remade base playbook and roles

This commit is contained in:
Virgile Retault 2022-07-21 15:19:24 +02:00
parent d331e4d0e9
commit 6a4870a9cc
31 changed files with 304 additions and 289 deletions

View file

@ -1,5 +1,11 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: apt_proxies - hosts: apt_proxy
roles: roles:
- apt_cacher_ng - apt_cacher_ng
- import_playbook: vpn.yml
- hosts: vpn
roles:
- client_apt_proxy

View file

@ -1,18 +1,18 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: vpn
roles:
- vpn
- client_apt_proxy
- hosts: server - hosts: server
roles: roles:
- networking - networking
- base_config - base
- prometheus-node-exporter
- hosts: server
roles:
- users - users
- ssh_totp - ssh
tasks:
- name: Check if host is using cloud init
stat:
path: /etc/cloud
register: cloudinit_folder
- include_role:
name: cloudinit
when: cloudinit_folder.stat.exists

View file

@ -1,12 +1,12 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: prometheus_servers - hosts: prometheus
roles: roles:
- prometheus - prometheus
- prometheus-alert-manager - prometheus-alert-manager
- grafana - grafana
- prometheus-blackbox-exporter - prometheus-blackbox-exporter
- hosts: all, !tests, - hosts: server
roles: roles:
- prometheus-node-exporter - prometheus-node-exporter

View file

@ -1,6 +1,5 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
--- ---
- hosts: vpn, !tests - hosts: vpn
roles: roles:
- vpn - vpn
- networking

View file

@ -28,6 +28,11 @@ intranet:
ipv4: 172.20.1.5 ipv4: 172.20.1.5
netmaskv4: 32 netmaskv4: 32
comment: Matrix server comment: Matrix server
technetium:
domaine: technetium
ipv4: 172.20.1.99
netmaskv4: 32
comment: Test VM
guest_hellman: guest_hellman:
domaine: hllm domaine: hllm
ipv4: 172.20.198.0 ipv4: 172.20.198.0

View file

@ -0,0 +1,9 @@
---
user_dict:
lorem:
shell: "/bin/bash",
password_hash: "$6$lvbzekjvbzejbvzvzvbzvbzhvbzbv....aezrfv/", # the string betwenn the first and second `:` in /etc/shadow
ssh_keys:
- "ssh-rsa azrekgnbmoienbzrinoien...aoeuzn lorem@host1",
- "ssh-ed25519 azrekgnbmoienbzrinoien...aoeuzn lorem@host2",
totp: "daeae8ce486f6636d68c37c21ce002" # the hex value

