From 6a4870a9cc03b3f2b5fae21925d34cc62500d278 Mon Sep 17 00:00:00 2001 From: Virgile Retault Date: Thu, 21 Jul 2022 15:19:24 +0200 Subject: [PATCH] remade base playbook and roles --- books/apt_proxy.yml | 8 +- books/base.yml | 22 +- books/monitoring.yml | 4 +- books/vpn.yml | 3 +- group_vars/all/networking.yml | 5 + group_vars/all/users.example | 9 + group_vars/all/users.yml | 263 +++++++++--------- host_vars/sulfur/ansible.yml | 2 - host_vars/sulfur/main.yml | 38 +++ host_vars/sulfur/networking.yml | 13 - host_vars/sulfur/secrets.yml | 9 + host_vars/sulfur/users.yml | 7 - host_vars/sulfur/vpn.yml | 13 - host_vars/technetium/ansible.yml | 2 - host_vars/technetium/main.yml | 36 +++ host_vars/technetium/secrets.yml | 8 + host_vars/technetium/users.yml | 4 - hosts | 10 +- .../files/update-motd.d/01-logo | 0 roles/{base_config => base}/tasks/main.yml | 3 - roles/base_totp/tasks/main.yml | 22 -- roles/cloudinit/tasks/main.yml | 14 + roles/networking/tasks/main.yml | 24 +- roles/{ssh_totp => ssh}/handlers/main.yml | 3 +- roles/ssh/tasks/main.yml | 8 + roles/ssh/templates/sshd_config.j2 | 13 + roles/ssh_totp/meta/main.yml | 2 - roles/ssh_totp/tasks/main.yml | 25 -- roles/users/tasks/main.yml | 1 + roles/vpn/handlers/main.yml | 2 +- roles/vpn/tasks/main.yml | 20 +- 31 files changed, 304 insertions(+), 289 deletions(-) create mode 100644 group_vars/all/users.example delete mode 100644 host_vars/sulfur/ansible.yml create mode 100644 host_vars/sulfur/main.yml delete mode 100644 host_vars/sulfur/networking.yml create mode 100644 host_vars/sulfur/secrets.yml delete mode 100644 host_vars/sulfur/users.yml delete mode 100644 host_vars/sulfur/vpn.yml delete mode 100644 host_vars/technetium/ansible.yml create mode 100644 host_vars/technetium/main.yml create mode 100644 host_vars/technetium/secrets.yml delete mode 100644 host_vars/technetium/users.yml rename roles/{base_config => base}/files/update-motd.d/01-logo (100%) rename roles/{base_config => base}/tasks/main.yml (88%) delete mode 100644 roles/base_totp/tasks/main.yml create mode 100644 roles/cloudinit/tasks/main.yml rename roles/{ssh_totp => ssh}/handlers/main.yml (65%) create mode 100644 roles/ssh/tasks/main.yml create mode 100644 roles/ssh/templates/sshd_config.j2 delete mode 100644 roles/ssh_totp/meta/main.yml delete mode 100644 roles/ssh_totp/tasks/main.yml diff --git a/books/apt_proxy.yml b/books/apt_proxy.yml index fb59756..2e63611 100755 --- a/books/apt_proxy.yml +++ b/books/apt_proxy.yml @@ -1,5 +1,11 @@ #!/usr/bin/env ansible-playbook --- -- hosts: apt_proxies +- hosts: apt_proxy roles: - apt_cacher_ng + +- import_playbook: vpn.yml + +- hosts: vpn + roles: + - client_apt_proxy diff --git a/books/base.yml b/books/base.yml index 2d93f20..d801889 100755 --- a/books/base.yml +++ b/books/base.yml @@ -1,18 +1,18 @@ #!/usr/bin/env ansible-playbook --- -- hosts: vpn - roles: - - vpn - - client_apt_proxy - - hosts: server roles: - networking - - base_config - - prometheus-node-exporter - -- hosts: server - roles: + - base - users - - ssh_totp + - ssh + tasks: + - name: Check if host is using cloud init + stat: + path: /etc/cloud + register: cloudinit_folder + - include_role: + name: cloudinit + when: cloudinit_folder.stat.exists + diff --git a/books/monitoring.yml b/books/monitoring.yml index 1265a5b..31f80a2 100755 --- a/books/monitoring.yml +++ b/books/monitoring.yml @@ -1,12 +1,12 @@ #!/usr/bin/env ansible-playbook --- -- hosts: prometheus_servers +- hosts: prometheus roles: - prometheus - prometheus-alert-manager - grafana - prometheus-blackbox-exporter -- hosts: all, !tests, +- hosts: server roles: - prometheus-node-exporter diff --git a/books/vpn.yml b/books/vpn.yml index 841482d..77ab98b 100755 --- a/books/vpn.yml +++ b/books/vpn.yml @@ -1,6 +1,5 @@ #!/usr/bin/env ansible-playbook --- -- hosts: vpn, !tests +- hosts: vpn roles: - vpn - - networking diff --git a/group_vars/all/networking.yml b/group_vars/all/networking.yml index 9587af1..a9abcd1 100644 --- a/group_vars/all/networking.yml +++ b/group_vars/all/networking.yml @@ -28,6 +28,11 @@ intranet: ipv4: 172.20.1.5 netmaskv4: 32 comment: Matrix server + technetium: + domaine: technetium + ipv4: 172.20.1.99 + netmaskv4: 32 + comment: Test VM guest_hellman: domaine: hllm ipv4: 172.20.198.0 diff --git a/group_vars/all/users.example b/group_vars/all/users.example new file mode 100644 index 0000000..1d91425 --- /dev/null +++ b/group_vars/all/users.example @@ -0,0 +1,9 @@ +--- +user_dict: + lorem: + shell: "/bin/bash", + password_hash: "$6$lvbzekjvbzejbvzvzvbzvbzhvbzbv....aezrfv/", # the string betwenn the first and second `:` in /etc/shadow + ssh_keys: + - "ssh-rsa azrekgnbmoienbzrinoien...aoeuzn lorem@host1", + - "ssh-ed25519 azrekgnbmoienbzrinoien...aoeuzn lorem@host2", + totp: "daeae8ce486f6636d68c37c21ce002" # the hex value diff --git a/group_vars/all/users.yml b/group_vars/all/users.yml index febd6e4..8354410 100644 --- a/group_vars/all/users.yml +++ b/group_vars/all/users.yml @@ -1,135 +1,130 @@ $ANSIBLE_VAULT;1.1;AES256 -32663331653233353731353139666138323138373161633338653030366131353635333031343366 -6262363661383266393163333436643265336430633665330a646636616530626237306236393063 -34383165613330663935623565326430626561303961366464663739393465633735303634653865 -3731393330383366620a316139346166616335343564353431613938363266343962663831613034 -30626561316663336239613230386663316266393638643761336432383566623066343838323133 -31613765623162636462303638363930636433303331666434303764386337663162643537663361 -39373337376635306132386538323939646239633461633733666132343430643235313633386464 -39346238333836353238396466336330343862393733306333363265366363303136343932623736 -36666337363165343239636262336363613236396162303061343331313839353731616162666561 -61333235306237613161653632616332383332376365373733326335333739316563316439633361 -65393366346134366137663263616165613063333166636532393734393963613033313363353163 -32333832353931613738353530396637613534393839336338336231356632616239303662623339 -61373836383538346565363963623662616530316634346564643730383032656130626636333135 -36383631663766616131373537376435326461316536373337646136623664373365643732383630 -63313563666466316535663531613265313933343664303439653336323935373832326632333961 -38363366396136636231383136323934396532313233353538313831616231383637633665623261 -39336162636561363438323636616363373939306332376433303934396531666534333431313965 -63376665323537613263353531646135633861663364336564363131383633623065383938363665 -38353338323732306463333138623966666563323263363534363664666532323038393463636635 -33323434363733393739363562626237393031336461313338643562383334656230346132666532 -66326362613263303262343837623835323161373163643438313937316530633230646132626264 -38643536353764313661383430383962326131346338643632633161663262333232623662316365 -30316236346338303331313266386266663239303963363761393766386430383338343163616137 -36616536336165653936333463343737323961356135626563383161373431613362633564653863 -36393963663766383533376335373165343465316261356536336333643665393065333433386261 -62613534353934633830623762376436633661383666316635386436616533633561353032303261 -66376536353333623832303365386265336264366439386261333064643062303035613936306261 -37313932336331326265666163356333373163363161336665386338643864656232643332373363 -34366337323232346361623839623631393730363961353530396162343666313233313132636630 -31323231316463306663623039623165653465313232363532316564326639653161323264623837 -66373165656535353933656365626462373566336663363335653232393233613132316236373233 -65653135623235616430316330386666333031646565646461386335343164336334393237656262 -63636232613237363061393633663762376166393364663731376261323434383862303935363565 -37643136613339313366356165623631376131356232646438373135343539313463383362636633 -34386261333866646562643335343636663563346263383462353235623738383065353137373266 -34366664366434346563383933656333343266613434613035396465316630326261313737623464 -65316631363361626564393763323063326537636333303566316236353763393838356237376135 -65646433303139393263383136346361383136356331633832643233333262333033316535393433 -34373233343235323061393538346135306133366335303764336262613133376637633436376637 -36396366616231336161396232316535323963353131366138636264303737363137353538653136 -38323030626139363638646165623438626338306435356361353731643337366161386561613464 -37626132613238626237666337616336653639356331363166613431363636626365623664353736 -38323836373563386137643362386465343064363030633963623864616335636630353936366662 -31353263326533313562306530376232303933396239303739326238343736333732356666633034 -39643038656137356161373031626131346435396262356238643937653164356566633434623362 -62336431366266623164616462366137343564636431383930346530663039356563343163393365 -63633335303036356130623062616433643138626466383761333731306239353565636336626166 -65333431656634666163376661343538303563646438666333396636303331356434356132636235 -30353938663634383537376232653261363932613135663734306536663733613862356639613466 -34326630326362373830383263306132313763616265646235353562373430376630666432353136 -36633034653761373636626139353837643130326162316564626165383232663830633662373562 -30633565393235373261663962396535666430343133626261323063353137386431353330316134 -33336637363862646366633362653066373234656131626132643661333532633535363332363966 -30633761306539346432656131376463633631323630663762613832613332653762353865306137 -31663465633462636663333735666137326166656135653036633830663463623466336134303032 -64663036646238326237353336633365643238653938363039376337616139306132663939353036 -64663166343939333361626136313434633639376566663865613339663331386530356663303038 -33343235383434346532343762353661336136383034653030656631333332313639336239323838 -65376231666338333331663432326539663334663136313162306666663564353738303639646335 -38333431323839333135643966383861383065333930666433653663636134636236666430363063 -65373639343432333762666138376461323562316261663961356530613733376463386538663830 -37333762613866363939646662626239353765306266616236643037373865316461326437303039 -37653431323864303431316337363739656235386534383533386635343930646130383839333139 -39666165333363653939646236653135653163643364666135323439346266353738653065323063 -30656265333136353436643062623738306531376435626463356337313764366665373939343033 -65396635323638316662333537613865336532613932636262643634643232316438356135626432 -30636138383366373338313166366161626563633736343663343132653035646131393530653233 -64303762363865616536306365333832303563656664653164346462666262646365643435646639 -31383230373135366236373634396531393638373830653565376535656364626361383834616465 -34666536303230303638356530346635326239326237373730343138333137623162343566633466 -31363166643566623866383637633864326662613131326339323236633662396665613864323434 -62303866323537663264663732303562306562316632346361373433376364623566356232613435 -64316261646432663039393062613166323264333433323633353532306332343662616166366533 -30613737303331356462646337653236643935353638363837313661343233613839373264346530 -37326536633561646436643832303861313366303562393230653733353862333734336561323266 -61303230613066643636313230303232343436323135363765633232643863326235653766623365 -31353132663030346361626632336539666263336661376433663039633134623065373635363561 -37613138316336613738633639386635396462393336336534616533303165623837393639636364 -34326163333461346566356361623632373361613163663065643065366236623664633430366430 -38376539653235666535383434316466333165313339343063356362363038656137346231366330 -39623230643831393334393338656664343765623034346465666633653731623762383634656666 -37396632343532396139386565303865393034333266363230396433383466346661623639376166 -66636536656539316239323461663061316166303335633961343836633262353833313736666637 -31386634373934326532376631336430316663613062336332643562323565363936633530663231 -31643630616338663431633038373035393636643464623333663831353962383439666633386564 -33353231363630353833373964663433623165613662343032616564396233346632356166316466 -30666631373235396336363934386438323166626332313030643230373362633238333361323732 -64626464303561666230313365366636346366376435333833633764376562343839646539353261 -32646630326530396438353435306336303963666333626339396133303666383730376362643735 -35346161333062326535336232386134613434356234663665383964373935373137336639646130 -35383564313133393931376164316632356635323463393762353038373234393539363565303862 -36313731316537363932663337336138633230643965353335356233326434626665333061353233 -61383861326639363531383033623935363537396332393361633837626638303963336633323430 -33653834633866353431396438346231656333643136633861333834336639613137326564356262 -65376238373631626339366661343563663233336231303965633336393539393162663230626634 -32346433373934383264356661383032393138343436343039343566643164393933643239363834 -30343739326463363633306461363062313532393261323134646536303336643563353063313538 -38383466653161396466643336663732343932383839623135366532363566353138633161333463 -39303461396235366365656166326632636235306131356538386263313262626463613735346338 -63303535653964356632386135333033306561383962633538363462353061343962373438316265 -39386263636133666636393064343831636236646162306636633836363737323930336435396138 -33366535613931626230633136613864383336356661633565333362363436343838376330366333 -30363332373831393364333237626134366533333533363130643662316366343238633464666436 -62346534616330623333626138616330323631633763656330353738616263626233386337323963 -32303565313465303464343366376334353533396264663561346438626266376463306635333831 -66613861653965653434376633363034336462316635386332653063356637343531316439653030 -32313734303762613563393762653661303735653364326131656236613230656635636630376537 -30613730363761383438383262626432396631393832346262333266346537336436653862366663 -38656138336236333939623333326234656166326163643165646631313230633263613732363533 -36643665386366363637376138343339646435373062313563316433306232363266386236663931 -62623433646239636263643039646462633936653331303032326335336231323561326534643932 -62333865646565326338386339336264613036313631633431343561303936623733363163386630 -33353738316438376539643234303433313137303063326264313135626231363731666535313363 -34353231363864313365653162303631613362623562336663356664636437653137383635333263 -65373331653065303932306133306636623265373939346431363633633538626666306431386463 -38663137386166633166343930663663663165316261656631613734643838663237333034306461 -37383838336338633965626231393839626664656536323938616164656666346665333432616437 -32336333343266653561396232393639336365616237626465343333326332653732363733353031 -33633965333639393531383231373334393332373038393666626231613862666162346431626132 -35336233313266613933383266323765303538396535343461393832646238343335323433663734 -30376136376537333535643132633866643232363133653934363733323035366665663338633464 -62303234323238613531323237366636656336343165646436646366323235393537663539623765 -62346264613236636463313565366562393238313537313962666466393939363863393633323532 -64643935366630346135646232663161323033376138633633316265353138303834313034616233 -34366336643832383139313865626237353461336637346135613334326638653361326163646536 -34316362616230376462636134366663616437316333323064326461363338373565396231306362 -32623261333764336264653762393730323465653563613534343431363965386663396162663364 -35646164323236653934633039373236363565653030396265663439326637653734643963393830 -62346137653137663265353531333161616238303839643638643531646332343365373639396232 -31323030323833653164636461323733616466636662366663323138346232643837386331643636 -39663432613064343732393732643138663263613662373139396130616534653466376631373165 -32623838653365303331386633633962613536623334393536616465323734336266613936663435 -64626438396365396536616665313131646131326435356463356431616339343939653561346261 -6366396261353230613565393938323965613832313865623132 +33616537616365396333336638636535353264303632353932306133323533356566666238323764 +3662623730313661316266313535393332616534336565320a323864623561306530613934313961 +36336665636437336135323163643430386261633062626434376636666561656632393537306561 +6363333965656334350a323935656335343863353838633666383331626237323135303264336630 +30326563626661636437616533663966373434303930356464373835613162313635613038333437 +32353333343664663665313865303163616264373432336633376138643432373931306532383232 +34363764383738386336336631313262626661663463666330633361346436396564303436396139 +62613731616339386239383762356438646333613538363130353065383437376633363238306531 +37633161326139386533386334633731383039663661633631373961656438653930643038303039 +32373861313662393963623963616163323534386339383734303364663036333565353663616138 +37396332616464313966353835623839633264326231663030363039643465393630613466363562 +33653761373734343336643035616233386464336266633438316138303939636663376532633062 +64303839613062343765663162353938333764386233346463653961373562663631623732313065 +61666562616237386631356165393439323533336363373636373166343562373932353935383963 +31663630636238613335616335346430313862616462333134336537383037663237623539346462 +36663932623437333138613663636132316533383939623530386630353230666435343332316561 +34323732653565333565623930383265303934313562353835303064623166656637383035616635 +34343633666432663562363564303636303036643961666236366565373966663162333735636337 +61323337636136626261323065353432643939353735643136653236376235356366333466316531 +37393238393262633433616434326535306237666232666664386361303735373861643539663539 +38346637653332623033393663366331336238666337643762666530663761303966383364343031 +66316639353666323334396334333831366436383466633033363839363632623033363865376530 +36373933333265613462353532373032666561613332333539363864376132336266626638653766 +37393562356362353339366234613035393934663661393964346339633137636232623363633131 +39323034663834636332383330636466316630303136363330363162383132633365636433383131 +65313533643264613735336333393463303533366139343364313065336436336630336439383733 +63666663653635373461336438353161326666613632613733383530626430376631333563636164 +36333762346439393665626333393066646237316466643563373838656235323132326534623335 +33303161633638386334363465663164626165383763306436636362346135613238313262343636 +65623461313863666462333235636436366237643561323661323332306130363036613861376561 +32356236306161343831613966396236313638313938653831353863316465346635346161616131 +31323335636532353234396665643033366334376131343962316136373737626136373561373065 +30633930346465363832633335613761353039386666633561396637306265383734396630656166 +63613931653235613537333431373666303339333666366236626235393737653132633833353637 +35623566356635623331376631393233346663666466616366386464323462313130666264326565 +36633664306236666432623430643935363735303936646165306534383764336133336333366531 +62333965383336383365613766356264343431626535613037386266373536363763666462386437 +66653962313830316166653032336162636166313532323139306562316238656461643733636133 +34666561396261313733323961313563643362336635343937303663646436323064313239643533 +64643161386532366331623835623838633739613337376362333936613063623034326336623662 +31316438643834353061613765383336643062386464336336396330373564613436323166623836 +62353663343533653362396637386538306333326365336336316130353863356264626536303734 +65316166656637643266636664633838636636346133356264343036383839666632626662353366 +62646133356633353538376664353364616237653739346365663632613230346235656431376638 +38383835373833376536356537393032346132396661326330393532663630393832616362666466 +38353366316631366335366139313935666366383534383731636464303434373831313833323139 +66633764383338636134303830343731666465396665346430643061383031393034313564653261 +35393762656266613463643766656134323465373464313034353363363138636433653361346263 +66363762393362306632346338316662396331306661663037663939353363383434393937643962 +65353030363036363532366538316531316266313137363439386439353361646564653035626533 +62346433653439646236333031343239323935353930623238306131633039383233623637666566 +32376639383437643434653432636663643635386637303864656635303734306363666661643965 +63363234363332386633363264333639343866303935303332643465653039343635343961653533 +32363030353731663334376638333832346464663365343939303434326239306632326638373439 +63396539393933323463626130653630376330356561373336313764373731356462343766323762 +65653134363637383535326232333337636438366231653961346166333637376131643662626266 +63356639313263646136616462366234386465333335313266333763333766313866393439393031 +35306564376432393436656663646265633861396536366236353663643864386134666438646537 +31663635366231373139323338643036313631613635313237633030386231613931623036343661 +30363834646265343363333333333230383265366561363765326337306666373333313563393962 +37366637303631376338636265336566386438323061303034666638643335356138336365666463 +32323136363834336437643263376262313730326264613438623230343830636439396137346633 +30663563653035346461616632656161303534613137386532653339333963396133353739386332 +61323234376564333032363739313934356165353261313538636130373735306563656134626539 +39353932656463326534323731643865663732383938353865663232393365356364626534306164 +30316663343234323832353465333631633965373932393462316664356365313139323439373364 +65623466653061376166313066363763386536363134666633613533393166663563393364343631 +38643739353438356433626236356135623364616261663563393439656233356264613037316331 +39616534633266336139633736643333623666636666643839323833643133623861373232323939 +64656436353561626461366461663366306663616362333161663032333738623834616363386266 +34346164393039363230643532623637653963376262326135623338373430383731313133346333 +35303739353465383766663061306439383861376430623563396465353230653937336262313834 +63383435623062663235623966306630343832646361373630313732613934653064346531393037 +32346364383463363739633566616237333066623862356238383261373361316164303332343461 +33376638396130363032633734353538343261393335343232353765666535303432633563373438 +64396665363162626633393366623239373231663131353038383637353435333764613565633466 +61636530356163303737653131633130643231346465613966643131616339336531376336643337 +63393762353938323232373636346232343761373830363639613763633835343766356434623435 +31626337386466623537376633326438353235396262636432393733623430353237396336303965 +39323333663862363033393732643139383036613939656134306665333039633864653034343635 +66393962353638303964666564393732396434306638366531316366333933323565333164626164 +62646561346661333338663136643732333432666366633839303939386264646330663764356661 +30343236333837363736366263396334333437363962653761313039646663316338663030386339 +34343963616366316432313264653636353366623364653761356566363964396262366464396165 +66393035653937656334653737326463373039373562386139323937303633626630376337636437 +64643539623239323730386336306238663931393061636434343766313935636465623766613266 +63306461653430346135633461633130666232373565336136306561353165333237316263306431 +32343439666462346565393138653663393634303164656636616131303466363732353932336436 +61343732386533643231383861623066383066383031363731306661393830646564366338333365 +61396537313163323166373736623339616162623937396565363633623361613863643336613134 +39373734623030663632386633656438326366346333643434303439313532636132313161393037 +65373764376538363365323432643230376366663733316235613534393432613038343763666230 +32356630343835313532356434663436613431666562306138623830373938653061353630313532 +39356661353966626231636631336362373531353238623737323935623738653333376139613434 +64353035666332343361666563636535623934303535633636333666396165396637663866613534 +34623966303639646339333565363364353937653830393663383162313562623431336434393364 +65633030623939393264613736336265366564383138326538646635323764306165333165363962 +33383433663638323562366162396534333961353635323033633666386363646135386138613438 +31353463366539653530643464396666333735376465386331396336356635383064633132383763 +39366233623337643764343439653632326564343635323064326366396362336566393863363765 +31313165353565366663383466386330396166363065396661326137653737643462656363306131 +33343939393534656238376531303039616265323465353334643531663263366332623934633763 +63353638323538653163373263383539613733623661366233393265646131386232333766613362 +33636138636434383539616238613866383338333534393263656439396263366365303032633035 +62623635636137316536333630373865643036353664616438663535663765313339323461653435 +61303461663562616632373061613031333332356330303035636231303864306464306138656538 +63633566636636633738646266343733616639303138363336326565663232383230376533613964 +38303230636333356236386538326631333561316332396366313337303839396337396639636432 +64626661383037356537323866613039633637376331386438663236383937616631343731643733 +31616132383437623663623230383661373034393735323937363332336331366364336335376636 +31393866383332363762626136613663626630656534373764363733623763336132336135366533 +63636133656133346661393764343564653035363834613730626139313736346161633330656134 +64373031616664366566396637363465333636366237363130663334643131373262383162653334 +62663162613634666535346630343134666131376362636262633862373833356263656535386431 +37316461373731656236613463646639383966336336346637613562653538396161393662363636 +31626332376238323061646530653838616433333934616639316430393065373165393766646132 +39613462363331356239616365393132373866396330656430376633356131316138333230633536 +37333761653763333139303566633966616337356637623330396334333931303232346239303164 +66323865643131383830623232313766373834393733653162623761643431316239663037336336 +36353365346466363166666366326635366632323836393265353530336132326239343138313662 +39393064363034646562643163313735363833623733303666643434326436623465636664646339 +62343932316631623862336437386139386165623635653164363662633239616633383363623462 +33663565356134383135376263653437393530346634663163383364636664393431306337646338 +34383735623839396162373737343163363266343866626330373236666665396432303531366230 +39336337363239646165666639383965396662666533386637633533643835363338343065346631 +33343933643664353937393366383465366563363531386134313338393938666430353938303339 +36363535363938373732646233663837363232663938333265343031313735363332653237333235 +39663534373564653230353632396464623434623931353663343063316230616330323039356135 +31343033653439366232376464613834363036636161366662363939333466383235 diff --git a/host_vars/sulfur/ansible.yml b/host_vars/sulfur/ansible.yml deleted file mode 100644 index 4d19f67..0000000 --- a/host_vars/sulfur/ansible.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ansible_host: sulfur.lan diff --git a/host_vars/sulfur/main.yml b/host_vars/sulfur/main.yml new file mode 100644 index 0000000..48d122d --- /dev/null +++ b/host_vars/sulfur/main.yml @@ -0,0 +1,38 @@ +--- +ansible_host: sulfur.lan + +## Users +users: + g33kex: sudo + histausse: sudo + dorian: sudo + thomyrock: sudo + +## Networking +interfaces: + ens18: + type: dhcp + wg0: + ipv4: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}" + netmaskv4: "{{ intranet.netmaskv4 }}" + type: wireguard + +ipv4_forwarding: false +ipv6_forwarding: false + +lan_address: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}" + +## VPN +vpn_interfaces: + wg0: + ip: "{{ interfaces.wg0.ipv4 }}" + private_key: "{{ vpn_key }}" + public_key: "oQH8CBofxNSOGevaz1HZlz3ZW+H3ndb/TmqM0pCiRR8=" + keepalive: true + peers: + - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" + public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" + allowed_ips: + - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}" + comment: "hindley" + diff --git a/host_vars/sulfur/networking.yml b/host_vars/sulfur/networking.yml deleted file mode 100644 index de2694d..0000000 --- a/host_vars/sulfur/networking.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -interfaces: - ens18: - type: dhcp - wg0: - ipv4: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}" - netmaskv4: "{{ intranet.netmaskv4 }}" - type: wireguard - -ipv4_forwarding: false -ipv6_forwarding: false - -lan_address: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}" diff --git a/host_vars/sulfur/secrets.yml b/host_vars/sulfur/secrets.yml new file mode 100644 index 0000000..aec2996 --- /dev/null +++ b/host_vars/sulfur/secrets.yml @@ -0,0 +1,9 @@ +$ANSIBLE_VAULT;1.1;AES256 +65636333393239393537363163356565376535366136633266643165393662306533613137396262 +3263333334636263383162623533333637303466383139660a356161616138353764326166383566 +39383038613361616663646166626335396537343466336133356135633130643532373165633233 +3437613237656666630a346263643330343336633431313264373365633439623235396236353133 +63623733363935663035393666343739643461393263393966356336346563306434623833303139 +63653036343662333062393936316138613236326332363336326561316131356239646266643936 +30366265636138366239626633363562613330623432626266386135313537643030366534613237 +65633430346337643331 diff --git a/host_vars/sulfur/users.yml b/host_vars/sulfur/users.yml deleted file mode 100644 index 067ee68..0000000 --- a/host_vars/sulfur/users.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -users: - - g33kex: sudo - - histausse: sudo - - dorian: sudo - - thomyrock: sudo - diff --git a/host_vars/sulfur/vpn.yml b/host_vars/sulfur/vpn.yml deleted file mode 100644 index beae875..0000000 --- a/host_vars/sulfur/vpn.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -vpn_interfaces: - wg0: - ip: "{{ interfaces.wg0.ipv4 }}" - private_key: "{{ vpn_vault_matrix_key }}" - public_key: "oQH8CBofxNSOGevaz1HZlz3ZW+H3ndb/TmqM0pCiRR8=" - keepalive: true - peers: - - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" - public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" - allowed_ips: - - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}" - comment: "hindley" diff --git a/host_vars/technetium/ansible.yml b/host_vars/technetium/ansible.yml deleted file mode 100644 index 2415950..0000000 --- a/host_vars/technetium/ansible.