Compare commits
No commits in common. "main" and "master" have entirely different histories.
3
.vscode/settings.json
vendored
Normal file
3
.vscode/settings.json
vendored
Normal file
|
|
@ -0,0 +1,3 @@
|
||||||
|
{
|
||||||
|
"ansible.python.interpreterPath": "/bin/python3"
|
||||||
|
}
|
||||||
7
ansible.cfg
Normal file
7
ansible.cfg
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
[defaults]
|
||||||
|
inventory = /root/ansible/inventory.ini
|
||||||
|
host_key_checking = False
|
||||||
|
private_key_file = /root/.ssh/id_ed25519
|
||||||
|
|
||||||
|
[inventory]
|
||||||
|
enable_plugins = yaml, ini
|
||||||
26
inventory.ini
Normal file
26
inventory.ini
Normal file
|
|
@ -0,0 +1,26 @@
|
||||||
|
[proxmox]
|
||||||
|
proxmox ansible_host=10.100.0.1
|
||||||
|
|
||||||
|
[proxmox:vars]
|
||||||
|
ansible_become_method=sudo
|
||||||
|
ansible_user=kandertova
|
||||||
|
ansible_become=true
|
||||||
|
|
||||||
|
[full_os]
|
||||||
|
jumphost ansible_host=10.100.0.100
|
||||||
|
nextcloud ansible_host=10.100.0.22
|
||||||
|
k3s ansible_host=10.100.0.50
|
||||||
|
|
||||||
|
[full_os:vars]
|
||||||
|
ansible_become_method=sudo
|
||||||
|
ansible_user=kandertova
|
||||||
|
ansible_become=true
|
||||||
|
|
||||||
|
[lxc]
|
||||||
|
git ansible_host=10.100.0.20
|
||||||
|
zabbix ansible_host=10.100.0.21
|
||||||
|
loadbalancer ansible_host=10.100.0.10
|
||||||
|
|
||||||
|
[lxc:vars]
|
||||||
|
ansible_user=root
|
||||||
|
|
||||||
81
playbooks/users.yml
Normal file
81
playbooks/users.yml
Normal file
|
|
@ -0,0 +1,81 @@
|
||||||
|
- name: Add users, make them passwordless sudoers and download their ssh keys
|
||||||
|
hosts:
|
||||||
|
- lxc
|
||||||
|
- full_os
|
||||||
|
gather_facts: false
|
||||||
|
|
||||||
|
vars:
|
||||||
|
mhrebik_keys:
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOH/TlOb8TAXiMhN8u7VNqPC7W2hrhygm/1BZBZZp0qo
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUkzs5GNd3Ocxb6cYFU5uFqlUrbgzeJaov4VM6HliFO
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGb8+AbE+2LUmgDft/Z79aH+qDWWLomRes4PPJlaE7ad
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6Dz6emnU+kRT7mh26QP0j3UL9mT33h+B6iCTh4Wb2L
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnPnJlE2yYvOt4v8W9LA3ZzgSj1T5zCPdcqryYfdKiN
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZ11i0NL5kxdVf8kWNYzVSZwC2pmxTnV1xxxXWuo//6
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwVRpRO4f00zBQ1Ju9hInJwVuP/Iq0QDWBE4S1R2S33
|
||||||
|
|
||||||
|
matty_keys:
|
||||||
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqgwteN2X+a3n/6CqbNHkOyRn9QZ0rMP+xvMaNmeamGQ12KFs8E47hStIgnb3UOfgUDgJ93GYcAJWr/ipcXNqOjZDcrQ/QImcUrbOfYasaTIVUtKXjHX/Q1gM7ESMhHi9iWPAKXB4pxPzCnnn95uFRM7w9uq/lw7P+ISPN7hc6UONAzYCaQN9Nc4NUaj048PWx+TjSJFbEGgOlmKDSDRUxTbm1cI1vnH0WmO3TnmDFjDOgt33FrPaNdQ22qf+IULCPruz2RQZYhLEhh2PFtgeKOxVx+8R5SlMG4jm39E7GxP60W6XpsggiwrD63QNi8KdGd6ZBVk4bQLZ2PCPH42S63oSC0tu9KeyDxdgJkmsP9g9UiEbrGVy0zC9njj+mJvbIcrJ3aee2QpjFy/3lMT+WOicu6j9mCFi2NWDU37gsnEVIy2eegO6mpOmQ6QlZv1YMesz0V3gz+tlP9HKKXCb9Ex5LCPscO4nZTAModj3fh5kItlbImsVEUgPYcXa901k=