View file

@ -1,135 +1,130 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
32663331653233353731353139666138323138373161633338653030366131353635333031343366 33616537616365396333336638636535353264303632353932306133323533356566666238323764
6262363661383266393163333436643265336430633665330a646636616530626237306236393063 3662623730313661316266313535393332616534336565320a323864623561306530613934313961
34383165613330663935623565326430626561303961366464663739393465633735303634653865 36336665636437336135323163643430386261633062626434376636666561656632393537306561
3731393330383366620a316139346166616335343564353431613938363266343962663831613034 6363333965656334350a323935656335343863353838633666383331626237323135303264336630
30626561316663336239613230386663316266393638643761336432383566623066343838323133 30326563626661636437616533663966373434303930356464373835613162313635613038333437
31613765623162636462303638363930636433303331666434303764386337663162643537663361 32353333343664663665313865303163616264373432336633376138643432373931306532383232
39373337376635306132386538323939646239633461633733666132343430643235313633386464 34363764383738386336336631313262626661663463666330633361346436396564303436396139
39346238333836353238396466336330343862393733306333363265366363303136343932623736 62613731616339386239383762356438646333613538363130353065383437376633363238306531
36666337363165343239636262336363613236396162303061343331313839353731616162666561 37633161326139386533386334633731383039663661633631373961656438653930643038303039
61333235306237613161653632616332383332376365373733326335333739316563316439633361 32373861313662393963623963616163323534386339383734303364663036333565353663616138
65393366346134366137663263616165613063333166636532393734393963613033313363353163 37396332616464313966353835623839633264326231663030363039643465393630613466363562
32333832353931613738353530396637613534393839336338336231356632616239303662623339 33653761373734343336643035616233386464336266633438316138303939636663376532633062
61373836383538346565363963623662616530316634346564643730383032656130626636333135 64303839613062343765663162353938333764386233346463653961373562663631623732313065
36383631663766616131373537376435326461316536373337646136623664373365643732383630 61666562616237386631356165393439323533336363373636373166343562373932353935383963
63313563666466316535663531613265313933343664303439653336323935373832326632333961 31663630636238613335616335346430313862616462333134336537383037663237623539346462
38363366396136636231383136323934396532313233353538313831616231383637633665623261 36663932623437333138613663636132316533383939623530386630353230666435343332316561
39336162636561363438323636616363373939306332376433303934396531666534333431313965 34323732653565333565623930383265303934313562353835303064623166656637383035616635
63376665323537613263353531646135633861663364336564363131383633623065383938363665 34343633666432663562363564303636303036643961666236366565373966663162333735636337
38353338323732306463333138623966666563323263363534363664666532323038393463636635 61323337636136626261323065353432643939353735643136653236376235356366333466316531
33323434363733393739363562626237393031336461313338643562383334656230346132666532 37393238393262633433616434326535306237666232666664386361303735373861643539663539
66326362613263303262343837623835323161373163643438313937316530633230646132626264 38346637653332623033393663366331336238666337643762666530663761303966383364343031
38643536353764313661383430383962326131346338643632633161663262333232623662316365 66316639353666323334396334333831366436383466633033363839363632623033363865376530
30316236346338303331313266386266663239303963363761393766386430383338343163616137 36373933333265613462353532373032666561613332333539363864376132336266626638653766
36616536336165653936333463343737323961356135626563383161373431613362633564653863 37393562356362353339366234613035393934663661393964346339633137636232623363633131
36393963663766383533376335373165343465316261356536336333643665393065333433386261 39323034663834636332383330636466316630303136363330363162383132633365636433383131
62613534353934633830623762376436633661383666316635386436616533633561353032303261 65313533643264613735336333393463303533366139343364313065336436336630336439383733
66376536353333623832303365386265336264366439386261333064643062303035613936306261 63666663653635373461336438353161326666613632613733383530626430376631333563636164
37313932336331326265666163356333373163363161336665386338643864656232643332373363 36333762346439393665626333393066646237316466643563373838656235323132326534623335
34366337323232346361623839623631393730363961353530396162343666313233313132636630 33303161633638386334363465663164626165383763306436636362346135613238313262343636
31323231316463306663623039623165653465313232363532316564326639653161323264623837 65623461313863666462333235636436366237643561323661323332306130363036613861376561
66373165656535353933656365626462373566336663363335653232393233613132316236373233 32356236306161343831613966396236313638313938653831353863316465346635346161616131
65653135623235616430316330386666333031646565646461386335343164336334393237656262 31323335636532353234396665643033366334376131343962316136373737626136373561373065
