modularize
This commit is contained in:
parent
db85e1a726
commit
f1d5f8b686
|
@ -0,0 +1,48 @@
|
||||||
|
- hosts: '{{ target }}'
|
||||||
|
gather_facts: false
|
||||||
|
become: true
|
||||||
|
remote_user: root
|
||||||
|
any_errors_fatal: yes
|
||||||
|
tasks:
|
||||||
|
- name: dnf install packages
|
||||||
|
dnf:
|
||||||
|
name: ["zsh", "wget", "git"]
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: add user
|
||||||
|
user:
|
||||||
|
name: quackerd
|
||||||
|
password: "{{ password | password_hash('sha512', salt) }}"
|
||||||
|
shell: /usr/bin/sh
|
||||||
|
groups: wheel
|
||||||
|
append: yes
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: add user ssh key
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: quackerd
|
||||||
|
state: present
|
||||||
|
key: "{{ lookup('file', '../ssh_pub') }}"
|
||||||
|
|
||||||
|
- name: download ozsh script
|
||||||
|
get_url:
|
||||||
|
url: "https://git.quacker.org/d/ozsh/raw/branch/master/setup.sh"
|
||||||
|
dest: "/home/quackerd/setup.sh"
|
||||||
|
|
||||||
|
- name: configure user shell
|
||||||
|
become: yes
|
||||||
|
become_user: quackerd
|
||||||
|
shell:
|
||||||
|
cmd: "sh /home/quackerd/setup.sh"
|
||||||
|
creates: "/home/quackerd/.zshrc"
|
||||||
|
|
||||||
|
- name: cleanup ozsh script
|
||||||
|
file:
|
||||||
|
dest: "/home/quackerd/setup.sh"
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: chsh to zsh
|
||||||
|
user:
|
||||||
|
name: quackerd
|
||||||
|
shell: /usr/bin/zsh
|
||||||
|
state: present
|
|
@ -3,7 +3,6 @@
|
||||||
become: true
|
become: true
|
||||||
remote_user: root
|
remote_user: root
|
||||||
strategy: free
|
strategy: free
|
||||||
#any_errors_fatal: yes
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: dnf update
|
- name: dnf update
|
||||||
dnf:
|
dnf:
|
||||||
|
|
|
@ -0,0 +1,39 @@
|
||||||
|
- hosts: '{{ target }}'
|
||||||
|
gather_facts: false
|
||||||
|
become: true
|
||||||
|
remote_user: root
|
||||||
|
any_errors_fatal: yes
|
||||||
|
tasks:
|
||||||
|
- name: dnf add repo
|
||||||
|
get_url:
|
||||||
|
url: "https://download.docker.com/linux/centos/docker-ce.repo"
|
||||||
|
dest: "/etc/yum.repos.d/docker-ce.repo"
|
||||||
|
|
||||||
|
- name: dnf install
|
||||||
|
dnf:
|
||||||
|
name: ['python3', 'python3-jinja2', 'python3-pip', 'docker-ce']
|
||||||
|
state: latest
|
||||||
|
|
||||||
|
- name: updating pip
|
||||||
|
pip:
|
||||||
|
executable: "/usr/bin/pip3"
|
||||||
|
state: latest
|
||||||
|
name: "pip"
|
||||||
|
|
||||||
|
- name: installing docker-compose
|
||||||
|
pip:
|
||||||
|
executable: "/usr/bin/pip3"
|
||||||
|
state: latest
|
||||||
|
name: "docker-compose"
|
||||||
|
|
||||||
|
- name: symlinking docker-compose
|
||||||
|
file:
|
||||||
|
src: "/usr/local/bin/docker-compose"
|
||||||
|
dest: "/usr/bin/docker-compose"
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: enabling docker
|
||||||
|
service:
|
||||||
|
name: docker
|
||||||
|
enabled: yes
|
||||||
|
state: started
|
|
@ -9,11 +9,6 @@
|
||||||
name: firewalld
|
