Added gitignore to ignore Python environment files

.gitignore

@@ -0,0 +1 @@
+.env/

inventory.yaml

@@ -1,24 +0,0 @@
-webservers:
-  hosts:
-    # {{ host_name }}:
-    #   ansible_host: {{ fqdn }}
-  vars:
-    # ansible_port: {{ port_num }}
-ssl_webservers:
-  hosts:
-    # {{ host_name }}:
-    #   ansible_host: {{ fqdn }}
-  vars:
-    # ansible_port: {{ port_num }}
-ssh_servers:
-  hosts:
-    # {{ host_name }}:
-    #   ansible_host: {{ fqdn }}
-  vars:
-    # ansible_port: {{ port_num }}
-local_ssh:
-  hosts:
-    # {{ host_name }}:
-    #   ansible_host: {{ fqdn }}
-  vars:
-    # ansible_port: {{ port_num }}

playbooks/lockdown.yaml

@@ -1,204 +0,0 @@
-- name: "create new ssh users"
-  hosts: ssh_servers
-  connection: ansible.builtin.ssh
-  remote_user: root
-  vars_prompt:
-    - name: root_password
-      prompt: "What is the password to the root account?"
-      private: true
-    - name: user_password
-      prompt: "What password would you like for regular user account?"
-      encrypt: sha256_crypt
-      confirm: true
-      private: true
-    # - name: wwwdata_password
-    #   prompt: "What password would you like for regular user account?"
-    #   encrypt: sha256_crypt
-    #   confirm: true
-    #   private: true
-    - name: web_domain
-      prompt: "What is the current or expected FQDN for the extant or planned web server?"
-      private: false
-      confirm: false
-  vars:
-    ansible_ssh_pass: "{{ root_password }}"
-  tasks:
-    - name: "creating system user"
-      ansible.builtin.user:
-        name: "www-data"
-        # password: wwwdata_password
-        create_home: true
-        home: "/srv/www"
-        shell: "/bin/bash"
-        state: present
-        update_password: always
-        comment: "webadmin"
-        system: true
-        uid: 100032
-    - name: "creating normal user"
-      ansible.builtin.user:
-        name: senpai
-        password: "{{ user_password }}"
-        create_home: true
-        shell: "/bin/bash"
-        state: present
-        update_password: always
-        comment: "sysadmin"
-        append: true
-        groups:
-          - "www-data"
-          - sudo #@TODO: conditionally change to "wheel"
-        system: false
-        uid: 1000
-    - name: "changing ownership of '/srv'"
-      ansible.builtin.file:
-        path: "/srv"
-        state: directory
-        recurse: no
-        owner: root
-        group: "www-data"
-    - name: "creating a webdev subdirectory for user www-data"
-      ansible.builtin.file:
-        path: "/srv/www"
-        state: directory
-        recurse: no
-        owner: senpai
-        group: "www-data"
-        mode: "u=rwx,g=rx,o=rx"
-    - name: "creating a subdirectory for FQDN"
-      ansible.builtin.file:
-        path: "/srv/www/{{ web_domain }}"
-        state: directory
-        recurse: no
-        owner: senpai
-        group: "www-data"
-        mode: "u=rwx,g=rx,o=rx"
-- name: "create local ssh public keys for remote user"
-  hosts: local_ssh
-  connection: ansible.builtin.ssh
-  vars_prompt:
-    - name: local_user
-      prompt: "As what local user will you log in?"
-      private: false
-    - name: local_pass
-      prompt: "Enter password for this local user "
-      private: true
-    - name: need_keypair
-      prompt: "Do you need a new ssh keypair?"
-      private: false
-    - name: desire_smartcard
-      prompt: "Do you wish to use a smartcard or security key?"
-      private: false
-  remote_user: "{{ local_user }}"
-  vars:
-    ansible_ssh_pass: "{{ local_pass }}"
-  tasks:
-    - name: "creating hardware key or smartcard based ssh keypair"
-      #@TODO: for below property, ssh shell command to create 
-      # hardware key based keypair
-      ansible.builtin.shell: ""
-      when: need_keypair and desire_smartcard
