summaryrefslogtreecommitdiffstats
path: root/roles/base
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--roles/base/files/keys/bandali1
-rw-r--r--roles/base/files/keys/cairn1
-rw-r--r--roles/base/files/keys/dragestil1
-rw-r--r--roles/base/files/keys/opal2
-rw-r--r--roles/base/files/keys/sachac2
-rw-r--r--roles/base/files/keys/zaeph1
-rw-r--r--roles/base/files/sshd_config16
-rw-r--r--roles/base/files/sudoers.d/10_ansible1
-rw-r--r--roles/base/files/sudoers.d/20_admin1
-rw-r--r--roles/base/files/sudoers.d/30_org_admin3
-rw-r--r--roles/base/tasks/main.yml54
-rw-r--r--roles/base/vars/main.yml55
12 files changed, 138 insertions, 0 deletions
diff --git a/roles/base/files/keys/bandali b/roles/base/files/keys/bandali
new file mode 100644
index 0000000..e50d913
--- /dev/null
+++ b/roles/base/files/keys/bandali
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0St/clKIWYQMvrVwxs2f3bKapNnu6DmsRxitFfsGMN bandali@gnu.org
diff --git a/roles/base/files/keys/cairn b/roles/base/files/keys/cairn
new file mode 100644
index 0000000..6bd04bd
--- /dev/null
+++ b/roles/base/files/keys/cairn
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK7g0qqt0yIKwozCc+ogKiTzK5iwA3nXFHnlvhJfiEZUKiCcl9PN0O+50h8+rFrva27NxE8OEhCPCV9Ug+K8+Z4ikVbIYEBbgF4+GOtW6R7Ktota2Y+6c5DZfoq2vFNOI5cL1OkQUrQhVa+fIjb9zh2L9YgJIsBv/850HlYLS4DPMqyWo7SsMNFA2BIm/rL/U/fqjr4IJ/uxGa3cwM6zixqfozQShxULvz6BxVpe+yPp0yj+mau9DJEs18ZNoeC4vqzXq73hsth2RisXq389foWNRKrAMzcajw8EW7MRd4srRnlr6APt2ZH/vQ6EcTBNyWqEv2KJ4KVZLgg0QHyQBb cairn@starfighter
diff --git a/roles/base/files/keys/dragestil b/roles/base/files/keys/dragestil
new file mode 100644
index 0000000..5bc093f
--- /dev/null
+++ b/roles/base/files/keys/dragestil
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvPOtgcm5ptn8l+/YLAJEqVeT801btqFOf9gE9BLGDh yuchen@melb
diff --git a/roles/base/files/keys/opal b/roles/base/files/keys/opal
new file mode 100644
index 0000000..eeb5e3c
--- /dev/null
+++ b/roles/base/files/keys/opal
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChD6zcTYv5hpl9YRSetz1uQzQfOkzOQZNna0Mvzqt5mzptdthe6ZNHKchto5tpby5iVxwGTPiHcWs0VlnnDG/VX/a5p28qs2595MZizv6McqInr1kLj3w+gbJpPRqaL0GGtlCZhIYyv1MRFhkemdSzLAo4/Noj7z3b+z6tsnsIr/qJvpoUt0tdsrgMlHOHkqZsnQICNah+ugQAOQzCkZCW7E3hSMtal412eNIaX8TiB686N2VigMOOUxg6NNbo/dRFq5IMA48hBNJpzeS4zz1gMXv6hSCRPcBJ5aFt+O6T7VOXdTAlC88+zu6c554kacyhVB/4tWGmnf1ZaK4kD8Un ry@nocry
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGTI8v3jrhi/HS9RIudSrVg7WFBcvCiRj90q3Qa8HuwbbrHAkVSrhrpJKVTYMt2tBGdcM9QgU/dy5F0o07Vb23COQG/sqr/ImX8wSnjIvjW/yDHaKtEcy3sbvtqqRXiI8R8wfMctCPjUnl7OhaDPMWDy8sAefApCs1W5InafT6TYkooCg== ry@apollyon
diff --git a/roles/base/files/keys/sachac b/roles/base/files/keys/sachac
new file mode 100644
index 0000000..999b59c
--- /dev/null
+++ b/roles/base/files/keys/sachac
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK0Vg112xS0SAuCutincht2LWs+2jC8EWC19Irotv8M0ztzLf6wmXEw0xoB8D78LKzXGC/gFcIvYzsNezHFpU5PmlxYBRJkdOYH2zYfnlWQFpJKmk1OelTrugaRE4HywXurf6q6Sot5hzbzPmCWgOlBZshnkDXMAyPCfYvL+RcwTRJWiaiGwwDHlfHCkebr4cwypRQ7Nl2kKajdp4wZXwbuP64pPNMmftZEMEM910w3zPnzQTil4IuLSiVC8K7TSk6xsnrsk10Y6zfoaHkZ71OD58rqPPFqeHYDj8SAvp6W4hHwakbf+r8nfRfr8Tc+gtCf0B6a4Y050OI5FxHlmjh
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyMf4V8eCzYNEde8xG4tIJPBv8NwoTzyRG9O5+Bl69osaHV7OZQz81wXil1qZ/xrUu6fc5jMkxq7j5KCCs2MF6gMq12UKe9ESKYe5i+jFL7+V6JNQqcjLcyaEfEFtFCJ95nWCQWpXrMPijvpB3+YxLspFOTz8ZJsGENXU+Rkz5EIdx2VTgHUbddCjE5jndIO58uPKmR4EpMeUWxb20xYLpOwM14aGF/ERVjI++dIwu7mc21kxg42HJjRA/NRV48IxrGl57KKzl7qtMrqwp+ucoLWw4PdqHk4/tApjmrgLiJzLpSZx/4LL3mHTg3I6w9fC5yTgk3k6rJFomb2Jbboxx
diff --git a/roles/base/files/keys/zaeph b/roles/base/files/keys/zaeph
new file mode 100644
index 0000000..33d3fa4
--- /dev/null
+++ b/roles/base/files/keys/zaeph
