Compare commits

5 Commits

9 changed files with 101 additions and 1 deletions
+1 -1
View File
@@ -1,3 +1,3 @@
# ---> Ansible # ---> Ansible
*.retry *.retry
data/secret/
+7
View File
@@ -0,0 +1,7 @@
---
# Password for Ansible user
ansible_become_password: p@a$$word
# SSH key for Ansible user
ansible_ssh_key: $$h_key
# Password for the default unprivileged user
user_password: p@a$$word
+21
View File
@@ -0,0 +1,21 @@
$ANSIBLE_VAULT;1.1;AES256
66633664323430633839313237323961383861313238613533373836343632623630373236363931
3938336530333965623137333061383430306630333936340a393334613631346536666435303536
63623437393938303032333431386433383532313663303164633639383966666331666639316161
3934336133623933660a343636303735333838326536636534356234363333393533633534333065
32363862336233363932376233623935616230613761663564623830623436626166646164366630
65316266313538643762333438653938613362666266633834323236383062653466373935656666
61363239386535316136346539653964646533653566616430373764633763646665616135323137
33333064323464643837343139363638313266353136636637646132376232653962383662643365
64373364393165303562653131663061316266333737643561613936353036346239646666646132
38656334303861623966626233366336303264366439666231353465663361613835643030333736
62366265393339333832386537353635323838323062333163323364643964323838396332636133
32373136646265613962313636343738363430646130653339626434623362326662323839393366
32366634623631366362343231316664356539306664313235626461326463376166356435663065
63323863376236623030656466383562366366316662306332383036633335636138633038323830
34383162373966663666303130623364666535353738656433636463396534653735393362303633
38306132396533356262353837366532316631643864313033353564626663366166316431303735
33623965613337613838396165373363363331636132336466633236646331636239393766323662
37376332343534346438366566623930663737663566373965313934333337373630663738613163
31383937343534356537326636386133646466303235303966313363623530346535383531643164
66353839383966336331
+5
View File
@@ -0,0 +1,5 @@
---
physical:
hosts:
192.168.0.5:
ansible_become_password: "{{ ansible_become_password }}"
+2
View File
@@ -0,0 +1,2 @@
---
+17
View File
@@ -0,0 +1,17 @@
---
- name: Basic Proxmox guest deployment
hosts: all
remote_user: root
roles:
- ../roles/0_basic_postinstall
vars_files:
../data/secret/secrets.yaml
vars:
ansible_user_passwd_hash: "{{ ansible_become_password | password_hash('sha512', 's3edscrj45e6r') }}"
user_passwd_hash: "{{ user_password | password_hash('sha512', 's3ed6123jhgcr') }}"
handlers:
- name: restart sshd
service:
name: sshd
state: restarted
@@ -0,0 +1,3 @@
---
- name: Create and set up Ansible user and environment
ansible.builtin.include_tasks: prepare_ansible_user.yaml
@@ -0,0 +1,41 @@
---
## Installing packages
- name: Install sudo on apt systems
when: (ansible_facts['distribution'] == "Debian") or
(ansible_facts['distribution'] == "Ubuntu")
apt:
name:
- sudo
update-cache: yes
- name: Update Alpine packages
when: (ansible_facts['distribution'] == "Alpine")
command: /sbin/apk update
- name: Install sudo package on Alpine
when: (ansible_facts['distribution'] == "Alpine")
command: /sbin/apk add sudo
## Creating and setting up the ansible user
## First, create sshusers group to grant ssh access
- name: Ensure group "sshusers" exists
ansible.builtin.group:
name: sshusers
state: present
## Add the user to sshusers (for ssh access) and sudo (gain root access)
- name: Create a new user with a password for Ansible
user:
name: ansible
password: "{{ ansible_user_passwd_hash }}"
groups: sshusers,sudo
append: yes
## Since password authentication in SSH will be disabled, we need to add an authorized key
- name: Set authorized key taken from file
ansible.posix.authorized_key:
user: ansible
state: present
key: "{{ ansible_ssh_key }}"
+4
View File
@@ -0,0 +1,4 @@
#!/bin/sh
ansible-playbook -i inventory/deploy/hosts.yaml playbooks/deploy.yaml \
--private-key data/secret/ansible_key \
--vault-password-file data/secret/.vault_pass