-    - name: "creating ssh keypair"
-      #@TODO: for below property's value, write ssh keypair 
-      # creation command
-      ansible.builtin.shell: ""
-      when: need_keypair and not desire_smartcard
-- name: "send local ssh public keys to remote user"
-  hosts: local_ssh
-  connection: ansible.builtin.ssh
-  vars_prompt:
-    - name: local_user
-      prompt: "As what local user will you log in?"
-      private: false
-    - name: local_pass
-      prompt: "Enter password for this local user "
-      private: true
-    - name: local_pubkey
-      prompt: "Enter public key ssh keypair path "
-      private: false
-  remote_user: "{{ local_user }}"
-  vars:
-    ansible_ssh_pass: "{{ local_pass }}"
-    target_user1: senpai
-    target_user2: www-data
-  tasks:
-    - name: "sending public key to remote ssh server"
-      #@TODO: for below property's value, write ssh pubkey 
-      # sending command
-      ansible.builtin.shell: ""
-      when: local_pubkey
-- name: "set up sftp for new users"
-  hosts: ssh_servers
-  connection: ansible.builtin.ssh
-  remote_user: root
-  vars_prompt:
-    - name: root_password
-      prompt: "What is the password to the root account?"
-      private: true
-  vars:
-    ansible_ssh_pass: "{{ root_password }}"
-    ssh_ftp_file: "/etc/ssh/sshd_config.d/ftp.conf"
-    ssh_ftp_config: "Match User senpai,www-data\n
-             PasswordAuthentication no\n
-             PubkeyAuthentication yes\n
-             AllowAgentForwarding no\n
-             AllowTcpForwarding no\n
-             X11Forwarding no\n\n
-      Match User www-data\n
-             ChrootDirectory /srv/www\n
-             AuthorizedKeysFile /srv/.ssh_wwwdata/authorized_keys\n\n
-      Match User senpai\n
-             ForceCommand internal-sftp -d /srv/www/{{ web_domain }}\n
-             AuthorizedKeysFile /home/senpai/.ssh/authorized_keys\n\n"
-  tasks:
-    - name: "adding file for sftp configuration"
-      ansible.builtin.file:
-        path: "{{ ssh_ftp_file }}"
-        state: touch
-        owner: root
-        group: root
-        mode: "u=rw,g=r,o=r"
-    - name: "configuring sftp"
-      ansible.builtin.shell: 'printf "{{ ssh_ftp_config }}" >> {{ ssh_ftp_file }}'
-    - name: "adding requisite authorized keys directory for www-data"
-      ansible.builtin.file:
-        path: "/srv/.ssh_wwwdata"
-        state: directory
-        recurse: yes
-        owner: www-data
-        group: www-data
-        mode: "0700"
-    - name: "adding requisite authorized keys file for www-data"
-      ansible.builtin.file:
-        path: "/srv/.ssh_wwwdata/authorized_keys"
-        state: touch
-        recurse: yes
-        owner: www-data
-        group: www-data
-        mode: "0600"
-- name: "disable non-key-based and root authentication for ssh"
-  hosts: ssh_servers
-  connection: ansible.builtin.ssh
-  remote_user: root
-  vars_prompt:
-    - name: root_password
-      prompt: "What is the password to the root account?"
-      private: true
-  vars:
-    ansible_ssh_pass: "{{ root_password }}"
-    ssh_auth_file: "/etc/ssh/sshd_config.d/auth.conf"
-    ssh_no_root: "/etc/ssh/sshd_config.d/deny_root.conf"
-  tasks:
-    - name: "adding file for authentication restriction"
-      ansible.builtin.file:
-        path: "{{ ssh_auth_file }}"
-        state: touch
-        owner: root
-        group: root
-        mode: "u=rw,g=r,o=r"
-    - name: "disabling ssh password authentication"
-      ansible.builtin.shell: 'printf "PasswordAuthentication no\n" >> {{ ssh_auth_file }}'
-    - name: "disabling ssh empty password usage"
-      ansible.builtin.shell: 'printf "PermitEmptyPasswords no\n" >> {{ ssh_auth_file }}'
-    - name: "disabling ssh root login"
-      ansible.builtin.shell: 'printf "PermitRootLogin no\n" > {{ ssh_no_root }}'