# HG changeset patch # User Luke Hoersten # Date 1581272422 21600 # Node ID 0dc5400538ef55d59b7a53b4cd18d32f806cb42e # Parent 2556522a2a45a987f0b5bb08d04c2320e25e039f Base is rpi specific. diff -r 2556522a2a45 -r 0dc5400538ef base/defaults/main.yaml --- a/base/defaults/main.yaml Sun Feb 09 12:05:37 2020 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,13 +0,0 @@ ---- - -rpi_base_enable_wifi: True -rpi_base_timezone: "America/Chicago" -rpi_base_apt_packages: - - "log2ram" - - "fail2ban" - - "unattended-upgrades" - - "emacs-nox" - - "htop" - - "jq" - - "tree" - - "iperf3" diff -r 2556522a2a45 -r 0dc5400538ef base/files/jail.local --- a/base/files/jail.local Sun Feb 09 12:05:37 2020 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,10 +0,0 @@ -[ssh] - -enabled = true -port = ssh -filter = sshd -logpath = /var/log/auth.log -bantime = 900 -banaction = iptables-allports -findtime = 900 -maxretry = 3 diff -r 2556522a2a45 -r 0dc5400538ef base/tasks/main.yml --- a/base/tasks/main.yml Sun Feb 09 12:05:37 2020 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,42 +0,0 @@ ---- - -- name: turn swap off - become: yes - command: "swapoff -a" - changed_when: false - -- name: remove swap apt package - become: yes - apt: state="absent" name="dphys-swapfile" - -- name: add log2ram apt key - become: yes - apt_key: url="https://azlux.fr/repo.gpg.key" - -- name: add log2ram apt repo - become: yes - apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main" - -- name: set timezone - become: yes - timezone: name="{{rpi_base_timezone}}" - -- name: setup wifi - become: yes - template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0644" - -- name: update apt package cache - become: yes - apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600" - -- name: install extra apt packages - become: yes - apt: name="{{rpi_base_apt_packages}}" state="latest" - -- name: install fail2ban config - become: yes - copy: src="jail.local" dest="/etc/fail2ban/jail.local" - -- name: authorize admin ssh keys - become: yes - authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys" diff -r 2556522a2a45 -r 0dc5400538ef base/templates/wpa_supplicant.conf.j2 --- a/base/templates/wpa_supplicant.conf.j2 Sun Feb 09 12:05:37 2020 -0600 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,14 +0,0 @@ -# {{ansible_managed}} - -country=US -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev -update_config=1 -{% for network in wpa_networks %} - -network={ - ssid="{{network.ssid}}" - psk="{{network.psk}}" - disabled={% if rpi_base_enable_wifi %}0{% else %}1{% endif %} - -} -{% endfor %} diff -r 2556522a2a45 -r 0dc5400538ef rpi-base/defaults/main.yaml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/rpi-base/defaults/main.yaml Sun Feb 09 12:20:22 2020 -0600 @@ -0,0 +1,13 @@ +--- + +rpi_base_enable_wifi: True +rpi_base_timezone: "America/Chicago" +rpi_base_apt_packages: + - "log2ram" + - "fail2ban" + - "unattended-upgrades" + - "emacs-nox" + - "htop" + - "jq" + - "tree" + - "iperf3" diff -r 2556522a2a45 -r 0dc5400538ef rpi-base/files/jail.local --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/rpi-base/files/jail.local Sun Feb 09 12:20:22 2020 -0600 @@ -0,0 +1,10 @@ +[ssh] + +enabled = true +port = ssh +filter = sshd +logpath = /var/log/auth.log +bantime = 900 +banaction = iptables-allports +findtime = 900 +maxretry = 3 diff -r 2556522a2a45 -r 0dc5400538ef rpi-base/tasks/main.yml --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/rpi-base/tasks/main.yml Sun Feb 09 12:20:22 2020 -0600 @@ -0,0 +1,42 @@ +--- + +- name: turn swap off + become: yes + command: "swapoff -a" + changed_when: false + +- name: remove swap apt package + become: yes + apt: state="absent" name="dphys-swapfile" + +- name: add log2ram apt key + become: yes + apt_key: url="https://azlux.fr/repo.gpg.key" + +- name: add log2ram apt repo + become: yes + apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main" + +- name: set timezone + become: yes + timezone: name="{{rpi_base_timezone}}" + +- name: setup wifi + become: yes + template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0644" + +- name: update apt package cache + become: yes + apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600" + +- name: install extra apt packages + become: yes + apt: name="{{rpi_base_apt_packages}}" state="latest" + +- name: install fail2ban config + become: yes + copy: src="jail.local" dest="/etc/fail2ban/jail.local" + +- name: authorize admin ssh keys + become: yes + authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys" diff -r 2556522a2a45 -r 0dc5400538ef rpi-base/templates/wpa_supplicant.conf.j2 --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/rpi-base/templates/wpa_supplicant.conf.j2 Sun Feb 09 12:20:22 2020 -0600 @@ -0,0 +1,14 @@ +# {{ansible_managed}} + +country=US +ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev +update_config=1 +{% for network in wpa_networks %} + +network={ + ssid="{{network.ssid}}" + psk="{{network.psk}}" + disabled={% if rpi_base_enable_wifi %}0{% else %}1{% endif %} + +} +{% endfor %}