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -ansible_host: "technetium.lan" diff --git a/host_vars/technetium/main.yml b/host_vars/technetium/main.yml new file mode 100644 index 0000000..d368653 --- /dev/null +++ b/host_vars/technetium/main.yml @@ -0,0 +1,36 @@ +--- +ansible_host: technetium.lan + +## Users +users: + g33kex: sudo, video + histausse: sudo, video + +## Networking +interfaces: + eth0: + type: dhcp + wg0: + ipv4: "{{ intranet.subnets.physical.subnets.technetium.ipv4 }}" + netmaskv4: "{{ intranet.netmaskv4 }}" + type: wireguard + +ipv4_forwarding: false +ipv6_forwarding: false + +lan_address: "{{ intranet.subnets.physical.subnets.technetium.ipv4 }}" + +## VPN +vpn_interfaces: + wg0: + ip: "{{ interfaces.wg0.ipv4 }}" + private_key: "{{ vpn_key }}" + public_key: "sBk95X1alesUr7EhbJ04SfQ3HXHhnE4mm9PGYNa1xmc=" + keepalive: true + peers: + - endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}" + public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}" + allowed_ips: + - "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}" + comment: "hindley" + diff --git a/host_vars/technetium/secrets.yml b/host_vars/technetium/secrets.yml new file mode 100644 index 0000000..bbe3d86 --- /dev/null +++ b/host_vars/technetium/secrets.yml @@ -0,0 +1,8 @@ +$ANSIBLE_VAULT;1.1;AES256 +66656663643539653865323364386464393932303834303832313463636662643161396533656534 +3330346432353736323266653063303538306232356133650a373134623933666137636538343832 +65323430353263623234616336396530613038333530333433383966653739336439643431363065 +6363313939623162340a626635633335333631306332386535393861653462383765376464613230 +63313033613462393331313431616138306430316634373334656537323431336633663833636132 +33323365316533373462323361383561623535326336643232633631316438316362653166616462 +333165626564653538333033393233303435 diff --git a/host_vars/technetium/users.yml b/host_vars/technetium/users.yml deleted file mode 100644 index 7812302..0000000 --- a/host_vars/technetium/users.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -users: - histausse: sudo, video - g33kex: sudo, video diff --git a/hosts b/hosts index 224681d..bc7c3af 100644 --- a/hosts +++ b/hosts @@ -36,11 +36,12 @@ hindley [vpn] hindley sulfur +technetium -[apt_proxies] +[apt_proxy] hindley -[prometheus_servers] +[prometheus] hindley [matrix] @@ -52,8 +53,3 @@ vanadium [backup] barium -[no_user] -sulfur - -[tests] -technetium diff --git a/roles/base_config/files/update-motd.d/01-logo b/roles/base/files/update-motd.d/01-logo similarity index 100% rename from roles/base_config/files/update-motd.d/01-logo rename to roles/base/files/update-motd.d/01-logo diff --git a/roles/base_config/tasks/main.yml b/roles/base/tasks/main.yml similarity index 88% rename from roles/base_config/tasks/main.yml rename to roles/base/tasks/main.yml index 6338f03..5f9acb5 100644 --- a/roles/base_config/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -19,9 +19,6 @@ - acl state: latest update_cache: true - register: apt_result - retries: 3 - until: apt_result is succeeded - name: Customize motd copy: diff --git a/roles/base_totp/tasks/main.yml b/roles/base_totp/tasks/main.yml deleted file mode 100644 index f3596ce..0000000 --- a/roles/base_totp/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -- name: Install the PAM lib - apt: - name: - - libpam-oath - state: latest - update_cache: true - register: apt_result - retries: 3 - until: apt_result is succeeded - -- name: Add the totp secret for users - lineinfile: - path: /etc/users.oath - regexp: "{{ item.name }}" - line: "HOTP/T{{ totp_periode }}/{{ totp_digits }} {{ users.key }} - {{ users_dict[users.key].totp }}" - create: true - group: root - owner: root - mode: '600' - loop: "{{ users | dict2items }}" - no_log: true diff --git a/roles/cloudinit/tasks/main.yml b/roles/cloudinit/tasks/main.yml new file mode 100644 index 0000000..d59b580 --- /dev/null +++ b/roles/cloudinit/tasks/main.yml @@ -0,0 +1,14 @@ +--- +- name: Remove cloudinit sudoers file + file: + path: "/etc/sudoers.d/90-cloud-init-users" + state: absent +- name: Disable cloudinit + file: + path: "/etc/cloud/cloud-init.disabled" + owner: root + group: root + mode: "0644" + state: touch + modification_time: preserve + access_time: preserve diff --git a/roles/networking/tasks/main.yml b/roles/networking/tasks/main.yml index 7ee6fd9..2b40de1 100644 --- a/roles/networking/tasks/main.yml +++ b/roles/networking/tasks/main.yml @@ -6,9 +6,6 @@ - ifupdown2 state: latest update_cache: true - register: apt_result - retries: 3 - until: apt_result is succeeded when: ansible_facts["lsb"]["id"] == "Debian" - name: Install bridge-utils @@ -17,40 +14,23 @@ - bridge-utils state: latest update_cache: true - register: apt_result - retries: 3 - until: apt_result is succeeded when: (ansible_facts["lsb"]["id"] == "Debian") and (lookup('dict', interfaces, wantlist=True) | selectattr('value.bridge', 'defined') | selectattr('value.bridge') | list) - name: Enable ipv4 forwarding ansible.posix.sysctl: name: net.ipv4.ip_forward - value: '1' + value: "'{{ ipv4_forwarding | int }}'" sysctl_set: true when: ipv4_forwarding - name: Enable ipv6 forwarding ansible.posix.sysctl: name: net.ipv6.conf.all.forwarding - value: '1' + value: "'{{ ipv6_forwarding | int }}'" sysctl_set: true when: ipv6_forwarding -- name: Disable ipv4 forwarding - ansible.posix.sysctl: - name: net.ipv4.ip_forward - value: '0' - sysctl_set: true - when: not ipv4_forwarding - -- name: Disable ipv6 forwarding - ansible.posix.sysctl: - name: net.ipv6.conf.all.forwarding - value: '0' - sysctl_set: true - when: not ipv6_forwarding - - name: Create interface config files ansible.builtin.template: src: "debian_interfaces.j2" diff --git a/roles/ssh_totp/handlers/main.yml b/roles/ssh/handlers/main.yml similarity index 65% rename from roles/ssh_totp/handlers/main.yml rename to roles/ssh/handlers/main.yml index 8500e47..a4838a3 100644 --- a/roles/ssh_totp/handlers/main.yml +++ b/roles/ssh/handlers/main.yml @@ -1,5 +1,4 @@ ---- -- name: Reload sshd +- name: reload_sshd systemd: name: sshd state: reloaded diff --git a/roles/ssh/tasks/main.yml b/roles/ssh/tasks/main.yml new file mode 100644 index 0000000..03c881d --- /dev/null +++ b/roles/ssh/tasks/main.yml @@ -0,0 +1,8 @@ +- name: sshd_config + ansible.builtin.template: + src: sshd_config.j2 + dest: /etc/ssh/sshd_config + owner: root + group: root + mode: 0644 + notify: reload_sshd diff --git a/roles/ssh/templates/sshd_config.j2 b/roles/ssh/templates/sshd_config.j2 new file mode 100644 index 0000000..6ea7af0 --- /dev/null +++ b/roles/ssh/templates/sshd_config.j2 @@ -0,0 +1,13 @@ +{{ ansible_managed | comment }} +{% if ansible_os_family == "Ubuntu" %} +Include /etc/ssh/sshd_config.d/*.conf + +{% endif %} +AuthorizedKeysFile /etc/ssh/authorized_keys/%u +PermitRootLogin no +PasswordAuthentication no +ChallengeResponseAuthentication no +UsePAM yes +AcceptEnv LANG LC_* +Subsystem sftp /usr/lib/openssh/sftp-server +PrintMotd yes diff --git a/roles/ssh_totp/meta/main.yml b/roles/ssh_totp/meta/main.yml deleted file mode 100644 index 608d56d..0000000 --- a/roles/ssh_totp/meta/main.yml +++ /dev/null @@ -1,2 +0,0 @@ -dependencies: - - role: base_totp diff --git a/roles/ssh_totp/tasks/main.yml b/roles/ssh_totp/tasks/main.yml deleted file mode 100644 index f313398..0000000 --- a/roles/ssh_totp/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- name: Eddit pam config for ssh - lineinfile: - path: /etc/pam.d/sshd - regexp: 'pam_oath.so' - line: "auth required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}" - insertafter: "^# PAM configuration for the Secure Shell service" - -- name: Set ChallengeResponseAuthentication in sshd conf - lineinfile: - path: /etc/ssh/sshd_config - regexp: '^#?ChallengeResponseAuthentication' - line: 'ChallengeResponseAuthentication yes' - notify: Reload sshd - -- name: Set UsePAM in sshd conf - lineinfile: - path: /etc/ssh/sshd_config - regexp: '^#?UsePAM' - line: 'UsePAM yes' - notify: Reload sshd - - - - diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index 4453b11..0867a44 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -15,5 +15,6 @@ key: "{{ user_dict[item.key].ssh_keys | join('\n') }}" user: "{{ item.key }}" exclusive: no + path: "/etc/ssh/authorized_keys/{{ item.key }}" state: present loop: "{{ users | dict2items }}" diff --git a/roles/vpn/handlers/main.yml b/roles/vpn/handlers/main.yml index dc9f10c..4cfc2f1 100644 --- a/roles/vpn/handlers/main.yml +++ b/roles/vpn/handlers/main.yml @@ -4,5 +4,5 @@ name: "wg-quick@{{ item.key }}" state: restarted loop: - - "{{ lookup('dict', vpn_interfaces) }}" + - "{{ vpn_interfaces | dict2items }}" no_log: true diff --git a/roles/vpn/tasks/main.yml b/roles/vpn/tasks/main.yml index 30c947b..a7fb461 100644 --- a/roles/vpn/tasks/main.yml +++ b/roles/vpn/tasks/main.yml @@ -3,7 +3,7 @@ apt_repository: repo: deb http://deb.debian.org/debian buster-backports main state: present - when: ('debian_buster' in group_names) or ('proxmox_buster' in group_names) + when: ansible_facts["lsb"]["codename"] == "buster" - name: Install wireguard dependencies for proxmox apt: @@ -12,10 +12,7 @@ - wireguard-dkms # May need a `dkms autoinstall` and reboot ? state: latest update_cache: true - register: apt_result - retries: 3 - until: apt_result is succeeded - when: ('proxmox_buster' in group_names) + when: ('proxmox' in group_names) - name: Install wireguard apt: @@ -23,9 +20,6 @@ - wireguard state: latest update_cache: true - register: apt_result - retries: 3 - until: apt_result is succeeded - name: Create wireguard config files ansible.builtin.template: @@ -35,15 +29,13 @@ group: root mode: '600' notify: Restart wireguard for interface - loop: - - "{{ lookup('dict', vpn_interfaces) }}" - no_log: true + loop: "{{ vpn_interfaces | dict2items }}" + no_log: "{{ enable_no_log | default('true') }}" - name: Enable interface systemd: name: "wg-quick@{{ item.key }}" state: started enabled: yes - loop: - - "{{ lookup('dict', vpn_interfaces) }}" - no_log: true + loop: "{{ vpn_interfaces | dict2items }}" + no_log: "{{ disable_no_log | not | default('true') }}"