From a8d7c01efea63c484d3ed1f4fb5dcb83ae40a332 Mon Sep 17 00:00:00 2001 From: shockrah Date: Tue, 4 Mar 2025 11:20:00 -0800 Subject: [PATCH] Slowing building out the new workflows --- playbooks/manual-prerequisites.yaml | 9 +++++ playbooks/readme.md | 5 +++ playbooks/static/files/.gitkeep | 0 playbooks/static/handlers/.gitkeep | 0 playbooks/static/handlers/main.yaml | 5 +++ playbooks/static/tasks/.gitkeep | 0 playbooks/static/tasks/setup-webadmin.yaml | 43 ++++++++++++++++++++++ playbooks/static/templates/.gitkeep | 0 playbooks/static/vars/.gitkeep | 0 9 files changed, 62 insertions(+) create mode 100644 playbooks/manual-prerequisites.yaml create mode 100644 playbooks/readme.md create mode 100644 playbooks/static/files/.gitkeep create mode 100644 playbooks/static/handlers/.gitkeep create mode 100644 playbooks/static/handlers/main.yaml create mode 100644 playbooks/static/tasks/.gitkeep create mode 100644 playbooks/static/tasks/setup-webadmin.yaml create mode 100644 playbooks/static/templates/.gitkeep create mode 100644 playbooks/static/vars/.gitkeep diff --git a/playbooks/manual-prerequisites.yaml b/playbooks/manual-prerequisites.yaml new file mode 100644 index 0000000..247cd87 --- /dev/null +++ b/playbooks/manual-prerequisites.yaml @@ -0,0 +1,9 @@ +--- +- hosts: static-web + remote_user: root + tasks: + - name: Import manual setup steps + ansible.builtin.import_role: + name: static + tasks_from: setup-webadmin.yaml + diff --git a/playbooks/readme.md b/playbooks/readme.md new file mode 100644 index 0000000..61305fe --- /dev/null +++ b/playbooks/readme.md @@ -0,0 +1,5 @@ +# What is this + +Here be the ansible based workflows that we use to keep things like the static +hosts properly setup with all the resources they need to properly host the +services we intended on hosting. diff --git a/playbooks/static/files/.gitkeep b/playbooks/static/files/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/playbooks/static/handlers/.gitkeep b/playbooks/static/handlers/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/playbooks/static/handlers/main.yaml b/playbooks/static/handlers/main.yaml new file mode 100644 index 0000000..ec92437 --- /dev/null +++ b/playbooks/static/handlers/main.yaml @@ -0,0 +1,5 @@ +- name: Restart SSH + become: true + ansible.builtin.systemd: + name: sshd + state: restarted diff --git a/playbooks/static/tasks/.gitkeep b/playbooks/static/tasks/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/playbooks/static/tasks/setup-webadmin.yaml b/playbooks/static/tasks/setup-webadmin.yaml new file mode 100644 index 0000000..bfc6523 --- /dev/null +++ b/playbooks/static/tasks/setup-webadmin.yaml @@ -0,0 +1,43 @@ +- name: Ensure sudo is available + ansible.builtin.apt: + state: present + update_cache: true + pkg: + - sudo + - zsh +- name: Create webadmin user + ansible.builtin.user: + name: webadmin + state: present + shell: /bin/zsh + groups: + - nginx + append: true +- name: Copy webadmin public key + ansible.posix.authorized_key: + user: webadmin + state: present + key: "{{ lookup('file', 'files/webadmin.pem.pub') }}" +- name: Add webadmin to sudoers + ansible.builtin.copy: + dest: "/etc/sudoers.d/webadmin" + content: "webadmin ALL=(ALL) NOPASSWD: ALL" + mode: "0644" + owner: root + group: root +- name: Disable Password Authentication + ansible.builtin.lineinfile: + dest: /etc/ssh/sshd_config + line: PasswordAuthentication no + state: present + backup: true + notify: + - Restart SSH +- name: Disable root login + ansible.builtin.lineinfile: + dest: /etc/ssh/sshd_config + line: PermitRootLogin no + state: present + backup: true + notify: + - Restart SSH diff --git a/playbooks/static/templates/.gitkeep b/playbooks/static/templates/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/playbooks/static/vars/.gitkeep b/playbooks/static/vars/.gitkeep new file mode 100644 index 0000000..e69de29