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ96BSOF6J/WI4x31X7DMl/WmF6Rp6gYojBg0BZEw4wt
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBurNtP4P/pYGIKBDT5Kup/r/tEv8A+ntUOL6zKpzIQO
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXXLYPnOPYDug9WYZtwoyRci2kCsaEg/5EeYsYeV3w
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: Create the sudo_passwordless group
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: sudo_passwordless
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Create user "mhrebik"
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "mhrebik"
|
||||||
|
append: true
|
||||||
|
groups:
|
||||||
|
- sudo_passwordless
|
||||||
|
append: true
|
||||||
|
shell: /bin/bash
|
||||||
|
password: "$y$j9T$lFmEIGHoVlJMj8lklmG/O0$Cxh4sTsBk8FUgMqbJBqIee58hg8r4kXcv4/P1UDZMmD"
|
||||||
|
|
||||||
|
- name: Create user matty
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "matty"
|
||||||
|
append: true
|
||||||
|
groups:
|
||||||
|
- sudo_passwordless
|
||||||
|
append: true
|
||||||
|
shell: /bin/bash
|
||||||
|
password: "$y$j9T$UC70HSbFYAg7I306Q204R.$Jfvjvhrw.UIPL9WI6pX7LdWvuvJS1VH3DJT6EFHQ/XB"
|
||||||
|
|
||||||
|
- name: Create user kandertova
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "kandertova"
|
||||||
|
append: true
|
||||||
|
groups:
|
||||||
|
- sudo_passwordless
|
||||||
|
append: true
|
||||||
|
shell: /bin/bash
|
||||||
|
password: "$y$j9T$46ejfvmwiL46oswXXNjLg.$AfjG8EKB0DzjBPuC7luLhxY/iDmzkQlHWvc6mgx6Jw0"
|
||||||
|
|
||||||
|
- name: Allow passwordless sudo for the group in sudoers
|
||||||
|
ansible.builtin.lineinfile:
|
||||||
|
path: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
line: '%sudo_passwordless ALL=(ALL) NOPASSWD: ALL'
|
||||||
|
validate: 'visudo -cf %s'
|
||||||
|
|
||||||
|
- name: Add mhrebik keys
|
||||||
|
ansible.builtin.authorized_key:
|
||||||
|
user: mhrebik
|
||||||
|
key: "{{ item }}"
|
||||||
|
with_items: "{{ mhrebik_keys }}"
|
||||||
|
|
||||||
|
- name: Add matty keys
|
||||||
|
ansible.builtin.authorized_key:
|
||||||
|
user: matty
|
||||||
|
key: "{{ item }}"
|
||||||
|
with_items: "{{ matty_keys }}"
|
||||||
|
|
||||||
|
- name: add jumphost key to kandertova user
|
||||||
|
ansible.builtin.authorized_key:
|
||||||
|
user: kandertova
|
||||||
|
key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdayr8WknCVMb4GSvaxrayAV7NSQRMHom9mLISyOl5n root@kandertova-jumphost"
|
||||||
16
playbooks/utilities.yml
Normal file
16
playbooks/utilities.yml
Normal file
|
|
@ -0,0 +1,16 @@
|
||||||
|
- name: make sure basic utilities are installed
|
||||||
|
hosts:
|
||||||
|
- lxc
|
||||||
|
- full_os
|
||||||
|
gather_facts: false
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: install utilities
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name:
|
||||||
|
- mc
|
||||||
|
- vim
|
||||||
|
- net-tools
|
||||||
|
- wireguard-tools
|
||||||
|
- ncdu
|
||||||
|
- qemu-guest-agent
|
||||||
Loading…
Reference in a new issue