Working on basics

This commit is contained in:
Salt 2020-10-17 00:21:57 -05:00
parent ad70b4aca0
commit 9cc70a00e6
8 changed files with 133 additions and 0 deletions

21
README.md Normal file
View File

@ -0,0 +1,21 @@
# Salt's Ansible Repository
Useful for management across all of 9iron, thefuck, and desu.
## Deployment
Adding a new server will require the following be fulfilled:
* The server is accessible from the Ansible host;
* The server has a user named `ansible` which:
* Accepts the public key located in `contrib/desu.pub`; and
* Has passwordless sudo capabilities as root
* The server is added to `inventory/hosts.yml` in an appropriate place; and
* The server is running Ubuntu 18.04 or greater (20.04 recommended)
From there, running the playbook `site.yml` should get the machine up to snuff. To automate the host-local steps, use the script file `contrib/bootstrap.sh`.

15
ansible.cfg Normal file
View File

@ -0,0 +1,15 @@
[defaults]
interpreter_python = python3
inventory = inventory
roles_path = roles
private_key_file = ~/.ssh/desu
host_key_checking = false # I'm constantly spinning machines up and down; no time for this
#ask_become_pass = true
#ask_vault_pass = true
command_warnings = true
#deprecation_warnings = false
system_warnings = true
[ssh_connection]
pipelining = true
ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no

52
contrib/bootstrap.sh Executable file
View File

@ -0,0 +1,52 @@
#! /bin/sh
#
# bootstrap.sh
# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
#
# Distributed under terms of the MIT license.
#
set -e
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root"
exit 1
fi
if ! [ -f "./desu.pub" ]; then
echo "The public key \"desu.pub\" must sit in PWD. cd to contrib"
exit 2
fi
echo "Adding ansible user..."
if ! useradd ansible > /dev/null 2>&1; then
err=$?
case $err in
0)
;;
9)
echo "Continuing..."
;;
*)
echo "Encountered error $err adding user ansible"
exit 3
;;
esac
fi
echo "Adding key..."
mkdir -p ~ansible/.ssh
cat ./desu.pub > ~ansible/.ssh/authorized_keys
echo "Fixing perms..."
chmod 0600 ~ansible/.ssh/authorized_keys
chown -R ansible. ~ansible/.ssh
cat > /etc/sudoers.d/50-ansible << EOF
ansible ALL=(ALL:ALL) NOPASSWD:ALL
EOF
echo "Done!"

1
contrib/desu.pub Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible

9
inventory/hosts.yml Normal file
View File

@ -0,0 +1,9 @@
# vim:ft=ansible:
all:
vars:
ansible_user: ansible
children:
web:
hosts:
web1.test.desu.ltd:
ansible_host: 192.168.122.214

View File

@ -0,0 +1,4 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
- name: configure basic packages
include_tasks: packages.yml

View File

@ -0,0 +1,26 @@
#!/usr/bin/ansible-playbook
# vim:ft=ansible:
- name: configure packages via apt
block:
- name: update apt packages
apt: upgrade=yes update_cache=yes cache_valid_time=86400
- name: install basic packages
apt:
name:
- acl
- apt-file
- aptitude
- awscli
- htop
- ncdu
- net-tools
- openssh-server
- pwgen
- python3-apt
- screen
- vim
- whois
- name: remove basic packages
apt: state=absent name=unattended-upgrades
become: yes
when: ansible_os_family == "Debian"

5
site.yml Executable file
View File

@ -0,0 +1,5 @@
#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
- hosts: all
roles:
- role: common