diff options
Diffstat (limited to '')
-rw-r--r-- | roles/base/files/keys/bandali | 1 | ||||
-rw-r--r-- | roles/base/files/keys/cairn | 1 | ||||
-rw-r--r-- | roles/base/files/keys/dragestil | 1 | ||||
-rw-r--r-- | roles/base/files/keys/opal | 2 | ||||
-rw-r--r-- | roles/base/files/keys/sachac | 2 | ||||
-rw-r--r-- | roles/base/files/keys/zaeph | 1 | ||||
-rw-r--r-- | roles/base/files/sshd_config | 16 | ||||
-rw-r--r-- | roles/base/files/sudoers.d/10_ansible | 1 | ||||
-rw-r--r-- | roles/base/files/sudoers.d/20_admin | 1 | ||||
-rw-r--r-- | roles/base/files/sudoers.d/30_org_admin | 3 | ||||
-rw-r--r-- | roles/base/tasks/main.yml | 54 | ||||
-rw-r--r-- | roles/base/vars/main.yml | 55 | ||||
-rw-r--r-- | roles/pad-proxy/defaults/main.yml (renamed from pad-proxy/defaults/main.yml) | 0 | ||||
-rw-r--r-- | roles/pad-proxy/handlers/main.yml (renamed from pad-proxy/handlers/main.yml) | 0 | ||||
-rw-r--r-- | roles/pad-proxy/tasks/main.yml (renamed from pad-proxy/tasks/main.yml) | 0 | ||||
-rw-r--r-- | roles/pad-proxy/templates/etherpad.nginx.conf (renamed from pad-proxy/templates/etherpad.nginx.conf) | 0 | ||||
-rw-r--r-- | roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf (renamed from pad-proxy/templates/wikimedia.etherpad.nginx.conf) | 0 | ||||
-rw-r--r-- | roles/pad/README.md (renamed from pad/README.md) | 0 | ||||
-rw-r--r-- | roles/pad/defaults/main.yml (renamed from pad/defaults/main.yml) | 0 | ||||
-rw-r--r-- | roles/pad/tasks/loadtest.yml (renamed from pad/tasks/loadtest.yml) | 0 | ||||
-rw-r--r-- | roles/pad/tasks/main.yml (renamed from pad/tasks/main.yml) | 0 | ||||
-rw-r--r-- | roles/pad/tasks/mariadb.yml (renamed from pad/tasks/mariadb.yml) | 0 | ||||
-rwxr-xr-x | roles/pad/templates/etherpad.init.d (renamed from pad/templates/etherpad.init.d) | 0 | ||||
-rw-r--r-- | roles/pad/templates/etherpad.service (renamed from pad/templates/etherpad.service) | 0 | ||||
-rw-r--r-- | roles/pad/templates/loadtest.settings.json (renamed from pad/templates/loadtest.settings.json) | 0 | ||||
-rw-r--r-- | roles/pad/templates/settings.json (renamed from pad/templates/settings.json) | 0 | ||||
-rw-r--r-- | roles/pad/vars/main.yml (renamed from pad/vars/main.yml) | 0 | ||||
-rw-r--r-- | roles/wiki-edit/defaults/main.yml (renamed from wiki-edit/defaults/main.yml) | 0 | ||||
-rw-r--r-- | roles/wiki-edit/tasks/main.yaml (renamed from wiki-edit/tasks/main.yaml) | 0 | ||||
-rw-r--r-- | roles/wiki-edit/templates/emacsconf-edit.el (renamed from wiki-edit/templates/emacsconf-edit.el) | 0 | ||||
-rw-r--r-- | roles/wiki-publish/defaults/main.yml (renamed from wiki-publish/defaults/main.yml) | 0 | ||||
-rw-r--r-- | roles/wiki-publish/tasks/main.yml (renamed from wiki-publish/tasks/main.yml) | 0 | ||||
-rw-r--r-- | roles/wiki-publish/templates/emacsconf-config.el (renamed from wiki-publish/templates/emacsconf-config.el) | 0 | ||||
-rw-r--r-- | roles/wiki/defaults/main.yml (renamed from wiki/defaults/main.yml) | 0 | ||||
-rw-r--r-- | roles/wiki/tasks/docker.yml (renamed from wiki/tasks/docker.yml) | 0 | ||||
-rw-r--r-- | roles/wiki/tasks/main.yml (renamed from wiki/tasks/main.yml) | 0 | ||||
-rw-r--r-- | roles/wiki/templates/Scrubber.pm (renamed from wiki/templates/Scrubber.pm) | 0 | ||||
