You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74 lines
2.1 KiB
YAML
74 lines
2.1 KiB
YAML
---
|
|
|
|
- name: Configure local repository
|
|
hosts: 127.0.0.1
|
|
connection: local
|
|
gather_facts: no
|
|
tasks:
|
|
- name: Create local directory for credentials & keys
|
|
file:
|
|
path: "{{ item }}"
|
|
owner: "{{ global_local_user }}"
|
|
group: "{{ global_local_user }}"
|
|
mode: "u=rwx,g=rx,o=rx"
|
|
state: directory
|
|
loop:
|
|
- "{{ global_credentials_directory }}"
|
|
- "{{ global_public_key_directory }}"
|
|
- "{{ global_ssh_key_directory }}"
|
|
- "{{ global_ssh_host_key_directory }}"
|
|
- "{{ global_wireguard_private_directory }}"
|
|
- "{{ global_wireguard_public_directory }}"
|
|
- name: Install required tools
|
|
become: yes
|
|
become_user: root
|
|
become_method: sudo
|
|
apt:
|
|
name:
|
|
- sshpass
|
|
- wireguard-tools
|
|
state: present
|
|
|
|
- name: Configure secure root access to hosts
|
|
hosts: bootstrap
|
|
gather_facts: no
|
|
roles:
|
|
- role: bootstrap
|
|
|
|
- hosts: all
|
|
strategy: free
|
|
roles:
|
|
- role: hostname
|
|
fqdn: "{{ inventory_hostname }}"
|
|
- role: common
|
|
- role: fail2ban/application
|
|
- role: account
|
|
username: "{{ global_username }}"
|
|
password: "{{ zocker_password }}"
|
|
authorized_keys: "{{ zocker_authorized_keys_url }}"
|
|
sudo: yes
|
|
- role: misc/ssh_tg_notify
|
|
recipient_id: "{{ zocker_telegram_id }}"
|
|
|
|
# Group specific configurations
|
|
- name: Include configuration for group bwcloud
|
|
import_playbook: playbooks/group_bwcloud.yml
|
|
- name: Include configuration for group os_raspbian
|
|
import_playbook: playbooks/group_os_raspbian.yml
|
|
|
|
# Topic specific configurations
|
|
- name: Include wireguard network configuration
|
|
import_playbook: playbooks/wireguard.yml
|
|
- name: Include dns configuration
|
|
import_playbook: playbooks/dns.yml
|
|
|
|
# Host specific configurations
|
|
- name: Include configuration of nvak.banananet.work
|
|
import_playbook: playbooks/host_nvak.banananet.work.yml
|
|
- name: Include configuration of rurapenthe.banananet.work
|
|
import_playbook: playbooks/host_rurapenthe.banananet.work.yml
|
|
|
|
- hosts: hardie.eridon.banananet.work
|
|
roles:
|
|
- role: misc/ip_discover
|