From a27d981110e0912920de133839d0186c42286029 Mon Sep 17 00:00:00 2001 From: Luke Hoersten Date: Sun, 9 Feb 2020 12:20:22 -0600 Subject: Base is rpi specific. --- base/defaults/main.yaml | 13 ---------- base/files/jail.local | 10 -------- base/tasks/main.yml | 42 ------------------------------- base/templates/wpa_supplicant.conf.j2 | 14 ----------- rpi-base/defaults/main.yaml | 13 ++++++++++ rpi-base/files/jail.local | 10 ++++++++ rpi-base/tasks/main.yml | 42 +++++++++++++++++++++++++++++++ rpi-base/templates/wpa_supplicant.conf.j2 | 14 +++++++++++ 8 files changed, 79 insertions(+), 79 deletions(-) delete mode 100644 base/defaults/main.yaml delete mode 100644 base/files/jail.local delete mode 100644 base/tasks/main.yml delete mode 100644 base/templates/wpa_supplicant.conf.j2 create mode 100644 rpi-base/defaults/main.yaml create mode 100644 rpi-base/files/jail.local create mode 100644 rpi-base/tasks/main.yml create mode 100644 rpi-base/templates/wpa_supplicant.conf.j2 diff --git a/base/defaults/main.yaml b/base/defaults/main.yaml deleted file mode 100644 index b26755a..0000000 --- a/base/defaults/main.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- - -rpi_base_enable_wifi: True -rpi_base_timezone: "America/Chicago" -rpi_base_apt_packages: - - "log2ram" - - "fail2ban" - - "unattended-upgrades" - - "emacs-nox" - - "htop" - - "jq" - - "tree" - - "iperf3" diff --git a/base/files/jail.local b/base/files/jail.local deleted file mode 100644 index a5cabc4..0000000 --- a/base/files/jail.local +++ /dev/null @@ -1,10 +0,0 @@ -[ssh] - -enabled = true -port = ssh -filter = sshd -logpath = /var/log/auth.log -bantime = 900 -banaction = iptables-allports -findtime = 900 -maxretry = 3 diff --git a/base/tasks/main.yml b/base/tasks/main.yml deleted file mode 100644 index 85045a5..0000000 --- a/base/tasks/main.yml +++ /dev/null @@ -1,42 +0,0 @@ ---- - -- name: turn swap off - become: yes - command: "swapoff -a" - changed_when: false - -- name: remove swap apt package - become: yes - apt: state="absent" name="dphys-swapfile" - -- name: add log2ram apt key - become: yes - apt_key: url="https://azlux.fr/repo.gpg.key" - -- name: add log2ram apt repo - become: yes - apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main" - -- name: set timezone - become: yes - timezone: name="{{rpi_base_timezone}}" - -- name: setup wifi - become: yes - template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0644" - -- name: update apt package cache - become: yes - apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600" - -- name: install extra apt packages - become: yes - apt: name="{{rpi_base_apt_packages}}" state="latest" - -- name: install fail2ban config - become: yes - copy: src="jail.local" dest="/etc/fail2ban/jail.local" - -- name: authorize admin ssh keys - become: yes - authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys" diff --git a/base/templates/wpa_supplicant.conf.j2 b/base/templates/wpa_supplicant.conf.j2 deleted file mode 100644 index c1312d0..0000000 --- a/base/templates/wpa_supplicant.conf.j2 +++ /dev/null @@ -1,14 +0,0 @@ -# {{ansible_managed}} - -country=US -ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev -update_config=1 -{% for network in wpa_networks %} - -network={ - ssid="{{network.ssid}}" - psk="{{network.psk}}" - disabled={% if rpi_base_enable_wifi %}0{% else %}1{% endif %} - -} -{% endfor %} diff --git a/rpi-base/defaults/main.yaml b/rpi-base/defaults/main.yaml new file mode 100644 index 0000000..b26755a --- /dev/null +++ b/rpi-base/defaults/main.yaml @@ -0,0 +1,13 @@ +--- + +rpi_base_enable_wifi: True +rpi_base_timezone: "America/Chicago" +rpi_base_apt_packages: + - "log2ram" + - "fail2ban" + - "unattended-upgrades" + - "emacs-nox" + - "htop" + - "jq" + - "tree" + - "iperf3" diff --git a/rpi-base/files/jail.local b/rpi-base/files/jail.local new file mode 100644 index 0000000..a5cabc4 --- /dev/null +++ b/rpi-base/files/jail.local @@ -0,0 +1,10 @@ +[ssh] + +enabled = true +port = ssh +filter = sshd +logpath = /var/log/auth.log +bantime = 900 +banaction = iptables-allports +findtime = 900 +maxretry = 3 diff --git a/rpi-base/tasks/main.yml b/rpi-base/tasks/main.yml new file mode 100644 index 0000000..85045a5 --- /dev/null +++ b/rpi-base/tasks/main.yml @@ -0,0 +1,42 @@ +--- + +- name: turn swap off + become: yes + command: "swapoff -a" + changed_when: false + +- name: remove swap apt package + become: yes + apt: state="absent" name="dphys-swapfile" + +- name: add log2ram apt key + become: yes + apt_key: url="https://azlux.fr/repo.gpg.key" + +- name: add log2ram apt repo + become: yes + apt_repository: repo="deb http://packages.azlux.fr/debian/ buster main" + +- name: set timezone + become: yes + timezone: name="{{rpi_base_timezone}}" + +- name: setup wifi + become: yes + template: src="wpa_supplicant.conf.j2" dest="/etc/wpa_supplicant/wpa_supplicant.conf" mode="0644" + +- name: update apt package cache + become: yes + apt: upgrade="dist" autoremove="yes" autoclean="yes" update_cache="yes" cache_valid_time="3600" + +- name: install extra apt packages + become: yes + apt: name="{{rpi_base_apt_packages}}" state="latest" + +- name: install fail2ban config + become: yes + copy: src="jail.local" dest="/etc/fail2ban/jail.local" + +- name: authorize admin ssh keys + become: yes + authorized_key: user="{{ansible_user}}" key="https://github.com/{{github_user}}.keys" diff --git a/rpi-base/templates/wpa_supplicant.conf.j2 b/rpi-base/templates/wpa_supplicant.conf.j2 new file mode 100644 index 0000000..c1312d0 --- /dev/null +++ b/rpi-base/templates/wpa_supplicant.conf.j2 @@ -0,0 +1,14 @@ +# {{ansible_managed}} + +country=US +ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev +update_config=1 +{% for network in wpa_networks %} + +network={ + ssid="{{network.ssid}}" + psk="{{network.psk}}" + disabled={% if rpi_base_enable_wifi %}0{% else %}1{% endif %} + +} +{% endfor %} -- cgit v1.2.3