name: firewalld
|
||||||
state: stopped
|
state: stopped
|
||||||
|
|
||||||
- name: dnf add repo
|
|
||||||
get_url:
|
|
||||||
url: "https://download.docker.com/linux/centos/docker-ce.repo"
|
|
||||||
dest: /etc/yum.repos.d/docker-ce.repo
|
|
||||||
|
|
||||||
- name: dnf install epel
|
- name: dnf install epel
|
||||||
dnf:
|
dnf:
|
||||||
name: "epel-release"
|
name: "epel-release"
|
||||||
|
@ -26,30 +21,9 @@
|
||||||
|
|
||||||
- name: dnf install
|
- name: dnf install
|
||||||
dnf:
|
dnf:
|
||||||
name: ['git', 'vim', 'curl', 'yum-utils', 'policycoreutils-python-utils', 'zsh', 'docker-ce']
|
name: ['git', 'vim', 'curl', 'yum-utils', 'policycoreutils-python-utils']
|
||||||
state: latest
|
state: latest
|
||||||
update_cache: True
|
update_cache: True
|
||||||
|
|
||||||
- name: Change root password
|
|
||||||
user:
|
|
||||||
name: root
|
|
||||||
update_password: always
|
|
||||||
password: "{{ root_password | password_hash('sha512', user_salt) }}"
|
|
||||||
|
|
||||||
- name: add user
|
|
||||||
user:
|
|
||||||
name: quackerd
|
|
||||||
password: "{{ user_password | password_hash('sha512', user_salt) }}"
|
|
||||||
shell: /usr/bin/bash
|
|
||||||
groups: wheel
|
|
||||||
append: yes
|
|
||||||
state: present
|
|
||||||
|
|
||||||
- name: add user ssh key
|
|
||||||
ansible.posix.authorized_key:
|
|
||||||
user: quackerd
|
|
||||||
state: present
|
|
||||||
key: "{{ lookup('file', '../ssh_pub') }}"
|
|
||||||
|
|
||||||
- name: configure sshd
|
- name: configure sshd
|
||||||
lineinfile:
|
lineinfile:
|
||||||
|
@ -59,10 +33,20 @@
|
||||||
state: present
|
state: present
|
||||||
validate: "/usr/sbin/sshd -t -f %s"
|
validate: "/usr/sbin/sshd -t -f %s"
|
||||||
loop:
|
loop:
|
||||||
- { key: "PermitRootLogin", value: "without-password" }
|
- { key: "PermitRootLogin", value: "no" }
|
||||||
- { key: "PasswordAuthentication", value: "yes" }
|
- { key: "PasswordAuthentication", value: "no" }
|
||||||
- { key: "Port", value: "77" }
|
- { key: "Port", value: "77" }
|
||||||
|
|
||||||
|
- name: configure sshd match
|
||||||
|
blockinfile:
|
||||||
|
path: "/etc/ssh/sshd_config"
|
||||||
|
state: present
|
||||||
|
validate: "/usr/sbin/sshd -t -f %s"
|
||||||
|
block: |
|
||||||
|
Match Address 129.97.75.0/24
|
||||||
|
PermitRootLogin without-password
|
||||||
|
PasswordAuthentication yes
|
||||||
|
|
||||||
- name: enable selinux
|
- name: enable selinux
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "/etc/selinux/config"
|
path: "/etc/selinux/config"
|
||||||
|
@ -107,12 +91,6 @@
|
||||||
state: disabled
|
state: disabled
|
||||||
offline: yes
|
offline: yes
|
||||||
|
|
||||||
- name: enable docker
|
|
||||||
service:
|
|
||||||
name: docker
|
|
||||||
state: started
|
|
||||||
enabled: yes
|
|
||||||
|
|
||||||
- name: start firewalld
|
- name: start firewalld
|
||||||
service:
|
service:
|
||||||
name: firewalld
|
name: firewalld
|
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHi3i3BgGrOEm6LAXkE7sEVGNIXQ5DFdNZM+l/yjbtQh
|
Loading…
Reference in New Issue