Add default setup for debian (HACKY/WIP)
This commit is contained in:
parent
dbe4a55f73
commit
2803c0aaea
4 changed files with 118 additions and 0 deletions
5
debian.yml
Normal file
5
debian.yml
Normal file
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
- hosts: debian
|
||||
become: yes
|
||||
roles:
|
||||
- debian
|
6
roles/debian/handlers/main.yml
Normal file
6
roles/debian/handlers/main.yml
Normal file
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
- name: reload sshd
|
||||
service: name=sshd state=reloaded
|
||||
|
||||
- name: restart network
|
||||
service: name=systemd-networkd state=restarted
|
82
roles/debian/tasks/main.yml
Normal file
82
roles/debian/tasks/main.yml
Normal file
|
@ -0,0 +1,82 @@
|
|||
---
|
||||
- name: Install defaults
|
||||
package:
|
||||
name:
|
||||
- zsh
|
||||
|
||||
- name: Download .zshrc from grml
|
||||
get_url:
|
||||
url: https://raw.githubusercontent.com/grml/grml-etc-core/v0.12.5/etc/zsh/zshrc
|
||||
dest: /etc/zsh/zshrc
|
||||
checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce
|
||||
validate_certs: false
|
||||
|
||||
- name: ssh publickey
|
||||
authorized_key:
|
||||
user: root
|
||||
state: present
|
||||
key: "{{ default_root_ssh_publickey }}"
|
||||
|
||||
- name: Update SSH configuration
|
||||
notify: reload sshd
|
||||
replace:
|
||||
dest: /etc/ssh/sshd_config
|
||||
regexp: '^([\#\s]*)?{{ item.key }}\s+([\w_-]+)'
|
||||
replace: "{{item.key}} {{item.value}}"
|
||||
with_items:
|
||||
- key: PermitRootLogin
|
||||
value: without-password
|
||||
- key: PasswordAuthentication
|
||||
value: 'no'
|
||||
- key: ChallengeResponseAuthentication
|
||||
value: 'no'
|
||||
- key: PrintLastLog
|
||||
value: 'yes'
|
||||
- key: UseDNS
|
||||
value: 'no'
|
||||
|
||||
- name: Change shell of user root
|
||||
user:
|
||||
name: root
|
||||
shell: /usr/bin/zsh
|
||||
|
||||
- name: Enable sshd
|
||||
systemd:
|
||||
name: sshd
|
||||
enabled: yes
|
||||
state: started
|
||||
|
||||
- name: Configure Network
|
||||
notify: restart network
|
||||
when: ipv4 is defined or ipv6 is defined
|
||||
template:
|
||||
src: systemd.network
|
||||
dest: /etc/systemd/network/main.network
|
||||
owner: root
|
||||
mode: 644
|
||||
|
||||
- name: enable systemd-networkd
|
||||
notify: restart network
|
||||
systemd:
|
||||
name: systemd-networkd
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: disable networking
|
||||
systemd:
|
||||
name: networking
|
||||
state: stopped
|
||||
enabled: no
|
||||
|
||||
- name: start systemd-resolved
|
||||
systemd:
|
||||
name: systemd-resolved
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: symling /etc/resolve
|
||||
file:
|
||||
src: /run/systemd/resolve/stub-resolv.conf
|
||||
dest: /etc/resolv.conf
|
||||
state: link
|
||||
force: yes
|
25
roles/debian/templates/systemd.network
Normal file
25
roles/debian/templates/systemd.network
Normal file
|
@ -0,0 +1,25 @@
|
|||
# {{ ansible_managed }}
|
||||
[Match]
|
||||
Name=e*
|
||||
|
||||
{% if dns is defined %}
|
||||
[Network]
|
||||
DNS={{ dns }}
|
||||
{% endif %}
|
||||
|
||||
{% if ipv4 is defined %}
|
||||
[Address]
|
||||
Address={{ipv4}}
|
||||
{% if ipv4.split("/")[1] is equalto "32" %}
|
||||
Peer={{ipv4Yroute}}/32
|
||||
{% endif %}
|
||||
|
||||
[Route]
|
||||
Gateway={{ipv4route}}
|
||||
{% endif %}
|
||||
|
||||
{% if ipv6 is defined %}
|
||||
[Network]
|
||||
Address={{ipv6}}
|
||||
Gateway={{ipv6route}}
|
||||
{% endif %}
|
Loading…
Reference in a new issue