized key for Roman
|
|
||||||
authorized_key:
|
|
||||||
user: freifunk
|
|
||||||
state: present
|
|
||||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDPUaWm37b93Lqmg1wMj0qvUURBKpWsRiRUzzRAaQrIdhcZjo0Gkw4vv7tpFQCmvWqxUpzH00GDKjLrMvNfcv+5b0Ctl06Bo+e4nb2SVsFhjaP9MLIjHiKpgivIPx9aKwxKx/VjsW920eWOG+VaDKIJTxPGUYedaUgIktvhutAbOyRR/OJlIZ3Qs0cnyT4KTM4pe4br2p3+mNs6J7G+z8Lw99WiUBfUwsRLVO68nJA2PKlJNEUGJycngqV06iQpcDfei88DFRMetN9bhVYxWFIzCQfjjqs8dkomEhfFQwfOTYiOouhaycZABwU4pPmQwZIkp1q4KduodU/KYsf78WitYgavHVInWBQuAUljafwQpTLHy8AI6M3XmbKi5rvNZiy4hoxfaT7rYJGuBoTwsZEHI7Sf26XsyQKJdu29mmIYPpzPKP7VAyjAVLqruLX1Yy0oZuM22YFFj5MHuoEN3WdXOYymvZyOM05xXeQk6gVh3EE6MpbK8CFz1KPNEjd+vce1zUyACDvqdt6ZIjqmUdivBsvHDTqMgH9mSxjjjwLy+Sd7snXx0bqksTdPChAlXN9vs3ez8FJl0P4inzjza8l8zGqaa2A1CsO8dRcyojohczLYoTHWQTB3tVIdcj55UIE= roman"
|
|
||||||
|
|
||||||
- name: Set authorized key for Nils
|
|
||||||
authorized_key:
|
|
||||||
user: freifunk
|
|
||||||
state: present
|
|
||||||
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== Nils Stinnesbeck"
|
|
@ -1,17 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Ensure hostname set
|
|
||||||
hostname:
|
|
||||||
name: "{{ inventory_hostname }}"
|
|
||||||
when: not inventory_hostname|trim is match('(\d{1,3}\.){3}\d{1,3}')
|
|
||||||
become: yes
|
|
||||||
register: hostname_set
|
|
||||||
|
|
||||||
- name: Reboot host and wait for it to restart
|
|
||||||
reboot:
|
|
||||||
msg: "Reboot initiated by Ansible"
|
|
||||||
connect_timeout: 5
|
|
||||||
reboot_timeout: 600
|
|
||||||
pre_reboot_delay: 0
|
|
||||||
post_reboot_delay: 30
|
|
||||||
test_command: whoami
|
|
||||||
when: hostname_set.changed
|
|
1
roles/00-ubuntu-basic/files/nils.key.pub
Normal file
1
roles/00-ubuntu-basic/files/nils.key.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvwA3/NDj7Oo28Q1XdRIgOp//35gFVvsDa1dnMkgRDqJYvlIDbRiQ+UIcgu5YhstPb8BAxfvqjRP4rnMKc7v69T2Lp+HOMx+1sOYrznEe2hC5lPr4+U1u4Fzqhq/keSoItifmdTgrE+01Zc5jMBosUIm79TDgEMuEGcYVJIyAzDv9ez4u+Bz/HubRO+qT/+UmOICEg9m/C+fiH/ZAJHi90dMsj7RF5YXrRHXTAdiecurwGAZx2Adug1fFTvzB1pqBUHje1PFtEI+LheYklpNtiJo8NQ2KDEiavSxBibJrywzQHaddf0bkeAhmiNY8PRoMpMNeiu94DyNFWgdm7bLzdzrN/o5U7MlnJlcn8D1tLtdp0ngTxaN6VIywI8mQ/Ukxz8p2Ce49vu6osz4CvYhKx4mrvOSmqg9VjKcL6/rIwK7y5CWgIrddktxrSpUHXkzoQSefgZ5Bnu3CNp0GixWV5JTHnFxCulJAGi3TTqx7IvsJ8gpuKkeGnIgnDhFbqVOKeEEnR13tTCJ7MgPQ+VHREQ68u73a5TfDxJd/ggnG4tQ67HOcqxwa74+X1lv7YiJ3AvbrR7FFPNM3o5N8ZmZWhBLDaUHrjElHkZdB/V2l2bCblWhD0INCYoskuK1dFGdf3gQQeKOivGzKtzI0xNKutrxfvarkikxCEV3Exj889rQ== Nils Stinnesbeck
|
1
roles/00-ubuntu-basic/files/roman.key.pub
Normal file
1
