modularize
This commit is contained in:
parent
db85e1a726
commit
f1d5f8b686
|
@ -0,0 +1,48 @@
|
|||
- hosts: '{{ target }}'
|
||||
gather_facts: false
|
||||
become: true
|
||||
remote_user: root
|
||||
any_errors_fatal: yes
|
||||
tasks:
|
||||
- name: dnf install packages
|
||||
dnf:
|
||||
name: ["zsh", "wget", "git"]
|
||||
state: latest
|
||||
|
||||
- name: add user
|
||||
user:
|
||||
name: quackerd
|
||||
password: "{{ password | password_hash('sha512', salt) }}"
|
||||
shell: /usr/bin/sh
|
||||
groups: wheel
|
||||
append: yes
|
||||
state: present
|
||||
|
||||
- name: add user ssh key
|
||||
ansible.posix.authorized_key:
|
||||
user: quackerd
|
||||
state: present
|
||||
key: "{{ lookup('file', '../ssh_pub') }}"
|
||||
|
||||
- name: download ozsh script
|
||||
get_url:
|
||||
url: "https://git.quacker.org/d/ozsh/raw/branch/master/setup.sh"
|
||||
dest: "/home/quackerd/setup.sh"
|
||||
|
||||
- name: configure user shell
|
||||
become: yes
|
||||
become_user: quackerd
|
||||
shell:
|
||||
cmd: "sh /home/quackerd/setup.sh"
|
||||
creates: "/home/quackerd/.zshrc"
|
||||
|
||||
- name: cleanup ozsh script
|
||||
file:
|
||||
dest: "/home/quackerd/setup.sh"
|
||||
state: absent
|
||||
|
||||
- name: chsh to zsh
|
||||
user:
|
||||
name: quackerd
|
||||
shell: /usr/bin/zsh
|
||||
state: present
|
|
@ -3,7 +3,6 @@
|
|||
become: true
|
||||
remote_user: root
|
||||
strategy: free
|
||||
#any_errors_fatal: yes
|
||||
tasks:
|
||||
- name: dnf update
|
||||
dnf:
|
||||
|
|
|
@ -0,0 +1,39 @@
|
|||
- hosts: '{{ target }}'
|
||||
gather_facts: false
|
||||
become: true
|
||||
remote_user: root
|
||||
any_errors_fatal: yes
|
||||
tasks:
|
||||
- name: dnf add repo
|
||||
get_url:
|
||||
url: "https://download.docker.com/linux/centos/docker-ce.repo"
|
||||
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||
|
||||
- name: dnf install
|
||||
dnf:
|
||||
name: ['python3', 'python3-jinja2', 'python3-pip', 'docker-ce']
|
||||
state: latest
|
||||
|
||||
- name: updating pip
|
||||
pip:
|
||||
executable: "/usr/bin/pip3"
|
||||
state: latest
|
||||
name: "pip"
|
||||
|
||||
- name: installing docker-compose
|
||||
pip:
|
||||
executable: "/usr/bin/pip3"
|
||||
state: latest
|
||||
name: "docker-compose"
|
||||
|
||||
- name: symlinking docker-compose
|
||||
file:
|
||||
src: "/usr/local/bin/docker-compose"
|
||||
dest: "/usr/bin/docker-compose"
|
||||
state: link
|
||||
|
||||
- name: enabling docker
|
||||
service:
|
||||
name: docker
|
||||
enabled: yes
|
||||
state: started
|
|
@ -9,11 +9,6 @@
|
|||
name: firewalld
|
||||
state: stopped
|
||||
|
||||
- name: dnf add repo
|
||||
get_url:
|
||||
url: "https://download.docker.com/linux/centos/docker-ce.repo"
|
||||
dest: /etc/yum.repos.d/docker-ce.repo
|
||||
|
||||
- name: dnf install epel
|
||||
dnf:
|
||||
name: "epel-release"
|
||||
|
@ -26,30 +21,9 @@
|
|||
|
||||
- name: dnf install
|
||||
dnf:
|
||||
name: ['git', 'vim', 'curl', 'yum-utils', 'policycoreutils-python-utils', 'zsh', 'docker-ce']
|
||||
name: ['git', 'vim', 'curl', 'yum-utils', 'policycoreutils-python-utils']
|
||||
state: latest
|
||||
update_cache: True
|
||||
|
||||
- name: Change root password
|
||||
user:
|
||||
name: root
|
||||
update_password: always
|
||||
password: "{{ root_password | password_hash('sha512', user_salt) }}"
|
||||
|
||||
- name: add user
|
||||
user:
|
||||
name: quackerd
|
||||
password: "{{ user_password | password_hash('sha512', user_salt) }}"
|
||||
shell: /usr/bin/bash
|
||||
groups: wheel
|
||||
append: yes
|
||||
state: present
|
||||
|
||||
- name: add user ssh key
|
||||
ansible.posix.authorized_key:
|
||||
user: quackerd
|
||||
state: present
|
||||
key: "{{ lookup('file', '../ssh_pub') }}"
|
||||
|
||||
- name: configure sshd
|
||||
lineinfile:
|
||||
|
@ -59,10 +33,20 @@
|
|||
state: present
|
||||
validate: "/usr/sbin/sshd -t -f %s"
|
||||
loop:
|
||||
- { key: "PermitRootLogin", value: "without-password" }
|
||||
- { key: "PasswordAuthentication", value: "yes" }
|
||||
- { key: "PermitRootLogin", value: "no" }
|
||||
- { key: "PasswordAuthentication", value: "no" }
|
||||
- { key: "Port", value: "77" }
|
||||
|
||||
- name: configure sshd match
|
||||
blockinfile:
|
||||
path: "/etc/ssh/sshd_config"
|
||||
state: present
|
||||
validate: "/usr/sbin/sshd -t -f %s"
|
||||
block: |
|
||||
Match Address 129.97.75.0/24
|
||||
PermitRootLogin without-password
|
||||
PasswordAuthentication yes
|
||||
|
||||
- name: enable selinux
|
||||
lineinfile:
|
||||
path: "/etc/selinux/config"
|
||||
|
@ -107,12 +91,6 @@
|
|||
state: disabled
|
||||
offline: yes
|
||||
|
||||
- name: enable docker
|
||||
service:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: start firewalld
|
||||
service:
|
||||
name: firewalld
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi3i3BgGrOEm6LAXkE7sEVGNIXQ5DFdNZM+l/yjbtQh
|
Loading…
Reference in New Issue