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxla020OSOgCfbCekmMMEFNmuUicibIo7eotqONcJDB
diff --git a/roles/base/files/sshd_config b/roles/base/files/sshd_config
new file mode 100644
index 0000000..0060c33
--- /dev/null
+++ b/roles/base/files/sshd_config
@@ -0,0 +1,16 @@
+Include /etc/ssh/sshd_config.d/*.conf
+Port 46668
+
+LoginGraceTime 2m
+AllowAgentForwarding yes
+X11Forwarding yes
+PermitRootLogin prohibit-password
+AuthorizedKeysFile .ssh/authorized_keys
+PasswordAuthentication no
+UsePAM yes
+PrintMotd no
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+AllowUsers opalvaults ansible bandali zaeph sachac dragestil cairn
diff --git a/roles/base/files/sudoers.d/10_ansible b/roles/base/files/sudoers.d/10_ansible
new file mode 100644
index 0000000..80053e5
--- /dev/null
+++ b/roles/base/files/sudoers.d/10_ansible
@@ -0,0 +1 @@
+ansible ALL = (ALL) NOPASSWD: ALL
diff --git a/roles/base/files/sudoers.d/20_admin b/roles/base/files/sudoers.d/20_admin
new file mode 100644
index 0000000..71b74c3
--- /dev/null
+++ b/roles/base/files/sudoers.d/20_admin
@@ -0,0 +1 @@
+%admin ALL=(ALL) ALL
diff --git a/roles/base/files/sudoers.d/30_org_admin b/roles/base/files/sudoers.d/30_org_admin
new file mode 100644
index 0000000..f855569
--- /dev/null
+++ b/roles/base/files/sudoers.d/30_org_admin
@@ -0,0 +1,3 @@
+sachac ALL=(ALL) /usr/bin/apt
+zaeph ALL=(ALL) /usr/bin/apt
+dragestil ALL=(ALL) /usr/bin/apt
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
new file mode 100644
index 0000000..8d2280b
--- /dev/null
+++ b/roles/base/tasks/main.yml
@@ -0,0 +1,54 @@
+---
+# User & Group Creation
+- name: create groups
+ group:
+ name: "{{ item.value.group }}"
+ state: "{{ item.value.state }}"
+ loop: "{{ init_users | dict2items }}"
+
+- name: create users
+ user:
+ name: "{{ item.value.name }}"
+ group: "{{ item.value.group }}"
+ groups: "{{ item.value.groups }}"
+ create_home: "{{ item.value.create_home }}"
+ state: "{{ item.value.state }}"
+ shell: "{{ item.value.shell }}"
+ loop: "{{ init_users | dict2items }}"
+
+# SSH Initial Setup
+- name: create .ssh dirs
+ file:
+ path: "/home/{{ item.value.name }}/.ssh"
+ state: directory
+ mode: 0700
+ owner: "{{ item.value.name }}"
+ group: "{{ item.value.group }}"
+ loop: "{{ init_users | dict2items }}"
+
+
+- name: Copy keys to users
+ authorized_key:
+ user: "{{ item.value.name }}"
+ state: present
+ key: "{{ lookup('file', 'keys/{{ item.value.name }}') }}"
+ loop: "{{ init_users | dict2items }}"
+
+
+- name: Copy custom sshd_config
+ copy:
+ src: sshd_config
+ dest: "/etc/ssh/sshd_config.d/emacsconf_ssh.conf"
+ mode: 0644
+ owner: root
+ group: root
+
+# Sudoers
+- name: sudoers.d entries
+ copy:
+ src: "sudoers.d/"
+ dest: "/etc/sudoers.d/"
+ mode: 0440
+ owner: root
+ group: root
+ force: no
diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml
new file mode 100644
index 0000000..927d641
--- /dev/null
+++ b/roles/base/vars/main.yml
@@ -0,0 +1,55 @@
+---
+init_users:
+ opal:
+ name: opal
+ group: opal
+ groups: admin,org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ bandali:
+ name: bandali
+ group: bandali
+ groups: admin,org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ sachac:
+ name: sachac
+ group: sachac
+ groups: org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ zaeph:
+ name: zaeph
+ group: zaeph
+ groups: org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ cairn:
+ name: cairn
+ group: cairn
+ groups: org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ dragestil:
+ name: dragestil
+ group: dragestil
+ groups: org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+
+sudoers_files:
+ - sudoers.d/10_ansible
+ - sudoers.d/20_org_admin
+ - sudoers.d/30_admin
+
+packages:
+ - git
+ - vim
+ - emacs
+ - nano