roles/00-ubuntu-basic/files/roman.key.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAos0JvQsyAsP3FcsqDCBTDqzUGBeoxMKDj/SSRoy5MBDPUaWm37b93Lqmg1wMj0qvUURBKpWsRiRUzzRAaQrIdhcZjo0Gkw4vv7tpFQCmvWqxUpzH00GDKjLrMvNfcv+5b0Ctl06Bo+e4nb2SVsFhjaP9MLIjHiKpgivIPx9aKwxKx/VjsW920eWOG+VaDKIJTxPGUYedaUgIktvhutAbOyRR/OJlIZ3Qs0cnyT4KTM4pe4br2p3+mNs6J7G+z8Lw99WiUBfUwsRLVO68nJA2PKlJNEUGJycngqV06iQpcDfei88DFRMetN9bhVYxWFIzCQfjjqs8dkomEhfFQwfOTYiOouhaycZABwU4pPmQwZIkp1q4KduodU/KYsf78WitYgavHVInWBQuAUljafwQpTLHy8AI6M3XmbKi5rvNZiy4hoxfaT7rYJGuBoTwsZEHI7Sf26XsyQKJdu29mmIYPpzPKP7VAyjAVLqruLX1Yy0oZuM22YFFj5MHuoEN3WdXOYymvZyOM05xXeQk6gVh3EE6MpbK8CFz1KPNEjd+vce1zUyACDvqdt6ZIjqmUdivBsvHDTqMgH9mSxjjjwLy+Sd7snXx0bqksTdPChAlXN9vs3ez8FJl0P4inzjza8l8zGqaa2A1CsO8dRcyojohczLYoTHWQTB3tVIdcj55UIE= roman
|
1
roles/00-ubuntu-basic/files/stefan.key.pub
Normal file
1
roles/00-ubuntu-basic/files/stefan.key.pub
Normal file
@ -0,0 +1 @@
|
|||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM0d9uUUdkK80fYEAz+IwxbhQO2qsr87Q4uxxwqQCvjVWryL+IuKMBJJGroWDMz2d9UJcIXEYdMz4436U0DoPJuoXe5iDsVvum3Vz3276My+tqx1bZWCktPa8Isft7mO/wfELNjRNQduUiwh2y712s7/3GQI+5Rs/65HuLHTnpLKrlfptqmsmYw+IUFDzGwBLJ6sqP90ywjKkperPCAH3IWcTsQwnW3EJFPToMg6BrQslZlxx/z+co3e6jCWzUuuIRP9jp4SmNVfYaVGb1cOFdL1p1P0qWHBHdGUnXHZ+c773VKVSj+spUBxKGqNC1EhRCYTsPDLVrYrhKl2BRLcgB stefan@Stefan-Linux
|
64
roles/00-ubuntu-basic/tasks/main.yml
Normal file
64
roles/00-ubuntu-basic/tasks/main.yml
Normal file
@ -0,0 +1,64 @@
|
|||||||
|
---
|
||||||
|
- name: Ensure hostname set
|
||||||
|
hostname:
|
||||||
|
name: "{{ inventory_hostname }}"
|
||||||
|
when: not inventory_hostname|trim is match('(\d{1,3}\.){3}\d{1,3}')
|
||||||
|
become: yes
|
||||||
|
register: hostname_set
|
||||||
|
|
||||||
|
- name: Reboot host and wait for it to restart
|
||||||
|
reboot:
|
||||||
|
msg: "Reboot initiated by Ansible"
|
||||||
|
connect_timeout: 5
|
||||||
|
reboot_timeout: 600
|
||||||
|
pre_reboot_delay: 0
|
||||||
|
post_reboot_delay: 30
|
||||||
|
test_command: whoami
|
||||||
|
when: hostname_set.changed
|
||||||
|
|
||||||
|
#
|
||||||
|
# Users defined in /vars/main.yml
|
||||||
|
# pub key files in /files/USER.key.pub
|
||||||
|
#
|
||||||
|
|
||||||
|
- name: "Create user accounts and add users to groups"
|
||||||
|
user:
|
||||||
|
name: "{{ item }}"
|
||||||
|
groups: wheel
|
||||||
|
with_items: "{{ users }}"
|
||||||
|
|
||||||
|
- name: "Add authorized keys"
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ item }}"
|
||||||
|
key: "{{ lookup('file', 'files/'+ item + '.key.pub') }}"
|
||||||
|
with_items: "{{ users }}"
|
||||||
|
|
||||||
|
- name: Allow 'wheel' group to have passwordless sudo