63636232613237363061393633663762376166393364663731376261323434383862303935363565 30633930346465363832633335613761353039386666633561396637306265383734396630656166
37643136613339313366356165623631376131356232646438373135343539313463383362636633 63613931653235613537333431373666303339333666366236626235393737653132633833353637
34386261333866646562643335343636663563346263383462353235623738383065353137373266 35623566356635623331376631393233346663666466616366386464323462313130666264326565
34366664366434346563383933656333343266613434613035396465316630326261313737623464 36633664306236666432623430643935363735303936646165306534383764336133336333366531
65316631363361626564393763323063326537636333303566316236353763393838356237376135 62333965383336383365613766356264343431626535613037386266373536363763666462386437
65646433303139393263383136346361383136356331633832643233333262333033316535393433 66653962313830316166653032336162636166313532323139306562316238656461643733636133
34373233343235323061393538346135306133366335303764336262613133376637633436376637 34666561396261313733323961313563643362336635343937303663646436323064313239643533
36396366616231336161396232316535323963353131366138636264303737363137353538653136 64643161386532366331623835623838633739613337376362333936613063623034326336623662
38323030626139363638646165623438626338306435356361353731643337366161386561613464 31316438643834353061613765383336643062386464336336396330373564613436323166623836
37626132613238626237666337616336653639356331363166613431363636626365623664353736 62353663343533653362396637386538306333326365336336316130353863356264626536303734
38323836373563386137643362386465343064363030633963623864616335636630353936366662 65316166656637643266636664633838636636346133356264343036383839666632626662353366
31353263326533313562306530376232303933396239303739326238343736333732356666633034 62646133356633353538376664353364616237653739346365663632613230346235656431376638
39643038656137356161373031626131346435396262356238643937653164356566633434623362 38383835373833376536356537393032346132396661326330393532663630393832616362666466
62336431366266623164616462366137343564636431383930346530663039356563343163393365 38353366316631366335366139313935666366383534383731636464303434373831313833323139
63633335303036356130623062616433643138626466383761333731306239353565636336626166 66633764383338636134303830343731666465396665346430643061383031393034313564653261
65333431656634666163376661343538303563646438666333396636303331356434356132636235 35393762656266613463643766656134323465373464313034353363363138636433653361346263
30353938663634383537376232653261363932613135663734306536663733613862356639613466 66363762393362306632346338316662396331306661663037663939353363383434393937643962
34326630326362373830383263306132313763616265646235353562373430376630666432353136 65353030363036363532366538316531316266313137363439386439353361646564653035626533
36633034653761373636626139353837643130326162316564626165383232663830633662373562 62346433653439646236333031343239323935353930623238306131633039383233623637666566
30633565393235373261663962396535666430343133626261323063353137386431353330316134 32376639383437643434653432636663643635386637303864656635303734306363666661643965
33336637363862646366633362653066373234656131626132643661333532633535363332363966 63363234363332386633363264333639343866303935303332643465653039343635343961653533
30633761306539346432656131376463633631323630663762613832613332653762353865306137 32363030353731663334376638333832346464663365343939303434326239306632326638373439
31663465633462636663333735666137326166656135653036633830663463623466336134303032 63396539393933323463626130653630376330356561373336313764373731356462343766323762
64663036646238326237353336633365643238653938363039376337616139306132663939353036 65653134363637383535326232333337636438366231653961346166333637376131643662626266
64663166343939333361626136313434633639376566663865613339663331386530356663303038 63356639313263646136616462366234386465333335313266333763333766313866393439393031
33343235383434346532343762353661336136383034653030656631333332313639336239323838 35306564376432393436656663646265633861396536366236353663643864386134666438646537
65376231666338333331663432326539663334663136313162306666663564353738303639646335 31663635366231373139323338643036313631613635313237633030386231613931623036343661
38333431323839333135643966383861383065333930666433653663636134636236666430363063 30363834646265343363333333333230383265366561363765326337306666373333313563393962
65373639343432333762666138376461323562316261663961356530613733376463386538663830 37366637303631376338636265336566386438323061303034666638643335356138336365666463
37333762613866363939646662626239353765306266616236643037373865316461326437303039 32323136363834336437643263376262313730326264613438623230343830636439396137346633
37653431323864303431316337363739656235386534383533386635343930646130383839333139 30663563653035346461616632656161303534613137386532653339333963396133353739386332
39666165333363653939646236653135653163643364666135323439346266353738653065323063 61323234376564333032363739313934356165353261313538636130373735306563656134626539
30656265333136353436643062623738306531376435626463356337313764366665373939343033 39353932656463326534323731643865663732383938353865663232393365356364626534306164
