diff --git a/ANSIBLE/ansible.cfg b/ANSIBLE/ansible.cfg index 018c8ef..4c4e766 100644 --- a/ANSIBLE/ansible.cfg +++ b/ANSIBLE/ansible.cfg @@ -1,3 +1,3 @@ [defaults] -inventory = ./hosts +inventory = ./hosts.yaml remote_user = ubuntu diff --git a/ANSIBLE/group_vars/all.yaml b/ANSIBLE/group_vars/all.yaml new file mode 100644 index 0000000..b3ffaed --- /dev/null +++ b/ANSIBLE/group_vars/all.yaml @@ -0,0 +1,5 @@ +svc_acct_name: "ubuntu" +svc_acct_keys: + - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvM9FL5V14ciT6qOSMx4zk3+K7F1aXQh6YjO+KDu94q hbaxter@telos_digital" + - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAtUHnAtmjQd62/4edYxOCCSviJW7Wjn7TD/6eSYrXtRY87v9bAKYrPbUgWTQL+jMLFGCPzRoQCsEt/BZKoVASYzj9EQAatXFczYiXQQaBHlCEcRwtxYV5A2vjkAAmElwYtYAE8aKxDhFWPIlceB4DZ6x5pzlsztnaZKsLEs6PavEZ6UH/ubou6wSoBOWvFU1TZB1qwBfqD6QlkXJmjz7+Ci1MJSJ8kSAo9lFSPtE98pMfLG/NFAlYJSh4g7+qj8ghIGPFJxmmaHdvw/8+H1nY6kV38q4UoSjv9wnNeG+eOm/Uk8sUC/K9F777APRA4L7MjUrWY0m2fX8rMH+bTU/B1mdW/6o+/ooNXDPIjb6eKNpVC1cS/bP1z8Ki72pg7nbf8GRe3vN9kDj53HsDDzQ2WssOy6kt4Pq6qzUrco//VYQozNrSTfdV98mz1OzEhrq8qONvKz6rvurkne7hbfAcf0SyHM6bi1whzuuNw0gaGu0IoDNpH7HQsIxksRgwvdC9DWKA9V23piafL40OLQhAW1uqpCgO942zCGzCMiEB5OdjY/MakNU9LoQ9VQ2bJGrwLWDvudpzvYeaT70LQpnU9AEiO9fewBfVeFHX/02dFAffShp1hWso76A7Y9v5UaPmPKp/kJlhpQfDvgd6UY1w/MhkAiou9K/wm7bu0fwwZFE= telos@anothermouse.com" + - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOnTW/kBQfw/ET5luVvHeWl/tFo1BAJk86UWOGxLbNi30sr4uo+xkNTUvKK2wL+6sRs1MVXH2qxTXa8wG4BfdEZBBOej3I8ci3Yl1fqQV8PB0c/GifP5W1Gj6oZSGvKDAOweV2nr6QUx1BhA9nqg0LZaLt1vaa2d+fgW3R5qT0QKKx5fKEBT95fsjUI99Gi4EAT/VYcmDo/aDyl6crKI+/YRn+0cuq0vLoRpF3rYtBMnqXCobchoooA1W+vZauVh/l5IzgQaN2tTaM9WU8qUUt8j8YaPGMFszX2iZoI1gylF/mSXqP7htxH4KCy0g2AOnnK+8QN6GwHIkOfG6lGu1t nataliia.bobrova.s@gmail.com " \ No newline at end of file diff --git a/ANSIBLE/hosts b/ANSIBLE/hosts deleted file mode 100644 index e0d19a6..0000000 --- a/ANSIBLE/hosts +++ /dev/null @@ -1,8 +0,0 @@ -[web] -monitor.telos.digital - -[eoq] -eoq.telos.digital - -[monitor] -monitor.telos.digital diff --git a/ANSIBLE/hosts.yml b/ANSIBLE/hosts.yml new file mode 100644 index 0000000..460b169 --- /dev/null +++ b/ANSIBLE/hosts.yml @@ -0,0 +1,27 @@ +web: + hosts: + monitor.telos.digital: +eoq: + hosts: + eoq.telos.digital: + site_name: eoq.telos.digital + site_root: /var/www/html + admin_email: peter.edmond@telos.digital + php_version: 8.3 + #These are not used but can be used to customise the php-fpm environment if required. + php_upload_max_filesize: 20M + php_post_max_size: 25M + php_memory_limit: 128M + php_max_execution_time: 60 +monitor: + hosts: + monitor.telos.digital: + site_name: monitor.telos.digital + site_root: /var/www/html + admin_email: peter.edmond@telos.digital + php_version: 8.3 + #These are not used but can be used to customise the php-fpm environment if required. + php_upload_max_filesize: 20M + php_post_max_size: 25M + php_memory_limit: 128M + php_max_execution_time: 60 diff --git a/ANSIBLE/roles/svc_acct/defaults/main.yml b/ANSIBLE/roles/svc_acct/defaults/main.yml new file mode 100644 index 0000000..b94abc7 --- /dev/null +++ b/ANSIBLE/roles/svc_acct/defaults/main.yml @@ -0,0 +1,2 @@ +svc_acct_name: "root" +svc_acct_keys: "" \ No newline at end of file diff --git a/ANSIBLE/roles/svc_acct/tasks/main.yml b/ANSIBLE/roles/svc_acct/tasks/main.yml new file mode 100644 index 0000000..5c1d138 --- /dev/null +++ b/ANSIBLE/roles/svc_acct/tasks/main.yml @@ -0,0 +1,44 @@ +- name: Add Local User + user: + name: "{{ svc_acct_name }}" + comment: General Service Account + password_lock: true + shell: "/bin/bash" + create_home: true +- name: Wheel Group + when: ansible_facts['os_family'] == "RedHat" + user: + name: servicelink + groups: wheel + append: true +- name: sudo Group + when: ansible_facts['distribution'] == "Ubuntu" + user: + name: "{{ svc_acct_name }}" + groups: sudo + append: true +- name: Make servicelink sudo Passwordless + lineinfile: + path: /etc/sudoers + state: present + line: "{{ svc_acct_name }} ALL=(ALL) NOPASSWD: ALL" + validate: /usr/sbin/visudo -cf %s +- name: "Make .ssh dir" + file: + path: "/home/{{ svc_acct_name }}/.ssh/" + state: directory + owner: "{{ svc_acct_name }}" + group: "{{ svc_acct_name }}" + mode: "0700" +- name: Make Authorised Key + file: + path: "/home/{{ svc_acct_name }}/.ssh/authorized_keys" +# state: touch + owner: "{{ svc_acct_name }}" + group: "{{ svc_acct_name }}" + mode: "0600" +- name: Add Publickey + lineinfile: + path: "/home//{{ svc_acct_name }}/.ssh/authorized_keys" + line: "{{ item }}" + loop: "{{ svc_acct_keys }}" diff --git a/ANSIBLE/test.yml b/ANSIBLE/test.yml new file mode 100644 index 0000000..d85f3b3 --- /dev/null +++ b/ANSIBLE/test.yml @@ -0,0 +1,14 @@ +--- + +- name: Test roles + hosts: eoq + become: true + gather_facts: true + vars_files: + - group_vars/all.yaml + roles: + - svc_acct + tasks: + - ansible.builtin.debug: + msg: "Finished" + name: "Finished mgs"