| author | Luke Hoersten <luke@hoersten.org> |
| Sat, 15 Feb 2020 16:15:13 -0600 | |
| changeset 10 | 524cf40846b3 |
| parent 7 | dc3fca0131a7 |
| child 13 | c74df4bbd49d |
| permissions | -rw-r--r-- |
|
0
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
1 |
--- |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
2 |
|
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
3 |
- name: turn swap off |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
4 |
become: yes |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
5 |
command: "swapoff -a" |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
6 |
changed_when: false |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
7 |
|
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
8 |
- name: remove swap apt package |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
9 |
become: yes |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
10 |
apt: state="absent" name="dphys-swapfile" |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
11 |
|
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
12 |
- name: add log2ram apt key |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
13 |
become: yes |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
14 |
apt_key: url="https://azlux.fr/repo.gpg.key" |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
15 |
|
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
16 |
- name: add log2ram apt repo |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
17 |
become: yes |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
18 |
apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main" |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
19 |
|
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
20 |
- name: set timezone |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
21 |
become: yes |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
22 |
timezone: name="{{rpi_base_timezone}}" |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
23 |
|
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
24 |
- name: setup wifi |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
25 |
become: yes |
|
7
dc3fca0131a7
Updated some permissions on conf files
Luke Hoersten <luke@hoersten.org>
parents:
3
diff
changeset
|
26 |
template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0600" |
|
0
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
27 |
|
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
28 |
- name: update apt package cache |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
29 |
become: yes |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
30 |
apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600" |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
31 |
|
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
32 |
- name: install extra apt packages |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
33 |
become: yes |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
34 |
apt: name="{{rpi_base_apt_packages}}" state="latest" |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
35 |
|
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
36 |
- name: install fail2ban config |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
37 |
become: yes |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
38 |
copy: src="jail.local" dest="/etc/fail2ban/jail.local" |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
39 |
|
|
10
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
40 |
- name: add users |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
41 |
become: yes |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
42 |
user: |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
43 |
name: "{{admin_user_name}}" |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
44 |
password: "{{admin_user_password}}" |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
45 |
groups: "sudo,users" |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
46 |
append: yes |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
47 |
|
|
0
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
48 |
- name: authorize admin ssh keys |
|
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
49 |
become: yes |
|
10
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
50 |
authorized_key: user="{{admin_user_name}}" key="https://github.com/{{github_user}}.keys" |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
51 |
|
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
52 |
- name: authorize pi ssh keys |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
53 |
become: yes |
|
0
df042396074e
Opensourcing raspberry pi roles.
Luke Hoersten <luke@hoersten.org>
parents:
diff
changeset
|
54 |
authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys" |
|
10
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
55 |
|
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
56 |
- name: nopasswd sudo for admin user |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
57 |
become: yes |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
58 |
template: |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
59 |
src: "010_admin-nopasswd" |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
60 |
dest: "/etc/sudoers.d/010_admin-nopasswd" |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
61 |
|
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
62 |
- name: disable ssh password login |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
63 |
become: yes |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
64 |
lineinfile: |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
65 |
path: "/etc/ssh/sshd_config" |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
66 |
regexp: "^PasswordAuthentication" |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
67 |
insertafter: "^#PasswordAuthentication" |
|
524cf40846b3
Added better use for admin user.
Luke Hoersten <luke@hoersten.org>
parents:
7
diff
changeset
|
68 |
line: "PasswordAuthentication no" |