65396635323638316662333537613865336532613932636262643634643232316438356135626432 30316663343234323832353465333631633965373932393462316664356365313139323439373364
30636138383366373338313166366161626563633736343663343132653035646131393530653233 65623466653061376166313066363763386536363134666633613533393166663563393364343631
64303762363865616536306365333832303563656664653164346462666262646365643435646639 38643739353438356433626236356135623364616261663563393439656233356264613037316331
31383230373135366236373634396531393638373830653565376535656364626361383834616465 39616534633266336139633736643333623666636666643839323833643133623861373232323939
34666536303230303638356530346635326239326237373730343138333137623162343566633466 64656436353561626461366461663366306663616362333161663032333738623834616363386266
31363166643566623866383637633864326662613131326339323236633662396665613864323434 34346164393039363230643532623637653963376262326135623338373430383731313133346333
62303866323537663264663732303562306562316632346361373433376364623566356232613435 35303739353465383766663061306439383861376430623563396465353230653937336262313834
64316261646432663039393062613166323264333433323633353532306332343662616166366533 63383435623062663235623966306630343832646361373630313732613934653064346531393037
30613737303331356462646337653236643935353638363837313661343233613839373264346530 32346364383463363739633566616237333066623862356238383261373361316164303332343461
37326536633561646436643832303861313366303562393230653733353862333734336561323266 33376638396130363032633734353538343261393335343232353765666535303432633563373438
61303230613066643636313230303232343436323135363765633232643863326235653766623365 64396665363162626633393366623239373231663131353038383637353435333764613565633466
31353132663030346361626632336539666263336661376433663039633134623065373635363561 61636530356163303737653131633130643231346465613966643131616339336531376336643337
37613138316336613738633639386635396462393336336534616533303165623837393639636364 63393762353938323232373636346232343761373830363639613763633835343766356434623435
34326163333461346566356361623632373361613163663065643065366236623664633430366430 31626337386466623537376633326438353235396262636432393733623430353237396336303965
38376539653235666535383434316466333165313339343063356362363038656137346231366330 39323333663862363033393732643139383036613939656134306665333039633864653034343635
39623230643831393334393338656664343765623034346465666633653731623762383634656666 66393962353638303964666564393732396434306638366531316366333933323565333164626164
37396632343532396139386565303865393034333266363230396433383466346661623639376166 62646561346661333338663136643732333432666366633839303939386264646330663764356661
66636536656539316239323461663061316166303335633961343836633262353833313736666637 30343236333837363736366263396334333437363962653761313039646663316338663030386339
31386634373934326532376631336430316663613062336332643562323565363936633530663231 34343963616366316432313264653636353366623364653761356566363964396262366464396165
31643630616338663431633038373035393636643464623333663831353962383439666633386564 66393035653937656334653737326463373039373562386139323937303633626630376337636437
33353231363630353833373964663433623165613662343032616564396233346632356166316466 64643539623239323730386336306238663931393061636434343766313935636465623766613266
30666631373235396336363934386438323166626332313030643230373362633238333361323732 63306461653430346135633461633130666232373565336136306561353165333237316263306431
64626464303561666230313365366636346366376435333833633764376562343839646539353261 32343439666462346565393138653663393634303164656636616131303466363732353932336436
32646630326530396438353435306336303963666333626339396133303666383730376362643735 61343732386533643231383861623066383066383031363731306661393830646564366338333365
35346161333062326535336232386134613434356234663665383964373935373137336639646130 61396537313163323166373736623339616162623937396565363633623361613863643336613134
35383564313133393931376164316632356635323463393762353038373234393539363565303862 39373734623030663632386633656438326366346333643434303439313532636132313161393037
36313731316537363932663337336138633230643965353335356233326434626665333061353233 65373764376538363365323432643230376366663733316235613534393432613038343763666230
61383861326639363531383033623935363537396332393361633837626638303963336633323430 32356630343835313532356434663436613431666562306138623830373938653061353630313532
33653834633866353431396438346231656333643136633861333834336639613137326564356262 39356661353966626231636631336362373531353238623737323935623738653333376139613434
65376238373631626339366661343563663233336231303965633336393539393162663230626634 64353035666332343361666563636535623934303535633636333666396165396637663866613534
32346433373934383264356661383032393138343436343039343566643164393933643239363834 34623966303639646339333565363364353937653830393663383162313562623431336434393364
30343739326463363633306461363062313532393261323134646536303336643563353063313538 65633030623939393264613736336265366564383138326538646635323764306165333165363962
38383466653161396466643336663732343932383839623135366532363566353138633161333463 33383433663638323562366162396534333961353635323033633666386363646135386138613438
