.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "ansible.python.interpreterPath": "/bin/python3"
+}

ansible.cfg

@@ -0,0 +1,7 @@
+[defaults]
+inventory = /root/ansible/inventory.ini
+host_key_checking = False     
+private_key_file = /root/.ssh/id_ed25519
+
+[inventory]
+enable_plugins = yaml, ini

inventory.ini

@@ -0,0 +1,26 @@
+[proxmox]
+proxmox             ansible_host=10.100.0.1
+
+[proxmox:vars]
+ansible_become_method=sudo
+ansible_user=kandertova 
+ansible_become=true
+
+[full_os]
+jumphost            ansible_host=10.100.0.100
+nextcloud           ansible_host=10.100.0.22
+k3s                 ansible_host=10.100.0.50
+
+[full_os:vars]
+ansible_become_method=sudo
+ansible_user=kandertova 
+ansible_become=true
+
+[lxc]
+git                 ansible_host=10.100.0.20
+zabbix              ansible_host=10.100.0.21
+loadbalancer        ansible_host=10.100.0.10
+
+[lxc:vars]
+ansible_user=root
+

playbooks/users.yml

@@ -0,0 +1,81 @@
+- name: Add users, make them passwordless sudoers and download their ssh keys
+  hosts: 
+    - lxc
+    - full_os
+  gather_facts: false
+
+  vars:
+    mhrebik_keys:
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOH/TlOb8TAXiMhN8u7VNqPC7W2hrhygm/1BZBZZp0qo
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUkzs5GNd3Ocxb6cYFU5uFqlUrbgzeJaov4VM6HliFO
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGb8+AbE+2LUmgDft/Z79aH+qDWWLomRes4PPJlaE7ad
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6Dz6emnU+kRT7mh26QP0j3UL9mT33h+B6iCTh4Wb2L
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnPnJlE2yYvOt4v8W9LA3ZzgSj1T5zCPdcqryYfdKiN
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZ11i0NL5kxdVf8kWNYzVSZwC2pmxTnV1xxxXWuo//6
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwVRpRO4f00zBQ1Ju9hInJwVuP/Iq0QDWBE4S1R2S33
+
+    matty_keys:
+      - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqgwteN2X+a3n/6CqbNHkOyRn9QZ0rMP+xvMaNmeamGQ12KFs8E47hStIgnb3UOfgUDgJ93GYcAJWr/ipcXNqOjZDcrQ/QImcUrbOfYasaTIVUtKXjHX/Q1gM7ESMhHi9iWPAKXB4pxPzCnnn95uFRM7w9uq/lw7P+ISPN7hc6UONAzYCaQN9Nc4NUaj048PWx+TjSJFbEGgOlmKDSDRUxTbm1cI1vnH0WmO3TnmDFjDOgt33FrPaNdQ22qf+IULCPruz2RQZYhLEhh2PFtgeKOxVx+8R5SlMG4jm39E7GxP60W6XpsggiwrD63QNi8KdGd6ZBVk4bQLZ2PCPH42S63oSC0tu9KeyDxdgJkmsP9g9UiEbrGVy0zC9njj+mJvbIcrJ3aee2QpjFy/3lMT+WOicu6j9mCFi2NWDU37gsnEVIy2eegO6mpOmQ6QlZv1YMesz0V3gz+tlP9HKKXCb9Ex5LCPscO4nZTAModj3fh5kItlbImsVEUgPYcXa901k=
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ96BSOF6J/WI4x31X7DMl/WmF6Rp6gYojBg0BZEw4wt
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBurNtP4P/pYGIKBDT5Kup/r/tEv8A+ntUOL6zKpzIQO
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXXLYPnOPYDug9WYZtwoyRci2kCsaEg/5EeYsYeV3w
+
+  tasks:
+    - name: Create the sudo_passwordless group
+      ansible.builtin.group:
+        name: sudo_passwordless
+        state: present
+
+    - name: Create user "mhrebik"
+      ansible.builtin.user: 
+        name: "mhrebik"
+        append: true
+        groups:
+          - sudo_passwordless
+        append: true
+        shell: /bin/bash
+        password: "$y$j9T$lFmEIGHoVlJMj8lklmG/O0$Cxh4sTsBk8FUgMqbJBqIee58hg8r4kXcv4/P1UDZMmD"
+
+    - name: Create user matty
+      ansible.builtin.user: 
+        name: "matty"
+        append: true
+        groups:
+          - sudo_passwordless
+        append: true
+        shell: /bin/bash
+        password: "$y$j9T$UC70HSbFYAg7I306Q204R.$Jfvjvhrw.UIPL9WI6pX7LdWvuvJS1VH3DJT6EFHQ/XB"
+
+    - name: Create user kandertova
+      ansible.builtin.user:
+        name: "kandertova"
+        append: true
+        groups:
+          - sudo_passwordless
+        append: true
+        shell: /bin/bash
+        password: "$y$j9T$46ejfvmwiL46oswXXNjLg.$AfjG8EKB0DzjBPuC7luLhxY/iDmzkQlHWvc6mgx6Jw0"
+
+    - name: Allow passwordless sudo for the group in sudoers
+      ansible.builtin.lineinfile:
+        path: /etc/sudoers
+        state: present
+        line: '%sudo_passwordless ALL=(ALL) NOPASSWD: ALL'
+        validate: 'visudo -cf %s'
+
+    - name: Add mhrebik keys
+      ansible.builtin.authorized_key:
+        user: mhrebik
+        key: "{{ item }}"
+      with_items: "{{ mhrebik_keys }}"
+    
+    - name: Add matty keys
+      ansible.builtin.authorized_key:
+        user: matty
+        key: "{{ item }}"
+      with_items: "{{ matty_keys }}"
+
+    - name: add jumphost key to kandertova user
+      ansible.builtin.authorized_key:
+        user: kandertova
+        key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdayr8WknCVMb4GSvaxrayAV7NSQRMHom9mLISyOl5n root@kandertova-jumphost"

playbooks/utilities.yml

@@ -0,0 +1,16 @@
+- name: make sure basic utilities are installed
+  hosts: 
+    - lxc
+    - full_os
+  gather_facts: false
+
+  tasks:
+    - name: install utilities
+      ansible.builtin.apt:
+        name:
+          - mc
+          - vim
+          - net-tools
+          - wireguard-tools
+          - ncdu
+          - qemu-guest-agent