-rw-r--r-- | roles/wiki/templates/copyright.pm (renamed from wiki/templates/copyright.pm) | 0 | ||||
-rw-r--r-- | roles/wiki/templates/emacsconf.setup (renamed from wiki/templates/emacsconf.setup) | 0 | ||||
-rwxr-xr-x | roles/wiki/templates/htmlscrubber.pm (renamed from wiki/templates/htmlscrubber.pm) | 0 | ||||
-rw-r--r-- | roles/wiki/templates/license.pm (renamed from wiki/templates/license.pm) | 0 | ||||
-rw-r--r-- | roles/wiki/templates/supervisord.conf (renamed from wiki/templates/supervisord.conf) | 0 |
42 files changed, 138 insertions, 0 deletions
diff --git a/roles/base/files/keys/bandali b/roles/base/files/keys/bandali new file mode 100644 index 0000000..e50d913 --- /dev/null +++ b/roles/base/files/keys/bandali @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0St/clKIWYQMvrVwxs2f3bKapNnu6DmsRxitFfsGMN bandali@gnu.org diff --git a/roles/base/files/keys/cairn b/roles/base/files/keys/cairn new file mode 100644 index 0000000..6bd04bd --- /dev/null +++ b/roles/base/files/keys/cairn @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK7g0qqt0yIKwozCc+ogKiTzK5iwA3nXFHnlvhJfiEZUKiCcl9PN0O+50h8+rFrva27NxE8OEhCPCV9Ug+K8+Z4ikVbIYEBbgF4+GOtW6R7Ktota2Y+6c5DZfoq2vFNOI5cL1OkQUrQhVa+fIjb9zh2L9YgJIsBv/850HlYLS4DPMqyWo7SsMNFA2BIm/rL/U/fqjr4IJ/uxGa3cwM6zixqfozQShxULvz6BxVpe+yPp0yj+mau9DJEs18ZNoeC4vqzXq73hsth2RisXq389foWNRKrAMzcajw8EW7MRd4srRnlr6APt2ZH/vQ6EcTBNyWqEv2KJ4KVZLgg0QHyQBb cairn@starfighter diff --git a/roles/base/files/keys/dragestil b/roles/base/files/keys/dragestil new file mode 100644 index 0000000..5bc093f --- /dev/null +++ b/roles/base/files/keys/dragestil @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvPOtgcm5ptn8l+/YLAJEqVeT801btqFOf9gE9BLGDh yuchen@melb diff --git a/roles/base/files/keys/opal b/roles/base/files/keys/opal new file mode 100644 index 0000000..eeb5e3c --- /dev/null +++ b/roles/base/files/keys/opal @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChD6zcTYv5hpl9YRSetz1uQzQfOkzOQZNna0Mvzqt5mzptdthe6ZNHKchto5tpby5iVxwGTPiHcWs0VlnnDG/VX/a5p28qs2595MZizv6McqInr1kLj3w+gbJpPRqaL0GGtlCZhIYyv1MRFhkemdSzLAo4/Noj7z3b+z6tsnsIr/qJvpoUt0tdsrgMlHOHkqZsnQICNah+ugQAOQzCkZCW7E3hSMtal412eNIaX8TiB686N2VigMOOUxg6NNbo/dRFq5IMA48hBNJpzeS4zz1gMXv6hSCRPcBJ5aFt+O6T7VOXdTAlC88+zu6c554kacyhVB/4tWGmnf1ZaK4kD8Un ry@nocry +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGTI8v3jrhi/HS9RIudSrVg7WFBcvCiRj90q3Qa8HuwbbrHAkVSrhrpJKVTYMt2tBGdcM9QgU/dy5F0o07Vb23COQG/sqr/ImX8wSnjIvjW/yDHaKtEcy3sbvtqqRXiI8R8wfMctCPjUnl7OhaDPMWDy8sAefApCs1W5InafT6TYkooCg== ry@apollyon diff --git a/roles/base/files/keys/sachac b/roles/base/files/keys/sachac new file mode 100644 index 0000000..999b59c --- /dev/null +++ b/roles/base/files/keys/sachac @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK0Vg112xS0SAuCutincht2LWs+2jC8EWC19Irotv8M0ztzLf6wmXEw0xoB8D78LKzXGC/gFcIvYzsNezHFpU5PmlxYBRJkdOYH2zYfnlWQFpJKmk1OelTrugaRE4HywXurf6q6Sot5hzbzPmCWgOlBZshnkDXMAyPCfYvL+RcwTRJWiaiGwwDHlfHCkebr4cwypRQ7Nl2kKajdp4wZXwbuP64pPNMmftZEMEM910w3zPnzQTil4IuLSiVC8K7TSk6xsnrsk10Y6zfoaHkZ71OD58rqPPFqeHYDj8SAvp6W4hHwakbf+r8nfRfr8Tc+gtCf0B6a4Y050OI5FxHlmjh +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyMf4V8eCzYNEde8xG4tIJPBv8NwoTzyRG9O5+Bl69osaHV7OZQz81wXil1qZ/xrUu6fc5jMkxq7j5KCCs2MF6gMq12UKe9ESKYe5i+jFL7+V6JNQqcjLcyaEfEFtFCJ95nWCQWpXrMPijvpB3+YxLspFOTz8ZJsGENXU+Rkz5EIdx2VTgHUbddCjE5jndIO58uPKmR4EpMeUWxb20xYLpOwM14aGF/ERVjI++dIwu7mc21kxg42HJjRA/NRV48IxrGl57KKzl7qtMrqwp+ucoLWw4PdqHk4/tApjmrgLiJzLpSZx/4LL3mHTg3I6w9fC5yTgk3k6rJFomb2Jbboxx diff --git a/roles/base/files/keys/zaeph b/roles/base/files/keys/zaeph new file mode 100644 index 0000000..33d3fa4 --- /dev/null +++ b/roles/base/files/keys/zaeph @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxla020OSOgCfbCekmMMEFNmuUicibIo7eotqONcJDB diff --git a/roles/base/files/sshd_config b/roles/base/files/sshd_config new file mode 100644 index 0000000..0060c33 --- /dev/null +++ b/roles/base/files/sshd_config @@ -0,0 +1,16 @@ +Include /etc/ssh/sshd_config.d/*.conf +Port 46668 + +LoginGraceTime 2m +AllowAgentForwarding yes +X11Forwarding yes +PermitRootLogin prohibit-password +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication no +UsePAM yes +PrintMotd no +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/ssh/sftp-server + +AllowUsers opalvaults ansible bandali zaeph sachac dragestil cairn diff --git a/roles/base/files/sudoers.d/10_ansible b/roles/base/files/sudoers.d/10_ansible new file mode 100644 index 0000000..80053e5 --- /dev/null +++ b/roles/base/files/sudoers.d/10_ansible @@ -0,0 +1 @@ +ansible ALL = (ALL) NOPASSWD: ALL diff --git a/roles/base/files/sudoers.d/20_admin b/roles/base/files/sudoers.d/20_admin new file mode 100644 index 0000000..71b74c3 --- /dev/null +++ b/roles/base/files/sudoers.d/20_admin @@ -0,0 +1 @@ +%admin ALL=(ALL) ALL diff --git a/roles/base/files/sudoers.d/30_org_admin b/roles/base/files/sudoers.d/30_org_admin new file mode 100644 index 0000000..f855569 --- /dev/null +++ b/roles/base/files/sudoers.d/30_org_admin @@ -0,0 +1,3 @@ +sachac ALL=(ALL) /usr/bin/apt +zaeph ALL=(ALL) /usr/bin/apt +dragestil ALL=(ALL) /usr/bin/apt diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml new file mode 100644 index 0000000..8d2280b --- /dev/null +++ b/roles/base/tasks/main.yml @@ -0,0 +1,54 @@ +--- +# User & Group Creation +- name: create groups + group: + name: "{{ item.value.group }}" + state: "{{ item.value.state }}" + loop: "{{ init_users | dict2items }}" + +- name: create users + user: + name: "{{ item.value.name }}" + group: "{{ item.value.group }}" + groups: "{{ item.value.groups }}" + create_home: "{{ item.value.create_home }}" + state: "{{ item.value.state }}" + shell: "{{ item.value.shell }}" + loop: "{{ init_users | dict2items }}" + +# SSH Initial Setup +- name: create .ssh dirs + file: + path: "/home/{{ item.value.name }}/.ssh" + state: directory + mode: 0700 + owner: "{{ item.value.name }}" + group: "{{ item.value.group }}" + loop: "{{ init_users | dict2items }}" + + +- name: Copy keys to users + authorized_key: + user: "{{ item.value.name }}" + state: present + key: "{{ lookup('file', 'keys/{{ item.value.name }}') }}" + loop: "{{ init_users | dict2items }}" + + +- name: Copy custom sshd_config + copy: + src: sshd_config + dest: "/etc/ssh/sshd_config.d/emacsconf_ssh.conf" + mode: 0644 + owner: root + group: root + +# Sudoers +- name: sudoers.d entries + copy: + src: "sudoers.d/" + dest: "/etc/sudoers.d/" + mode: 0440 + owner: root + group: root + force: no diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml new file mode 100644 index 0000000..927d641 --- /dev/null +++ b/roles/base/vars/main.yml @@ -0,0 +1,55 @@ +--- +init_users: + opal: + name: opal + group: opal + groups: admin,org-admin + state: present + shell: /bin/bash + create_home: true + bandali: + name: bandali + group: bandali + groups: admin,org-admin + state: present + shell: /bin/bash + create_home: true + sachac: + name: sachac + group: sachac + groups: org-admin + state: present + shell: /bin/bash + create_home: true + zaeph: + name: zaeph + group: zaeph + groups: org-admin + state: present + shell: /bin/bash + create_home: true + cairn: + name: cairn + group: cairn + groups: org-admin + state: present + shell: /bin/bash + create_home: true + dragestil: + name: dragestil + group: dragestil + groups: org-admin + state: present + shell: /bin/bash + create_home: true + +sudoers_files: + - sudoers.d/10_ansible + - sudoers.d/20_org_admin + - sudoers.d/30_admin + +packages: + - git + - vim + - emacs + - nano diff --git a/pad-proxy/defaults/main.yml b/roles/pad-proxy/defaults/main.yml index cec03da..cec03da 100644 --- a/pad-proxy/defaults/main.yml +++ b/roles/pad-proxy/defaults/main.yml diff --git a/pad-proxy/handlers/main.yml b/roles/pad-proxy/handlers/main.yml index e01a9d0..e01a9d0 100644 --- a/pad-proxy/handlers/main.yml +++ b/roles/pad-proxy/handlers/main.yml diff --git a/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml index 8de72df..8de72df 100644 --- a/pad-proxy/tasks/main.yml +++ b/roles/pad-proxy/tasks/main.yml diff --git a/pad-proxy/templates/etherpad.nginx.conf b/roles/pad-proxy/templates/etherpad.nginx.conf index 90a7c1c..90a7c1c 100644 --- a/pad-proxy/templates/etherpad.nginx.conf +++ b/roles/pad-proxy/templates/etherpad.nginx.conf diff --git a/pad-proxy/templates/wikimedia.etherpad.nginx.conf b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf index 2288c65..2288c65 100644 --- a/pad-proxy/templates/wikimedia.etherpad.nginx.conf +++ b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf diff --git a/pad/README.md b/roles/pad/README.md index 7ddc2d4..7ddc2d4 100644 --- a/pad/README.md +++ b/roles/pad/README.md diff --git a/pad/defaults/main.yml b/roles/pad/defaults/main.yml index 9d2e294..9d2e294 100644 --- a/pad/defaults/main.yml +++ b/roles/pad/defaults/main.yml diff --git a/pad/tasks/loadtest.yml b/roles/pad/tasks/loadtest.yml index 28deefc..28deefc 100644 --- a/pad/tasks/loadtest.yml +++ b/roles/pad/tasks/loadtest.yml diff --git a/pad/tasks/main.yml b/roles/pad/tasks/main.yml index 01b2da7..01b2da7 100644 --- a/pad/tasks/main.yml +++ b/roles/pad/tasks/main.yml diff --git a/pad/tasks/mariadb.yml b/roles/pad/tasks/mariadb.yml index ec81430..ec81430 100644 --- a/pad/tasks/mariadb.yml +++ b/roles/pad/tasks/mariadb.yml diff --git a/pad/templates/etherpad.init.d b/roles/pad/templates/etherpad.init.d index 420ae27..420ae27 100755 --- a/pad/templates/etherpad.init.d +++ b/roles/pad/templates/etherpad.init.d diff --git a/pad/templates/etherpad.service b/roles/pad/templates/etherpad.service index f8e947d..f8e947d 100644 --- a/pad/templates/etherpad.service +++ b/roles/pad/templates/etherpad.service diff --git a/pad/templates/loadtest.settings.json b/roles/pad/templates/loadtest.settings.json