39303461396235366365656166326632636235306131356538386263313262626463613735346338 31353463366539653530643464396666333735376465386331396336356635383064633132383763
63303535653964356632386135333033306561383962633538363462353061343962373438316265 39366233623337643764343439653632326564343635323064326366396362336566393863363765
39386263636133666636393064343831636236646162306636633836363737323930336435396138 31313165353565366663383466386330396166363065396661326137653737643462656363306131
33366535613931626230633136613864383336356661633565333362363436343838376330366333 33343939393534656238376531303039616265323465353334643531663263366332623934633763
30363332373831393364333237626134366533333533363130643662316366343238633464666436 63353638323538653163373263383539613733623661366233393265646131386232333766613362
62346534616330623333626138616330323631633763656330353738616263626233386337323963 33636138636434383539616238613866383338333534393263656439396263366365303032633035
32303565313465303464343366376334353533396264663561346438626266376463306635333831 62623635636137316536333630373865643036353664616438663535663765313339323461653435
66613861653965653434376633363034336462316635386332653063356637343531316439653030 61303461663562616632373061613031333332356330303035636231303864306464306138656538
32313734303762613563393762653661303735653364326131656236613230656635636630376537 63633566636636633738646266343733616639303138363336326565663232383230376533613964
30613730363761383438383262626432396631393832346262333266346537336436653862366663 38303230636333356236386538326631333561316332396366313337303839396337396639636432
38656138336236333939623333326234656166326163643165646631313230633263613732363533 64626661383037356537323866613039633637376331386438663236383937616631343731643733
36643665386366363637376138343339646435373062313563316433306232363266386236663931 31616132383437623663623230383661373034393735323937363332336331366364336335376636
62623433646239636263643039646462633936653331303032326335336231323561326534643932 31393866383332363762626136613663626630656534373764363733623763336132336135366533
62333865646565326338386339336264613036313631633431343561303936623733363163386630 63636133656133346661393764343564653035363834613730626139313736346161633330656134
33353738316438376539643234303433313137303063326264313135626231363731666535313363 64373031616664366566396637363465333636366237363130663334643131373262383162653334
34353231363864313365653162303631613362623562336663356664636437653137383635333263 62663162613634666535346630343134666131376362636262633862373833356263656535386431
65373331653065303932306133306636623265373939346431363633633538626666306431386463 37316461373731656236613463646639383966336336346637613562653538396161393662363636
38663137386166633166343930663663663165316261656631613734643838663237333034306461 31626332376238323061646530653838616433333934616639316430393065373165393766646132
37383838336338633965626231393839626664656536323938616164656666346665333432616437 39613462363331356239616365393132373866396330656430376633356131316138333230633536
32336333343266653561396232393639336365616237626465343333326332653732363733353031 37333761653763333139303566633966616337356637623330396334333931303232346239303164
33633965333639393531383231373334393332373038393666626231613862666162346431626132 66323865643131383830623232313766373834393733653162623761643431316239663037336336
35336233313266613933383266323765303538396535343461393832646238343335323433663734 36353365346466363166666366326635366632323836393265353530336132326239343138313662
30376136376537333535643132633866643232363133653934363733323035366665663338633464 39393064363034646562643163313735363833623733303666643434326436623465636664646339
62303234323238613531323237366636656336343165646436646366323235393537663539623765 62343932316631623862336437386139386165623635653164363662633239616633383363623462
62346264613236636463313565366562393238313537313962666466393939363863393633323532 33663565356134383135376263653437393530346634663163383364636664393431306337646338
64643935366630346135646232663161323033376138633633316265353138303834313034616233 34383735623839396162373737343163363266343866626330373236666665396432303531366230
34366336643832383139313865626237353461336637346135613334326638653361326163646536 39336337363239646165666639383965396662666533386637633533643835363338343065346631
34316362616230376462636134366663616437316333323064326461363338373565396231306362 33343933643664353937393366383465366563363531386134313338393938666430353938303339
32623261333764336264653762393730323465653563613534343431363965386663396162663364 36363535363938373732646233663837363232663938333265343031313735363332653237333235
35646164323236653934633039373236363565653030396265663439326637653734643963393830 39663534373564653230353632396464623434623931353663343063316230616330323039356135
62346137653137663265353531333161616238303839643638643531646332343365373639396232 31343033653439366232376464613834363036636161366662363939333466383235
31323030323833653164636461323733616466636662366663323138346232643837386331643636
39663432613064343732393732643138663263613662373139396130616534653466376631373165
32623838653365303331386633633962613536623334393536616465323734336266613936663435
64626438396365396536616665313131646131326435356463356431616339343939653561346261
6366396261353230613565393938323965613832313865623132

