Add default setup for debian (HACKY/WIP)

2020-09-17 00:14:54 +00:00 · 2020-09-17 00:14:54 +00:00 · 2803c0aaea
parent dbe4a55f73
commit 2803c0aaea
4 changed files with 118 additions and 0 deletions
--- a/debian.yml
+++ b/debian.yml
@ -0,0 +1,5 @@
+---
+- hosts: debian
+  become: yes
+  roles:
+    - debian
--- a/roles/debian/handlers/main.yml
+++ b/roles/debian/handlers/main.yml
@ -0,0 +1,6 @@
+---
+- name: reload sshd
+  service: name=sshd state=reloaded
+
+- name: restart network
+  service: name=systemd-networkd state=restarted
--- a/roles/debian/tasks/main.yml
+++ b/roles/debian/tasks/main.yml
@ -0,0 +1,82 @@
+---
+- name: Install defaults
+  package:
+    name:
+    - zsh
+
+- name: Download .zshrc from grml
+  get_url:
+    url: https://raw.githubusercontent.com/grml/grml-etc-core/v0.12.5/etc/zsh/zshrc
+    dest: /etc/zsh/zshrc
+    checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce
+    validate_certs: false
+
+- name: ssh publickey
+  authorized_key:
+    user: root
+    state: present
+    key: "{{ default_root_ssh_publickey }}"
+
+- name: Update SSH configuration
+  notify: reload sshd
+  replace:
+    dest: /etc/ssh/sshd_config
+    regexp: '^([\#\s]*)?{{ item.key }}\s+([\w_-]+)'
+    replace: "{{item.key}} {{item.value}}"
+  with_items:
+  - key: PermitRootLogin
+    value: without-password
+  - key: PasswordAuthentication
+    value: 'no'
+  - key: ChallengeResponseAuthentication
+    value: 'no'
+  - key: PrintLastLog
+    value: 'yes'
+  - key: UseDNS
+    value: 'no'
+
+- name: Change shell of user root
+  user:
+    name: root
+    shell: /usr/bin/zsh
+
+- name: Enable sshd
+  systemd:
+    name: sshd
+    enabled: yes
+    state: started
+
+- name: Configure Network
+  notify: restart network
+  when: ipv4 is defined or ipv6 is defined
+  template:
+    src: systemd.network
+    dest: /etc/systemd/network/main.network
+    owner: root
+    mode: 644
+
+- name: enable systemd-networkd
+  notify: restart network
+  systemd:
+    name: systemd-networkd
+    state: started
+    enabled: yes
+
+- name: disable networking
+  systemd:
+    name: networking
+    state: stopped
+    enabled: no
+
+- name: start systemd-resolved
+  systemd:
+    name: systemd-resolved
+    state: started
+    enabled: yes
+
+- name: symling /etc/resolve
+  file:
+    src: /run/systemd/resolve/stub-resolv.conf
+    dest: /etc/resolv.conf
+    state: link
+    force: yes
--- a/roles/debian/templates/systemd.network
+++ b/roles/debian/templates/systemd.network
@ -0,0 +1,25 @@
+# {{ ansible_managed }}
+[Match]
+Name=e*
+
+{% if dns is defined %}
+[Network]
+DNS={{ dns }}
+{% endif %}
+
+{% if ipv4 is defined %}
+[Address]
+Address={{ipv4}}
+{% if ipv4.split("/")[1] is equalto "32" %}
+Peer={{ipv4Yroute}}/32
+{% endif %}
+
+[Route]
+Gateway={{ipv4route}}
+{% endif %}
+
+{% if ipv6 is defined %}
+[Network]
+Address={{ipv6}}
+Gateway={{ipv6route}}
+{% endif %}