From 9cc70a00e6509d58326939cd04a2b9238d2d7180 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Sat, 17 Oct 2020 00:21:57 -0500
Subject: [PATCH] Working on basics

---
 README.md                       | 21 +++++++++++++
 ansible.cfg                     | 15 ++++++++++
 contrib/bootstrap.sh            | 52 +++++++++++++++++++++++++++++++++
 contrib/desu.pub                |  1 +
 inventory/hosts.yml             |  9 ++++++
 roles/common/tasks/main.yml     |  4 +++
 roles/common/tasks/packages.yml | 26 +++++++++++++++++
 site.yml                        |  5 ++++
 8 files changed, 133 insertions(+)
 create mode 100644 README.md
 create mode 100644 ansible.cfg
 create mode 100755 contrib/bootstrap.sh
 create mode 100644 contrib/desu.pub
 create mode 100644 inventory/hosts.yml
 create mode 100644 roles/common/tasks/main.yml
 create mode 100644 roles/common/tasks/packages.yml
 create mode 100755 site.yml

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0f6dd03
--- /dev/null
+++ b/README.md
@@ -0,0 +1,21 @@
+# Salt's Ansible Repository
+
+Useful for management across all of 9iron, thefuck, and desu.
+
+## Deployment
+
+Adding a new server will require the following be fulfilled:
+
+* The server is accessible from the Ansible host;
+
+* The server has a user named `ansible` which:
+
+  * Accepts the public key located in `contrib/desu.pub`; and
+
+  * Has passwordless sudo capabilities as root
+
+* The server is added to `inventory/hosts.yml` in an appropriate place; and
+
+* The server is running Ubuntu 18.04 or greater (20.04 recommended)
+
+From there, running the playbook `site.yml` should get the machine up to snuff. To automate the host-local steps, use the script file `contrib/bootstrap.sh`.
diff --git a/ansible.cfg b/ansible.cfg
new file mode 100644
index 0000000..da26a1c
--- /dev/null
+++ b/ansible.cfg
@@ -0,0 +1,15 @@
+[defaults]
+interpreter_python = python3
+inventory = inventory
+roles_path = roles
+private_key_file = ~/.ssh/desu
+host_key_checking = false # I'm constantly spinning machines up and down; no time for this
+#ask_become_pass = true
+#ask_vault_pass = true
+command_warnings = true
+#deprecation_warnings = false
+system_warnings = true
+
+[ssh_connection]
+pipelining = true
+ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no
diff --git a/contrib/bootstrap.sh b/contrib/bootstrap.sh
new file mode 100755
index 0000000..8f7de25
--- /dev/null
+++ b/contrib/bootstrap.sh
@@ -0,0 +1,52 @@
+#! /bin/sh
+#
+# bootstrap.sh
+# Copyright (C) 2020 Vintage Salt <rehashedsalt@cock.li>
+#
+# Distributed under terms of the MIT license.
+#
+
+set -e
+
+if [ "$(id -u)" != "0" ]; then
+	echo "This script must be run as root"
+	exit 1
+fi
+
+if ! [ -f "./desu.pub" ]; then
+	echo "The public key \"desu.pub\" must sit in PWD. cd to contrib"
+	exit 2
+fi
+
+echo "Adding ansible user..."
+
+if ! useradd ansible > /dev/null 2>&1; then
+	err=$?
+	case $err in
+		0)
+			;;
+		9)
+			echo "Continuing..."
+			;;
+		*)
+			echo "Encountered error $err adding user ansible"
+			exit 3
+			;;
+	esac
+fi
+
+echo "Adding key..."
+
+mkdir -p ~ansible/.ssh
+cat ./desu.pub > ~ansible/.ssh/authorized_keys
+
+echo "Fixing perms..."
+
+chmod 0600 ~ansible/.ssh/authorized_keys
+chown -R ansible. ~ansible/.ssh
+cat > /etc/sudoers.d/50-ansible << EOF
+ansible	ALL=(ALL:ALL) NOPASSWD:ALL
+EOF
+
+echo "Done!"
+
diff --git a/contrib/desu.pub b/contrib/desu.pub
new file mode 100644
index 0000000..544a989
--- /dev/null
+++ b/contrib/desu.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible
diff --git a/inventory/hosts.yml b/inventory/hosts.yml
new file mode 100644
index 0000000..d2dd938
--- /dev/null
+++ b/inventory/hosts.yml
@@ -0,0 +1,9 @@
+# vim:ft=ansible:
+all:
+  vars:
+    ansible_user: ansible
+  children:
+    web:
+      hosts:
+        web1.test.desu.ltd:
+          ansible_host: 192.168.122.214
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
new file mode 100644
index 0000000..15675c7
--- /dev/null
+++ b/roles/common/tasks/main.yml
@@ -0,0 +1,4 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+- name: configure basic packages
+  include_tasks: packages.yml
diff --git a/roles/common/tasks/packages.yml b/roles/common/tasks/packages.yml
new file mode 100644
index 0000000..00a3097
--- /dev/null
+++ b/roles/common/tasks/packages.yml
@@ -0,0 +1,26 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+- name: configure packages via apt
+  block:
+    - name: update apt packages
+      apt: upgrade=yes update_cache=yes cache_valid_time=86400
+    - name: install basic packages
+      apt:
+        name:
+          - acl
+          - apt-file
+          - aptitude
+          - awscli
+          - htop
+          - ncdu
+          - net-tools
+          - openssh-server
+          - pwgen
+          - python3-apt
+          - screen
+          - vim
+          - whois
+    - name: remove basic packages
+      apt: state=absent name=unattended-upgrades
+  become: yes
+  when: ansible_os_family == "Debian"
diff --git a/site.yml b/site.yml
new file mode 100755
index 0000000..1e9a74d
--- /dev/null
+++ b/site.yml
@@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+- hosts: all
+  roles:
+    - role: common