From c579bdf7ee82b2dbe7f98ab614a2cf0c15aead4d Mon Sep 17 00:00:00 2001
From: Freezed <2160318-free_zed@users.noreply.gitlab.com>
Date: Fri, 7 Jan 2022 00:51:04 +0100
Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20Add=20playbooks:=20become=5Fuser=5F?=
=?UTF-8?q?cfg=20&=20shutdown?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
"reset_connection" tip came from:
https://www.jeffgeerling.com/blog/2021/allowing-ansible-playbooks-work-new-user-groups-on-first-run
🛂 Remove sudo passwd less add root auth w/ key
Root is accessible from:
* SSH by key
* sudo by password
TODO: if keychain is waiting for passphrase, ansible hang
https://www.funtoo.org/Keychain#Quick_Setup
---
Makefile | 2 +-
README.md | 10 +++++----
become_user_cfg.yml | 52 +++++++++++++++++++++++++++++++++++++++++++++
shutdown.yml | 8 +++++++
4 files changed, 67 insertions(+), 5 deletions(-)
create mode 100644 become_user_cfg.yml
create mode 100644 shutdown.yml
diff --git a/Makefile b/Makefile
index 009213e..bc41cf0 100644
--- a/Makefile
+++ b/Makefile
@@ -6,7 +6,7 @@ clean:
find . -type f -name "*.orig" -delete
open_all:
- ${EDITOR} .gitignore inventory Makefile host_info.yml README.md whoami.yml
+ ${EDITOR} .gitignore become_user_cfg.yml host_info.yml inventory Makefile README.md shutdown.yml whoami.yml
inventory_generation:
cp inventory.sample inventory && ${EDITOR} inventory
diff --git a/README.md b/README.md
index fff4416..10e040a 100644
--- a/README.md
+++ b/README.md
@@ -13,10 +13,12 @@ Suitable for server and workstation.
✨ Features
-----------
-| playbook | return |
-|-----------------------------------|---------------------------------------------------|
-| [`host_info.yml`](host_info.yml) | distribution full name & version |
-| [`whoami.yml`](whoami.yml) | `ansible_user` & `become_user` (`sudo` method) |
+| playbook | purpose |
+| :--------------------------------------: | :--------------------------------------------------------------: |
+| [`become_user_cfg.yml`](become_user_cfg.yml) | Set `sudo` without password for `become_user` access |
+| [`host_info.yml`](host_info.yml) | Return message with distribution full name & version |
+| [`shutdown.yml`](shutdown.yml) | Shutdown target in 10 min |
+| [`whoami.yml`](whoami.yml) | Return message with `ansible_user` & `become_user` (`sudo` method) |
🚀 Quickstart
diff --git a/become_user_cfg.yml b/become_user_cfg.yml
new file mode 100644
index 0000000..943e482
--- /dev/null
+++ b/become_user_cfg.yml
@@ -0,0 +1,52 @@
+---
+- hosts: "{{ host_list }}"
+ become: yes
+ become_method: sudo
+ remote_user: "{{ my_user }}"
+
+ tasks:
+ - name: SUDO | Group sudo presence
+ ansible.builtin.group:
+ name: sudo
+ state: present
+
+ - name: SUDO | Group wheel absence
+ ansible.builtin.group:
+ name: wheel
+ state: absent
+
+ - name: SUDO | User presence (with groups)
+ ansible.builtin.user:
+ name: "{{ my_user }}"
+ state: present
+ groups: sudo
+ append: true
+
+ - name: SUDO | Reset ansible connection to apply group update
+ meta: reset_connection
+
+ - name: "SSH | Local public key is present for {{ my_user }}"
+ ansible.builtin.authorized_key:
+ comment: "Managed by Ansible from GitLab @free_zed"
+ key: https://gitlab.com/free_zed.keys
+ state: present
+ user: "{{ my_user }}"
+
+ - name: SSH | Disallow SSHÂ password authentication for root
+ copy:
+ src: sshd_config
+ dest: /etc/ssh/sshd_config
+
+ - name: "SSH | Local public key is present for root"
+ ansible.builtin.authorized_key:
+ comment: "Managed by Ansible from GitLab @free_zed"
+ key: https://gitlab.com/free_zed.keys
+ state: present
+ user: root
+
+ - name: SSH | Remove no password directive
+ ansible.builtin.lineinfile:
+ path: /etc/sudoers
+ state: absent
+ regexp: 'NOPASSWD'
+ validate: '/usr/sbin/visudo -cf %s'
diff --git a/shutdown.yml b/shutdown.yml
new file mode 100644
index 0000000..310be6c
--- /dev/null
+++ b/shutdown.yml
@@ -0,0 +1,8 @@
+---
+- hosts: "{{ host_list }}"
+ remote_user: root
+
+ tasks:
+ - name: Shutdown the host in 10 min
+ community.general.shutdown:
+ delay: 600
--
GitLab