many changes

added multiple tasks, files, configurations
2022-02-17 16:14:15 +01:00
parent b94b707e76
commit 7d5a913b6b
15 changed files with 1120 additions and 9 deletions
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -24,8 +24,9 @@
  # - import_tasks: system_setup/scripts.yml

  # Make sure users exist on the system
-  #- import_tasks: users/rene.yml
-  #- import_tasks: users/root.yml
+  - import_tasks: users/rene.yml
+  - import_tasks: users/root.yml
+  - import_tasks: users/ansible.yml

  # Set up the ansible environment
  # - import_tasks: ansible_setup.yml
--- a/roles/base/tasks/system_setup/cron.yml
+++ b/roles/base/tasks/system_setup/cron.yml
@@ -0,0 +1,51 @@
+- name: system setup | cron | install cron package
+  tags: packages,cron
+  package:
+    name:
+      - "{{ cron_package }}"
+    state: latest
+
+- name: system setup | cron | start and enable cronie daemon
+  tags: cron
+  service:
+    name: cronie
+    state: started
+    enabled: true
+  when: ansible_distribution == "Archlinux"
+
+- name: system setup | cron | schedule automatic ansible provisioning
+  tags: cron
+  cron:
+    name: "ansible provision"
+    user: ansible
+    hour: "{{ ansible_cron_hour | default('*') }}"
+    minute: "{{ ansible_cron_minute | default('*/30') }}"
+    job: "/usr/local/bin/provision > /dev/null"
+
+- name: system setup | cron | schedule ansible cleanup at boot
+  tags: cron
+  cron:
+    name: "ansible refresh at boot"
+    user: ansible
+    special_time: reboot
+    job: "/bin/rm -rf /home/simone/.ansible"
+
+- name: system setup | cron | Send me a list of upgradeable packages daily
+  tags: cron
+  cron:
+    name: "Send me a list of upgradeable packages"
+    user: root
+    hour: "0"
+    minute: "0"
+    job: "apt list --upgradeable"
+  when: ansible_distribution in ["Debian", "Ubuntu"]
+
+- name: system setup | cron | Send me a list of upgradeable packages daily
+  tags: cron
+  cron:
+    name: "Send me a list of upgradeable packages"
+    user: root
+    hour: "0"
+    minute: "0"
+    job: "{{ root_home }} + '/bin/cron_pacman'"
+  when: ansible_distribution in ["Archlinux"]  
--- a/roles/base/tasks/system_setup/openssh.yml
+++ b/roles/base/tasks/system_setup/openssh.yml
@@ -20,11 +20,28 @@
    owner: root
    group: root
    mode: '0644'
+  notify: restart_sshd

-#  template:
-#    src: sshd_config.j2
-#    dest: /etc/ssh/sshd_config
-#    owner: root
-#    group: root
-#    mode: 0644
-#  notify: restart_sshd
+- name: system setup | openssh | install fail2ban
+  tags: fail2ban,ssh,system,settings
+  package:
+    name: fail2ban
+    state: latest
+  notify: restart_fail2ban
+
+-name: system setup | openssh | enable fail2ban
+  tags: fail2ban,ssh,system,settings
+  service:
+    name: fail2ban
+    enabled: yes
+  notify: restart_fail2ban
+
+-name: system setup | openssh | copy local jail for fail2ban
+  tags: fail2ban,ssh,system,settings
+  copy:
+    src: system_setup/jail.local
+    dest: /etc/fail2ban/jail.local
+    owner: root
+    group: root
+    mode: '0644'
+  notify: restart_fail2ban
--- a/roles/base/tasks/system_setup/scripts.yml
+++ b/roles/base/tasks/system_setup/scripts.yml
@@ -0,0 +1,8 @@
+- name: system setup | scripts | copy validate-rsync.sh script
+  tags: scripts
+  copy:
+    src: system_setup/validate-rsync.sh
+    dst: "{{ home_root }} + '/validate-rsync.sh'"
+    owner: root
+    group: root
+    mode: '0755'
--- a/roles/base/tasks/users/rene.yml
+++ b/roles/base/tasks/users/rene.yml
@@ -2,6 +2,18 @@
  user:
    name: rene
    password_lock: yes
+    shell: "/usr/bin/zsh"
+
+- name: users | rene | install public ssh keys
+  authorized_keys:
+    user: rene
+    state: present
+    key: '{{ item }}'
+  with_file:
+    - public_keys/id_dsa.pub
+    - public_keys/id_ed25519.pub
+    - public_keys/rene_id_rsa.pub
+    - public_keys/yubikey.pub

 # - name: users | rene | create config directories
 #   file:
--- a/roles/base/tasks/users/root.yml
+++ b/roles/base/tasks/users/root.yml
@@ -3,6 +3,39 @@
    name: root
    password_lock: yes

+- name: users | root | install public ssh keys
+  authorized_keys:
+    user: root
+    state: present
+    key: '{{ item }}'
+  with_items:
+    - public_keys/id_dsa.pub
+    - public_keys/id_ed25519.pub
+    - public_keys/rene_id_rsa.pub
+    - public_keys/root_id_rsa.pub
+    - public_keys/yubikey.pub
+
+# - name: users | root | install public key for backups
+#   authorized_keys:
+#     user: root
+#     state: present
+#     key: public_keys/backup_ed25519.pub
+#     key_options: 'from="192.168.1.240",command="~/validate-rsync.sh"'
+
+# - name: users | root | create script directories
+#   file:
+#     path: "{{ root_home }}/scripts"
+#     state: directory
+#     mode: '0755'
+
+# - name: users | root | clone root_bins
+#   git:
+#     repo: 'https://gitlab.social.my-wan.de/rene/root-bin.git'
+#     dest: "{{ root_home }}/bin"
+
+######################################################
+# Learn Linux TV example
+######################################################
 # - name: users | root | create config directories
 #   file:
 #     path: /root/{{ item.dir }}