View file

@ -1,2 +0,0 @@
---
ansible_host: sulfur.lan

38
host_vars/sulfur/main.yml Normal file
View file

@ -0,0 +1,38 @@
---
ansible_host: sulfur.lan
## Users
users:
g33kex: sudo
histausse: sudo
dorian: sudo
thomyrock: sudo
## Networking
interfaces:
ens18:
type: dhcp
wg0:
ipv4: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
type: wireguard
ipv4_forwarding: false
ipv6_forwarding: false
lan_address: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
## VPN
vpn_interfaces:
wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_key }}"
public_key: "oQH8CBofxNSOGevaz1HZlz3ZW+H3ndb/TmqM0pCiRR8="
keepalive: true
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -1,13 +0,0 @@
---
interfaces:
ens18:
type: dhcp
wg0:
ipv4: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
type: wireguard
ipv4_forwarding: false
ipv6_forwarding: false
lan_address: "{{ intranet.subnets.physical.subnets.matrix.ipv4 }}"

View file

@ -0,0 +1,9 @@
$ANSIBLE_VAULT;1.1;AES256
65636333393239393537363163356565376535366136633266643165393662306533613137396262
3263333334636263383162623533333637303466383139660a356161616138353764326166383566
39383038613361616663646166626335396537343466336133356135633130643532373165633233
3437613237656666630a346263643330343336633431313264373365633439623235396236353133
63623733363935663035393666343739643461393263393966356336346563306434623833303139
63653036343662333062393936316138613236326332363336326561316131356239646266643936
30366265636138366239626633363562613330623432626266386135313537643030366534613237
65633430346337643331

View file

@ -1,7 +0,0 @@
---
users:
- g33kex: sudo
- histausse: sudo
- dorian: sudo
- thomyrock: sudo

View file

@ -1,13 +0,0 @@
---
vpn_interfaces:
wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_vault_matrix_key }}"
public_key: "oQH8CBofxNSOGevaz1HZlz3ZW+H3ndb/TmqM0pCiRR8="
keepalive: true
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -1,2 +0,0 @@
---
ansible_host: "technetium.lan"

View file

@ -0,0 +1,36 @@
---
ansible_host: technetium.lan
## Users
users:
g33kex: sudo, video
histausse: sudo, video
## Networking
interfaces:
eth0:
type: dhcp
wg0:
ipv4: "{{ intranet.subnets.physical.subnets.technetium.ipv4 }}"
netmaskv4: "{{ intranet.netmaskv4 }}"
type: wireguard
ipv4_forwarding: false
ipv6_forwarding: false
lan_address: "{{ intranet.subnets.physical.subnets.technetium.ipv4 }}"
## VPN
vpn_interfaces:
wg0:
ip: "{{ interfaces.wg0.ipv4 }}"
private_key: "{{ vpn_key }}"
public_key: "sBk95X1alesUr7EhbJ04SfQ3HXHhnE4mm9PGYNa1xmc="
keepalive: true
peers:
- endpoint: "{{ hostvars['hindley'].interfaces.enp2s0.ipv4 }}"
public_key: "{{ hostvars['hindley'].vpn_interfaces.wg0.public_key }}"
allowed_ips:
- "{{ hostvars['hindley'].vpn_interfaces.wg0.ip }}/{{ interfaces.wg0.netmaskv4 }}"
comment: "hindley"

