From a287e741842f67d0a04c48276221d85f16079d55 Mon Sep 17 00:00:00 2001 From: Opal <847966@proton.me> Date: Sat, 15 Oct 2022 15:27:41 -0700 Subject: merging code between old emacsconf repo, to sachac's emacsconf repo --- roles/base/files/keys/bandali | 1 + roles/base/files/keys/cairn | 1 + roles/base/files/keys/dragestil | 1 + roles/base/files/keys/opal | 2 ++ roles/base/files/keys/sachac | 2 ++ roles/base/files/keys/zaeph | 1 + roles/base/files/sshd_config | 16 ++++++++++ roles/base/files/sudoers.d/10_ansible | 1 + roles/base/files/sudoers.d/20_admin | 1 + roles/base/files/sudoers.d/30_org_admin | 3 ++ roles/base/tasks/main.yml | 54 ++++++++++++++++++++++++++++++++ roles/base/vars/main.yml | 55 +++++++++++++++++++++++++++++++++ 12 files changed, 138 insertions(+) create mode 100644 roles/base/files/keys/bandali create mode 100644 roles/base/files/keys/cairn create mode 100644 roles/base/files/keys/dragestil create mode 100644 roles/base/files/keys/opal create mode 100644 roles/base/files/keys/sachac create mode 100644 roles/base/files/keys/zaeph create mode 100644 roles/base/files/sshd_config create mode 100644 roles/base/files/sudoers.d/10_ansible create mode 100644 roles/base/files/sudoers.d/20_admin create mode 100644 roles/base/files/sudoers.d/30_org_admin create mode 100644 roles/base/tasks/main.yml create mode 100644 roles/base/vars/main.yml (limited to 'roles/base') diff --git a/roles/base/files/keys/bandali b/roles/base/files/keys/bandali new file mode 100644 index 0000000..e50d913 --- /dev/null +++ b/roles/base/files/keys/bandali @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0St/clKIWYQMvrVwxs2f3bKapNnu6DmsRxitFfsGMN bandali@gnu.org diff --git a/roles/base/files/keys/cairn b/roles/base/files/keys/cairn new file mode 100644 index 0000000..6bd04bd --- /dev/null +++ b/roles/base/files/keys/cairn @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK7g0qqt0yIKwozCc+ogKiTzK5iwA3nXFHnlvhJfiEZUKiCcl9PN0O+50h8+rFrva27NxE8OEhCPCV9Ug+K8+Z4ikVbIYEBbgF4+GOtW6R7Ktota2Y+6c5DZfoq2vFNOI5cL1OkQUrQhVa+fIjb9zh2L9YgJIsBv/850HlYLS4DPMqyWo7SsMNFA2BIm/rL/U/fqjr4IJ/uxGa3cwM6zixqfozQShxULvz6BxVpe+yPp0yj+mau9DJEs18ZNoeC4vqzXq73hsth2RisXq389foWNRKrAMzcajw8EW7MRd4srRnlr6APt2ZH/vQ6EcTBNyWqEv2KJ4KVZLgg0QHyQBb cairn@starfighter diff --git a/roles/base/files/keys/dragestil b/roles/base/files/keys/dragestil new file mode 100644 index 0000000..5bc093f --- /dev/null +++ b/roles/base/files/keys/dragestil @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvPOtgcm5ptn8l+/YLAJEqVeT801btqFOf9gE9BLGDh yuchen@melb diff --git a/roles/base/files/keys/opal b/roles/base/files/keys/opal new file mode 100644 index 0000000..eeb5e3c --- /dev/null +++ b/roles/base/files/keys/opal @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChD6zcTYv5hpl9YRSetz1uQzQfOkzOQZNna0Mvzqt5mzptdthe6ZNHKchto5tpby5iVxwGTPiHcWs0VlnnDG/VX/a5p28qs2595MZizv6McqInr1kLj3w+gbJpPRqaL0GGtlCZhIYyv1MRFhkemdSzLAo4/Noj7z3b+z6tsnsIr/qJvpoUt0tdsrgMlHOHkqZsnQICNah+ugQAOQzCkZCW7E3hSMtal412eNIaX8TiB686N2VigMOOUxg6NNbo/dRFq5IMA48hBNJpzeS4zz1gMXv6hSCRPcBJ5aFt+O6T7VOXdTAlC88+zu6c554kacyhVB/4tWGmnf1ZaK4kD8Un ry@nocry +ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGTI8v3jrhi/HS9RIudSrVg7WFBcvCiRj90q3Qa8HuwbbrHAkVSrhrpJKVTYMt2tBGdcM9QgU/dy5F0o07Vb23COQG/sqr/ImX8wSnjIvjW/yDHaKtEcy3sbvtqqRXiI8R8wfMctCPjUnl7OhaDPMWDy8sAefApCs1W5InafT6TYkooCg== ry@apollyon diff --git a/roles/base/files/keys/sachac b/roles/base/files/keys/sachac new file mode 100644 index 0000000..999b59c --- /dev/null +++ b/roles/base/files/keys/sachac @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK0Vg112xS0SAuCutincht2LWs+2jC8EWC19Irotv8M0ztzLf6wmXEw0xoB8D78LKzXGC/gFcIvYzsNezHFpU5PmlxYBRJkdOYH2zYfnlWQFpJKmk1OelTrugaRE4HywXurf6q6Sot5hzbzPmCWgOlBZshnkDXMAyPCfYvL+RcwTRJWiaiGwwDHlfHCkebr4cwypRQ7Nl2kKajdp4wZXwbuP64pPNMmftZEMEM910w3zPnzQTil4IuLSiVC8K7TSk6xsnrsk10Y6zfoaHkZ71OD58rqPPFqeHYDj8SAvp6W4hHwakbf+r8nfRfr8Tc+gtCf0B6a4Y050OI5FxHlmjh +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyMf4V8eCzYNEde8xG4tIJPBv8NwoTzyRG9O5+Bl69osaHV7OZQz81wXil1qZ/xrUu6fc5jMkxq7j5KCCs2MF6gMq12UKe9ESKYe5i+jFL7+V6JNQqcjLcyaEfEFtFCJ95nWCQWpXrMPijvpB3+YxLspFOTz8ZJsGENXU+Rkz5EIdx2VTgHUbddCjE5jndIO58uPKmR4EpMeUWxb20xYLpOwM14aGF/ERVjI++dIwu7mc21kxg42HJjRA/NRV48IxrGl57KKzl7qtMrqwp+ucoLWw4PdqHk4/tApjmrgLiJzLpSZx/4LL3mHTg3I6w9fC5yTgk3k6rJFomb2Jbboxx