Created some playbooks, a master playbook file, and a vars directory
This commit is contained in:
Alex Tavarez
17
playbooks/admin_login.yml
Normal file
17
playbooks/admin_login.yml
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
---
|
||||||
|
- hosts: servers4 # @NOTE for IPv6, switch to 'servers6' instead of 'servers4'--for both, 'servers'
|
||||||
|
vars_files:
|
||||||
|
# - vars/ssh_keys_vault.yml
|
||||||
|
- vars/ssh_keys.yml
|
||||||
|
vars:
|
||||||
|
ansible_ssh_private_key_file: "{{ chosen_native_ssh_private_key_file | default(chosen_local_ssh_private_key_file, true) }}"
|
||||||
|
tasks:
|
||||||
|
- name: Disable shell access for root
|
||||||
|
ansible.builtin.include_role:
|
||||||
|
name: lockdown
|
||||||
|
defaults_from: main
|
||||||
|
vars_from: main
|
||||||
|
handlers_from: main
|
||||||
|
tasks_from: deshell
|
||||||
|
apply:
|
||||||
|
become: yes
|
||||||
7
playbooks/group_vars/servers/main.yml.example
Normal file
7
playbooks/group_vars/servers/main.yml.example
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
---
|
||||||
|
passwords:
|
||||||
|
- username: senpai
|
||||||
|
password: "{{ vaulted_passwords.senpai.password }}"
|
||||||
|
ansible_user: "{{ passwords[0].username }}"
|
||||||
|
local_ssh_private_key_files: [] # @NOTE list paths to SSH private keys
|
||||||
|
chosen_local_ssh_private_key_file: "{{ local_private_key_files | random }}"
|
||||||
16
playbooks/manage_root.yml
Normal file
16
playbooks/manage_root.yml
Normal file
@@ -0,0 +1,16 @@
|
|||||||
|
---
|
||||||
|
- hosts: servers4 # @NOTE for IPv6, switch to 'servers6' instead of 'servers4'--for both, 'servers'
|
||||||
|
remote_user: root # MUST be run as root
|
||||||
|
roles:
|
||||||
|
- lockdown
|
||||||
|
# tasks:
|
||||||
|
# - name: Set up sys-admin account on VPS and secure VPS
|
||||||
|
# ansible.builtin.include_role:
|
||||||
|
# name: lockdown
|
||||||
|
# defaults_from: main
|
||||||
|
# vars_from: main
|
||||||
|
# handlers_from: main
|
||||||
|
# tasks_from: main
|
||||||
|
# tags:
|
||||||
|
# - init
|
||||||
|
|
||||||
5
playbooks/master.yml
Normal file
5
playbooks/master.yml
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
- name: Lock down VPS
|
||||||
|
ansible.builtin.import_playbook: manage_root.yml
|
||||||
|
- name: Disable shell for root
|
||||||
|
ansible.builtin.import_playbook: admin_login.yml
|
||||||
4
playbooks/vars/ssh_keys.yml
Normal file
4
playbooks/vars/ssh_keys.yml
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
native_ssh_private_keys: "{{ vaulted_native_ssh_private_keys }}"
|
||||||
|
native_ssh_private_key_files: []
|
||||||
|
chosen_native_ssh_private_key_file: "{{ native_ssh_private_key_files | random }}"
|
||||||
Reference in New Issue
Block a user