index 4e64cba..4e64cba 100644 --- a/pad/templates/loadtest.settings.json +++ b/roles/pad/templates/loadtest.settings.json diff --git a/pad/templates/settings.json b/roles/pad/templates/settings.json index 08b46dc..08b46dc 100644 --- a/pad/templates/settings.json +++ b/roles/pad/templates/settings.json diff --git a/pad/vars/main.yml b/roles/pad/vars/main.yml index 981efa9..981efa9 100644 --- a/pad/vars/main.yml +++ b/roles/pad/vars/main.yml diff --git a/wiki-edit/defaults/main.yml b/roles/wiki-edit/defaults/main.yml index ea0fbdb..ea0fbdb 100644 --- a/wiki-edit/defaults/main.yml +++ b/roles/wiki-edit/defaults/main.yml diff --git a/wiki-edit/tasks/main.yaml b/roles/wiki-edit/tasks/main.yaml index f77535f..f77535f 100644 --- a/wiki-edit/tasks/main.yaml +++ b/roles/wiki-edit/tasks/main.yaml diff --git a/wiki-edit/templates/emacsconf-edit.el b/roles/wiki-edit/templates/emacsconf-edit.el index 78e11a8..78e11a8 100644 --- a/wiki-edit/templates/emacsconf-edit.el +++ b/roles/wiki-edit/templates/emacsconf-edit.el diff --git a/wiki-publish/defaults/main.yml b/roles/wiki-publish/defaults/main.yml index c6ca568..c6ca568 100644 --- a/wiki-publish/defaults/main.yml +++ b/roles/wiki-publish/defaults/main.yml diff --git a/wiki-publish/tasks/main.yml b/roles/wiki-publish/tasks/main.yml index 897cecc..897cecc 100644 --- a/wiki-publish/tasks/main.yml +++ b/roles/wiki-publish/tasks/main.yml diff --git a/wiki-publish/templates/emacsconf-config.el b/roles/wiki-publish/templates/emacsconf-config.el index 53ffe64..53ffe64 100644 --- a/wiki-publish/templates/emacsconf-config.el +++ b/roles/wiki-publish/templates/emacsconf-config.el diff --git a/wiki/defaults/main.yml b/roles/wiki/defaults/main.yml index 421427c..421427c 100644 --- a/wiki/defaults/main.yml +++ b/roles/wiki/defaults/main.yml diff --git a/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml index 1a759a4..1a759a4 100644 --- a/wiki/tasks/docker.yml +++ b/roles/wiki/tasks/docker.yml diff --git a/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml index 35c297d..35c297d 100644 --- a/wiki/tasks/main.yml +++ b/roles/wiki/tasks/main.yml diff --git a/wiki/templates/Scrubber.pm b/roles/wiki/templates/Scrubber.pm index 2efaa10..2efaa10 100644 --- a/wiki/templates/Scrubber.pm +++ b/roles/wiki/templates/Scrubber.pm diff --git a/wiki/templates/copyright.pm b/roles/wiki/templates/copyright.pm index 16acacc..16acacc 100644 --- a/wiki/templates/copyright.pm +++ b/roles/wiki/templates/copyright.pm diff --git a/wiki/templates/emacsconf.setup b/roles/wiki/templates/emacsconf.setup index 7ab3916..7ab3916 100644 --- a/wiki/templates/emacsconf.setup +++ b/roles/wiki/templates/emacsconf.setup diff --git a/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm index 4cbf300..4cbf300 100755 --- a/wiki/templates/htmlscrubber.pm +++ b/roles/wiki/templates/htmlscrubber.pm diff --git a/wiki/templates/license.pm b/roles/wiki/templates/license.pm index 651c039..651c039 100644 --- a/wiki/templates/license.pm +++ b/roles/wiki/templates/license.pm diff --git a/wiki/templates/supervisord.conf b/roles/wiki/templates/supervisord.conf index 4df613a..4df613a 100644 --- a/wiki/templates/supervisord.conf +++ b/roles/wiki/templates/supervisord.conf |