diff --git a/roles/base/files/keys/zaeph b/roles/base/files/keys/zaeph new file mode 100644 index 0000000..33d3fa4 --- /dev/null +++ b/roles/base/files/keys/zaeph @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxla020OSOgCfbCekmMMEFNmuUicibIo7eotqONcJDB diff --git a/roles/base/files/sshd_config b/roles/base/files/sshd_config new file mode 100644 index 0000000..0060c33 --- /dev/null +++ b/roles/base/files/sshd_config @@ -0,0 +1,16 @@ +Include /etc/ssh/sshd_config.d/*.conf +Port 46668 + +LoginGraceTime 2m +AllowAgentForwarding yes +X11Forwarding yes +PermitRootLogin prohibit-password +AuthorizedKeysFile .ssh/authorized_keys +PasswordAuthentication no +UsePAM yes +PrintMotd no +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/ssh/sftp-server + +AllowUsers opalvaults ansible bandali zaeph sachac dragestil cairn diff --git a/roles/base/files/sudoers.d/10_ansible b/roles/base/files/sudoers.d/10_ansible new file mode 100644 index 0000000..80053e5 --- /dev/null +++ b/roles/base/files/sudoers.d/10_ansible @@ -0,0 +1 @@ +ansible ALL = (ALL) NOPASSWD: ALL diff --git a/roles/base/files/sudoers.d/20_admin b/roles/base/files/sudoers.d/20_admin new file mode 100644 index 0000000..71b74c3 --- /dev/null +++ b/roles/base/files/sudoers.d/20_admin @@ -0,0 +1 @@ +%admin ALL=(ALL) ALL diff --git a/roles/base/files/sudoers.d/30_org_admin b/roles/base/files/sudoers.d/30_org_admin new file mode 100644 index 0000000..f855569 --- /dev/null +++ b/roles/base/files/sudoers.d/30_org_admin @@ -0,0 +1,3 @@ +sachac ALL=(ALL) /usr/bin/apt +zaeph ALL=(ALL) /usr/bin/apt +dragestil ALL=(ALL) /usr/bin/apt diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml new file mode 100644 index 0000000..8d2280b --- /dev/null +++ b/roles/base/tasks/main.yml @@ -0,0 +1,54 @@ +--- +# User & Group Creation +- name: create groups + group: + name: "{{ item.value.group }}" + state: "{{ item.value.state }}" + loop: "{{ init_users | dict2items }}" + +- name: create users + user: + name: "{{ item.value.name }}" + group: "{{ item.value.group }}" + groups: "{{ item.value.groups }}" + create_home: "{{ item.value.create_home }}" + state: "{{ item.value.state }}" + shell: "{{ item.value.shell }}" + loop: "{{ init_users | dict2items }}" + +# SSH Initial Setup +- name: create .ssh dirs + file: + path: "/home/{{ item.value.name }}/.ssh" + state: directory + mode: 0700 + owner: "{{ item.value.name }}" + group: "{{ item.value.group }}" + loop: "{{ init_users | dict2items }}" + + +- name: Copy keys to users + authorized_key: + user: "{{ item.value.name }}" + state: present + key: "{{ lookup('file', 'keys/{{ item.value.name }}') }}" + loop: "{{ init_users | dict2items }}" + + +- name: Copy custom sshd_config + copy: + src: sshd_config + dest: "/etc/ssh/sshd_config.d/emacsconf_ssh.conf" + mode: 0644 + owner: root + group: root + +# Sudoers +- name: sudoers.d entries + copy: + src: "sudoers.d/" + dest: "/etc/sudoers.d/" + mode: 0440 + owner: root + group: root + force: no diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml new file mode 100644 index 0000000..927d641 --- /dev/null +++ b/roles/base/vars/main.yml @@ -0,0 +1,55 @@ +--- +init_users: + opal: + name: opal + group: opal + groups: admin,org-admin + state: present + shell: /bin/bash + create_home: true + bandali: + name: bandali + group: bandali + groups: admin,org-admin + state: present + shell: /bin/bash + create_home: true + sachac: + name: sachac + group: sachac + groups: org-admin + state: present + shell: /bin/bash + create_home: true + zaeph: + name: zaeph + group: zaeph + groups: org-admin + state: present + shell: /bin/bash + create_home: true + cairn: + name: cairn + group: cairn + groups: org-admin + state: present + shell: /bin/bash + create_home: true + dragestil: + name: dragestil + group: dragestil + groups: org-admin + state: present + shell: /bin/bash + create_home: true + +sudoers_files: + - sudoers.d/10_ansible + - sudoers.d/20_org_admin + - sudoers.d/30_admin + +packages: + - git + - vim + - emacs + - nano -- cgit v1.2.3