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: '^%wheel'
|
||||||
|
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
|
||||||
|
validate: '/usr/sbin/visudo -cf %s'
|
||||||
|
|
||||||
|
#
|
||||||
|
# Install basic packages for Ubuntu minimal Systems
|
||||||
|
#
|
||||||
|
- name: Install all Packages
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- curl
|
||||||
|
- nano
|
||||||
|
- vim
|
||||||
|
- htop
|
||||||
|
- screen
|
||||||
|
- iproute2
|
||||||
|
- iptables
|
||||||
|
- cron
|
||||||
|
- qemu-guest-agent
|
||||||
|
- iputils-ping
|
||||||
|
- iw
|
||||||
|
- speedtest-cli
|
||||||
|
- telnet
|
||||||
|
state: latest
|
||||||
|
update_cache: yes
|
4
roles/00-ubuntu-basic/vars/main.yml
Normal file
4
roles/00-ubuntu-basic/vars/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
users:
|
||||||
|
- stefan
|
||||||
|
- nils
|
||||||
|
- roman
|
@ -1,18 +0,0 @@
|
|||||||
- name: Install all Packages
|
|
||||||
ansible.builtin.apt:
|
|
||||||
name:
|
|
||||||
- curl
|
|
||||||
- nano
|
|
||||||
- vim
|
|
||||||
- htop
|
|
||||||
- screen
|
|
||||||
- iproute2
|
|
||||||
- iptables
|
|
||||||
- cron
|
|
||||||
- qemu-guest-agent
|
|
||||||
- iputils-ping
|
|
||||||
- iw
|
|
||||||
- speedtest-cli
|
|
||||||
- telnet
|
|
||||||
state: latest
|
|
||||||
update_cache: yes
|
|
@ -1,7 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Set Vyos Hostname
|
|
||||||
vyos.vyos.vyos_hostname:
|
|
||||||
config:
|
|
||||||
hostname: "{{ inventory_hostname }}"
|
|
||||||
state: merged
|
|
||||||
|
|
@ -1,14 +0,0 @@
|
|||||||
---
|
|
||||||
- name: Create Local Interfaces
|
|
||||||
vyos.vyos.vyos_l3_interfaces:
|
|
||||||
config:
|
|
||||||
- name: eth0
|
|
||||||
ipv4:
|
|
||||||
- address: "{{ wan_address }}"
|
|
||||||
- name: eth1
|
|
||||||
ipv4:
|
|
||||||
- address: "{{ local_address }}"
|
|
||||||
- name: lo
|
|
||||||
- address: "{{ ffrl_address }}"
|
|
||||||
state: merged
|
|
||||||
|
|
@ -2,13 +2,10 @@
|
|||||||
- name: System preperation
|
- name: System preperation
|
||||||
hosts: supernodes
|
hosts: supernodes
|
||||||
roles:
|
roles:
|
||||||
- 00-system-set-hostname
|
- 00-ubuntu-basic
|
||||||
- 00-create-sudo-user
|
|
||||||
- 01-system-set-networking
|
|
||||||
- 01-system-install-packages
|
|
||||||
|
|
||||||
- name: System preperation
|
- name: VPN Offloader Setup
|
||||||
hosts: vpn-offloader
|
hosts: vpn-offloader
|
||||||
roles:
|
roles:
|
||||||
|
- 01-vpn-offloader-setup
|
||||||
- 21-install-wireguard
|
- 21-install-wireguard
|
||||||
- 21-install-oitc
|
|
Loading…
Reference in New Issue
Block a user