verdnatura/vn-ansible
verdnatura
/
vn-ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

8025-awxRefactor-debianBootStrap-FinishWorks #32

Merged
juan merged 6 commits from 8025-awxRefactor-debianBootStrap-FinishWorks into main 2024-10-18 07:17:30 +00:00
Conversation 0 Commits 6 Files Changed 12 +51 -46
12 changed files with 51 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
playbooks/debian-once.yml
View File

@ -1,5 +0,0 @@
- name: First time host configuration
hosts: all
tasks:
- import_role:
name: debian-once

3
roles/debian-base/defaults/main.yaml
View File

@ -1,6 +1,5 @@
vn_witness: false vn_first_time: false
default_user: user default_user: user
root_password: Pa$$w0rd
fail2ban: fail2ban:
email: "{{ sysadmin_mail }}" email: "{{ sysadmin_mail }}"
bantime: 600 bantime: 600

2
roles/debian-base/tasks/main.yml
View File

@ -1,5 +1,7 @@
- import_tasks: witness.yml - import_tasks: witness.yml
tags: witness tags: witness
- import_tasks: root.yml
tags: root
- import_tasks: resolv.yml - import_tasks: resolv.yml
tags: resolv tags: resolv
- import_tasks: timesync.yml - import_tasks: timesync.yml

36
roles/debian-base/tasks/root.yml Normal file
View File

@ -0,0 +1,36 @@
- name: Generate root password
when: vn_first_time
block:
- name: Search root password into Passbolt
set_fact:
qst: >
{{
lookup(passbolt, inventory_hostname_short,
username='root',
uri='ssh://'+hostname_fqdn
)
}}
ignore_errors: true
- name: Generate and save root password if not found in Passbolt
when: qst is not defined
block:
- name: Generate a random root password
set_fact:
root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
- name: Save root password into Passbolt
set_fact:
msg: >
{{
lookup(passbolt, inventory_hostname_short,
username='root',
password=root_password,
uri='ssh://'+hostname_fqdn
)
}}
environment:
PASSBOLT_CREATE_NEW_RESOURCE: true
- name: Change root password
user:
name: root
password: "{{ root_password | password_hash('sha512') }}"

2
roles/debian-base/tasks/ssh.yml
View File

@ -3,7 +3,7 @@
path: "/etc/ssh/ssh_host_{{ item.type }}_key" path: "/etc/ssh/ssh_host_{{ item.type }}_key"
type: "{{ item.type }}" type: "{{ item.type }}"
force: yes force: yes
when: vn_witness when: vn_first_time
loop: loop:
- { type: 'rsa' } - { type: 'rsa' }
- { type: 'ecdsa' } - { type: 'ecdsa' }

4
roles/debian-base/tasks/witness.yml
View File

@ -4,9 +4,9 @@
register: keys_generated_marker register: keys_generated_marker
- name: Generate variable if not exists - name: Generate variable if not exists
set_fact: set_fact:
vn_witness: "{{ not keys_generated_marker.stat.exists }}" vn_first_time: "{{ not keys_generated_marker.stat.exists }}"
- name: Create marker file to indicate vn happends - name: Create marker file to indicate vn happends
file: file:
path: /etc/vn.witness path: /etc/vn.witness
state: touch state: touch
when: vn_witness when: vn_first_time

1
roles/debian-once/defaults/main.yaml
View File

@ -1 +0,0 @@
root_password: Pa$$w0rd

2
roles/debian-once/tasks/main.yml
View File

@ -1,2 +0,0 @@
- import_tasks: root.yml
tags: root

26
roles/debian-once/tasks/root.yml
View File

@ -1,26 +0,0 @@
- name: Generate a random root password
set_fact:
root_password: "{{ lookup('password', '/dev/null length=18 chars=ascii_letters,digits') }}"
- name: Save root password into Passbolt
set_fact:
msg: >
{{
lookup(passbolt, inventory_hostname_short,
username='root',
password=root_password,
uri='ssh://'+hostname_fqdn
)
}}
environment:
PASSBOLT_CREATE_NEW_RESOURCE: true
- name: Save the root password to file
copy:
content: "{{ root_password }}\n"
dest: /root/root_password.txt
owner: root
group: root
mode: '0600'
- name: Change root password
user:
name: root
password: "{{ root_password | password_hash('sha512') }}"

5
roles/debian-qemu/defaults/main.yml
View File

@ -1 +1,6 @@
homes_path: /mnt/homes homes_path: /mnt/homes
autofs_packages:
- nfs-common
- autofs
- libnfs-utils
- autofs-ldap

9
roles/debian-qemu/tasks/autofs.yml
View File

@ -1,12 +1,7 @@
- name: Install autofs packages - name: Install autofs packages
apt: apt:
name: "{{ item }}" name: "{{ autofs_packages }}"
state: present state: present
with_items:
- nfs-common
- autofs
- libnfs-utils
- autofs-ldap
- name: Create homes directory - name: Create homes directory
file: file:
path: "{{ homes_path }}" path: "{{ homes_path }}"
@ -33,6 +28,6 @@
mode: '0644' mode: '0644'
notify: restart-autofs notify: restart-autofs
- name: Service autofs service - name: Service autofs service
service: systemd:
name: autofs name: autofs
enabled: yes enabled: yes

2
roles/debian-qemu/tasks/hotplug.yml
View File

@ -12,5 +12,7 @@
mode: u=rw,g=r,o=r mode: u=rw,g=r,o=r
owner: root owner: root
group: root group: root
register: grub
- name: Generate GRUB configuration - name: Generate GRUB configuration
command: update-grub command: update-grub
when: grub.changed