View file

@ -0,0 +1,8 @@
$ANSIBLE_VAULT;1.1;AES256
66656663643539653865323364386464393932303834303832313463636662643161396533656534
3330346432353736323266653063303538306232356133650a373134623933666137636538343832
65323430353263623234616336396530613038333530333433383966653739336439643431363065
6363313939623162340a626635633335333631306332386535393861653462383765376464613230
63313033613462393331313431616138306430316634373334656537323431336633663833636132
33323365316533373462323361383561623535326336643232633631316438316362653166616462
333165626564653538333033393233303435

View file

@ -1,4 +0,0 @@
---
users:
histausse: sudo, video
g33kex: sudo, video

10
hosts
View file

@ -36,11 +36,12 @@ hindley
[vpn] [vpn]
hindley hindley
sulfur sulfur
technetium
[apt_proxies] [apt_proxy]
hindley hindley
[prometheus_servers] [prometheus]
hindley hindley
[matrix] [matrix]
@ -52,8 +53,3 @@ vanadium
[backup] [backup]
barium barium
[no_user]
sulfur
[tests]
technetium

View file

@ -19,9 +19,6 @@
- acl - acl
state: latest state: latest
update_cache: true update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Customize motd - name: Customize motd
copy: copy:

View file

@ -1,22 +0,0 @@
---
- name: Install the PAM lib
apt:
name:
- libpam-oath
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Add the totp secret for users
lineinfile:
path: /etc/users.oath
regexp: "{{ item.name }}"
line: "HOTP/T{{ totp_periode }}/{{ totp_digits }} {{ users.key }} - {{ users_dict[users.key].totp }}"
create: true
group: root
owner: root
mode: '600'
loop: "{{ users | dict2items }}"
no_log: true

View file

@ -0,0 +1,14 @@
---
- name: Remove cloudinit sudoers file
file:
path: "/etc/sudoers.d/90-cloud-init-users"
state: absent
- name: Disable cloudinit
file:
path: "/etc/cloud/cloud-init.disabled"
owner: root
group: root
mode: "0644"
state: touch
modification_time: preserve
access_time: preserve

View file

@ -6,9 +6,6 @@
- ifupdown2 - ifupdown2
state: latest state: latest
update_cache: true update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
when: ansible_facts["lsb"]["id"] == "Debian" when: ansible_facts["lsb"]["id"] == "Debian"
- name: Install bridge-utils - name: Install bridge-utils
@ -17,40 +14,23 @@
- bridge-utils - bridge-utils
state: latest state: latest
update_cache: true update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
when: (ansible_facts["lsb"]["id"] == "Debian") and when: (ansible_facts["lsb"]["id"] == "Debian") and
(lookup('dict', interfaces, wantlist=True) | selectattr('value.bridge', 'defined') | selectattr('value.bridge') | list) (lookup('dict', interfaces, wantlist=True) | selectattr('value.bridge', 'defined') | selectattr('value.bridge') | list)
- name: Enable ipv4 forwarding - name: Enable ipv4 forwarding
ansible.posix.sysctl: ansible.posix.sysctl:
name: net.ipv4.ip_forward name: net.ipv4.ip_forward
value: '1' value: "'{{ ipv4_forwarding | int }}'"
sysctl_set: true sysctl_set: true
when: ipv4_forwarding when: ipv4_forwarding
- name: Enable ipv6 forwarding - name: Enable ipv6 forwarding
ansible.posix.sysctl: ansible.posix.sysctl:
name: net.ipv6.conf.all.forwarding name: net.ipv6.conf.all.forwarding
value: '1' value: "'{{ ipv6_forwarding | int }}'"
sysctl_set: true sysctl_set: true
when: ipv6_forwarding when: ipv6_forwarding
- name: Disable ipv4 forwarding
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: '0'
sysctl_set: true
when: not ipv4_forwarding
- name: Disable ipv6 forwarding
ansible.posix.sysctl:
name: net.ipv6.conf.all.forwarding
value: '0'
sysctl_set: true
when: not ipv6_forwarding
- name: Create interface config files - name: Create interface config files
ansible.builtin.template: ansible.builtin.template:
src: "debian_interfaces.j2" src: "debian_interfaces.j2"

