Working on basics

README.md

@@ -0,0 +1,21 @@
+# Salt's Ansible Repository
+
+Useful for management across all of 9iron, thefuck, and desu.
+
+## Deployment
+
+Adding a new server will require the following be fulfilled:
+
+* The server is accessible from the Ansible host;
+
+* The server has a user named `ansible` which:
+
+  * Accepts the public key located in `contrib/desu.pub`; and
+
+  * Has passwordless sudo capabilities as root
+
+* The server is added to `inventory/hosts.yml` in an appropriate place; and
+
+* The server is running Ubuntu 18.04 or greater (20.04 recommended)
+
+From there, running the playbook `site.yml` should get the machine up to snuff. To automate the host-local steps, use the script file `contrib/bootstrap.sh`.

ansible.cfg

@@ -0,0 +1,15 @@
+[defaults]
+interpreter_python = python3
+inventory = inventory
+roles_path = roles
+private_key_file = ~/.ssh/desu
+host_key_checking = false # I'm constantly spinning machines up and down; no time for this
+#ask_become_pass = true
+#ask_vault_pass = true
+command_warnings = true
+#deprecation_warnings = false
+system_warnings = true
+
+[ssh_connection]
+pipelining = true
+ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no

contrib/bootstrap.sh

@@ -0,0 +1,52 @@
+#! /bin/sh
+#
+# bootstrap.sh
+# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
+#
+# Distributed under terms of the MIT license.
+#
+
+set -e
+
+if [ "$(id -u)" != "0" ]; then
+	echo "This script must be run as root"
+	exit 1
+fi
+
+if ! [ -f "./desu.pub" ]; then
+	echo "The public key \"desu.pub\" must sit in PWD. cd to contrib"
+	exit 2
+fi
+
+echo "Adding ansible user..."
+
+if ! useradd ansible > /dev/null 2>&1; then
+	err=$?
+	case $err in
+		0)
+			;;
+		9)
+			echo "Continuing..."
+			;;
+		*)
+			echo "Encountered error $err adding user ansible"
+			exit 3
+			;;
+	esac
+fi
+
+echo "Adding key..."
+
+mkdir -p ~ansible/.ssh
+cat ./desu.pub > ~ansible/.ssh/authorized_keys
+
+echo "Fixing perms..."
+
+chmod 0600 ~ansible/.ssh/authorized_keys
+chown -R ansible. ~ansible/.ssh
+cat > /etc/sudoers.d/50-ansible << EOF
+ansible	ALL=(ALL:ALL) NOPASSWD:ALL
+EOF
+
+echo "Done!"
+

contrib/desu.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible

inventory/hosts.yml

@@ -0,0 +1,9 @@
+# vim:ft=ansible:
+all:
+  vars:
+    ansible_user: ansible
+  children:
+    web:
+      hosts:
+        web1.test.desu.ltd:
+          ansible_host: 192.168.122.214

roles/common/tasks/main.yml

@@ -0,0 +1,4 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+- name: configure basic packages
+  include_tasks: packages.yml

roles/common/tasks/packages.yml

@@ -0,0 +1,26 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+- name: configure packages via apt
+  block:
+    - name: update apt packages
+      apt: upgrade=yes update_cache=yes cache_valid_time=86400
+    - name: install basic packages
+      apt:
+        name:
+          - acl
+          - apt-file
+          - aptitude
+          - awscli
+          - htop
+          - ncdu
+          - net-tools
+          - openssh-server
+          - pwgen
+          - python3-apt
+          - screen
+          - vim
+          - whois
+    - name: remove basic packages
+      apt: state=absent name=unattended-upgrades
+  become: yes
+  when: ansible_os_family == "Debian"

site.yml

@@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+- hosts: all
+  roles:
+    - role: common