Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Commit 532a6e07 authored by Freezed's avatar Freezed Committed by foobar
Browse files

:truck: Move tasks in dedicated directory

parent c579bdf7
No related branches found
No related tags found
1 merge request!1Draft: Resolve "Timeout (12s) waiting for privilege escalation prompt:"
Hide whitespace changes
Inline Side-by-side
Makefile
+ 2
1
View file @ 532a6e07
...@@ -6,7 +6,8 @@ clean: ...@@ -6,7 +6,8 @@ clean:
find . -type f -name "*.orig" -delete find . -type f -name "*.orig" -delete
open_all: open_all:
${EDITOR} .gitignore become_user_cfg.yml host_info.yml inventory Makefile README.md shutdown.yml whoami.yml ${EDITOR} .gitignore inventory Makefile README.md
${EDITOR} tasks/*.yml
inventory_generation: inventory_generation:
cp inventory.sample inventory && ${EDITOR} inventory cp inventory.sample inventory && ${EDITOR} inventory
README.md
+ 6
6
View file @ 532a6e07
...@@ -13,12 +13,12 @@ Suitable for server and workstation. ...@@ -13,12 +13,12 @@ Suitable for server and workstation.
✨ Features ✨ Features
----------- -----------
| playbook | purpose | | playbook | purpose |
| :--------------------------------------: | :--------------------------------------------------------------: | | :--------------------------------------: | :--------------------------------------------------------------: |
| [`become_user_cfg.yml`](become_user_cfg.yml) | Set `sudo` without password for `become_user` access | | [`become_user_cfg.yml`](tasks/become_user_cfg.yml) | Set `sudo` without password for `become_user` access |
| [`host_info.yml`](host_info.yml) | Return message with distribution full name & version | | [`host_info.yml`](tasks/host_info.yml) | Return message with distribution full name & version |
| [`shutdown.yml`](shutdown.yml) | Shutdown target in 10 min | | [`shutdown.yml`](tasks/shutdown.yml) | Shutdown target in 10 min |
| [`whoami.yml`](whoami.yml) | Return message with `ansible_user` & `become_user` (`sudo` method) | | [`whoami.yml`](tasks/whoami.yml) | Return message with `ansible_user` & `become_user` (`sudo` method) |
🚀 Quickstart 🚀 Quickstart
......
become_user_cfg.yml tasks/become_user_cfg.yml
+ 9
1
View file @ 532a6e07
--- ---
- hosts: "{{ host_list }}" - hosts: "{{ host_list }}"
become: yes
become_method: sudo become_method: sudo
remote_user: "{{ my_user }}" remote_user: "{{ my_user }}"
tasks: tasks:
- name: SUDO | Group sudo presence - name: SUDO | Group sudo presence
become: yes
ansible.builtin.group: ansible.builtin.group:
name: sudo name: sudo
state: present state: present
- name: SUDO | Group wheel absence - name: SUDO | Group wheel absence
become: yes
ansible.builtin.group: ansible.builtin.group:
name: wheel name: wheel
state: absent state: absent
- name: SUDO | User presence (with groups) - name: SUDO | User presence (with groups)
become: yes
ansible.builtin.user: ansible.builtin.user:
name: "{{ my_user }}" name: "{{ my_user }}"
state: present state: present
...@@ -23,21 +25,26 @@ ...@@ -23,21 +25,26 @@
append: true append: true
- name: SUDO | Reset ansible connection to apply group update - name: SUDO | Reset ansible connection to apply group update
become: yes
meta: reset_connection meta: reset_connection
- name: "SSH | Local public key is present for {{ my_user }}" - name: "SSH | Local public key is present for {{ my_user }}"
become: yes
ansible.builtin.authorized_key: ansible.builtin.authorized_key:
comment: "Managed by Ansible from GitLab @free_zed" comment: "Managed by Ansible from GitLab @free_zed"
key: https://gitlab.com/free_zed.keys key: https://gitlab.com/free_zed.keys
state: present state: present
user: "{{ my_user }}" user: "{{ my_user }}"
- name: SSH | Disallow SSH password authentication for root - name: SSH | Disallow SSH password authentication for root
become: yes
copy: copy:
src: sshd_config src: sshd_config
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
- name: "SSH | Local public key is present for root" - name: "SSH | Local public key is present for root"
become: yes
ansible.builtin.authorized_key: ansible.builtin.authorized_key:
comment: "Managed by Ansible from GitLab @free_zed" comment: "Managed by Ansible from GitLab @free_zed"
key: https://gitlab.com/free_zed.keys key: https://gitlab.com/free_zed.keys
...@@ -45,6 +52,7 @@ ...@@ -45,6 +52,7 @@
user: root user: root
- name: SSH | Remove no password directive - name: SSH | Remove no password directive
become: yes
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/sudoers path: /etc/sudoers
state: absent state: absent
......
tasks/files/sshd_config 0 → 100644
+ 18
0
View file @ 532a6e07
# ############################################# #
# /etc/ssh/sshd_config #
# #
# This file is managed by Ansible #
# Manual edition will be overridden #
# #
# https://lab.frogg.it/fcode/ansible/debian #
# #
# ############################################# #
Include /etc/ssh/sshd_config.d/*.conf
PermitRootLogin prohibit-password
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
host_info.yml tasks/host_info.yml
+ 0
0
View file @ 532a6e07
File moved
shutdown.yml tasks/shutdown.yml
+ 0
0
View file @ 532a6e07
File moved
whoami.yml tasks/whoami.yml
+ 0
0
View file @ 532a6e07
File moved
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Froggit est fièrement fabriqué avec amour par Lydra avec des Logiciels Libres et hébergé en France chez Scaleway | Status du service