View file

@ -1,5 +1,4 @@
--- - name: reload_sshd
- name: Reload sshd
systemd: systemd:
name: sshd name: sshd
state: reloaded state: reloaded

8
roles/ssh/tasks/main.yml Normal file
View file

@ -0,0 +1,8 @@
- name: sshd_config
ansible.builtin.template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
owner: root
group: root
mode: 0644
notify: reload_sshd

View file

@ -0,0 +1,13 @@
{{ ansible_managed | comment }}
{% if ansible_os_family == "Ubuntu" %}
Include /etc/ssh/sshd_config.d/*.conf
{% endif %}
AuthorizedKeysFile /etc/ssh/authorized_keys/%u
PermitRootLogin no
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
PrintMotd yes

View file

@ -1,2 +0,0 @@
dependencies:
- role: base_totp

View file

@ -1,25 +0,0 @@
---
- name: Eddit pam config for ssh
lineinfile:
path: /etc/pam.d/sshd
regexp: 'pam_oath.so'
line: "auth required pam_oath.so usersfile=/etc/users.oath window={{totp_periode}} digits={{totp_digits}}"
insertafter: "^# PAM configuration for the Secure Shell service"
- name: Set ChallengeResponseAuthentication in sshd conf
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?ChallengeResponseAuthentication'
line: 'ChallengeResponseAuthentication yes'
notify: Reload sshd
- name: Set UsePAM in sshd conf
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^#?UsePAM'
line: 'UsePAM yes'
notify: Reload sshd

View file

@ -15,5 +15,6 @@
key: "{{ user_dict[item.key].ssh_keys | join('\n') }}" key: "{{ user_dict[item.key].ssh_keys | join('\n') }}"
user: "{{ item.key }}" user: "{{ item.key }}"
exclusive: no exclusive: no
path: "/etc/ssh/authorized_keys/{{ item.key }}"
state: present state: present
loop: "{{ users | dict2items }}" loop: "{{ users | dict2items }}"

View file

@ -4,5 +4,5 @@
name: "wg-quick@{{ item.key }}" name: "wg-quick@{{ item.key }}"
state: restarted state: restarted
loop: loop:
- "{{ lookup('dict', vpn_interfaces) }}" - "{{ vpn_interfaces | dict2items }}"
no_log: true no_log: true

View file

@ -3,7 +3,7 @@
apt_repository: apt_repository:
repo: deb http://deb.debian.org/debian buster-backports main repo: deb http://deb.debian.org/debian buster-backports main
state: present state: present
when: ('debian_buster' in group_names) or ('proxmox_buster' in group_names) when: ansible_facts["lsb"]["codename"] == "buster"
- name: Install wireguard dependencies for proxmox - name: Install wireguard dependencies for proxmox
apt: apt:
@ -12,10 +12,7 @@
- wireguard-dkms # May need a `dkms autoinstall` and reboot ? - wireguard-dkms # May need a `dkms autoinstall` and reboot ?
state: latest state: latest
update_cache: true update_cache: true
register: apt_result when: ('proxmox' in group_names)
retries: 3
until: apt_result is succeeded
when: ('proxmox_buster' in group_names)
- name: Install wireguard - name: Install wireguard
apt: apt:
@ -23,9 +20,6 @@
- wireguard - wireguard
state: latest state: latest
update_cache: true update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Create wireguard config files - name: Create wireguard config files
ansible.builtin.template: ansible.builtin.template:
@ -35,15 +29,13 @@
group: root group: root
mode: '600' mode: '600'
notify: Restart wireguard for interface notify: Restart wireguard for interface
loop: loop: "{{ vpn_interfaces | dict2items }}"
- "{{ lookup('dict', vpn_interfaces) }}" no_log: "{{ enable_no_log | default('true') }}"
no_log: true
- name: Enable interface - name: Enable interface
systemd: systemd:
name: "wg-quick@{{ item.key }}" name: "wg-quick@{{ item.key }}"
state: started state: started
enabled: yes enabled: yes
loop: loop: "{{ vpn_interfaces | dict2items }}"
- "{{ lookup('dict', vpn_interfaces) }}" no_log: "{{ disable_no_log | not | default('true') }}"
no_log: true