From 2803c0aaea6f3bbbb31e46063931af66f0b5ad91 Mon Sep 17 00:00:00 2001 From: Geno Date: Thu, 17 Sep 2020 00:14:54 +0000 Subject: [PATCH] Add default setup for debian (HACKY/WIP) --- debian.yml | 5 ++ roles/debian/handlers/main.yml | 6 ++ roles/debian/tasks/main.yml | 82 ++++++++++++++++++++++++++ roles/debian/templates/systemd.network | 25 ++++++++ 4 files changed, 118 insertions(+) create mode 100644 debian.yml create mode 100644 roles/debian/handlers/main.yml create mode 100644 roles/debian/tasks/main.yml create mode 100644 roles/debian/templates/systemd.network diff --git a/debian.yml b/debian.yml new file mode 100644 index 0000000..a80ff5f --- /dev/null +++ b/debian.yml @@ -0,0 +1,5 @@ +--- +- hosts: debian + become: yes + roles: + - debian diff --git a/roles/debian/handlers/main.yml b/roles/debian/handlers/main.yml new file mode 100644 index 0000000..9ca5259 --- /dev/null +++ b/roles/debian/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: reload sshd + service: name=sshd state=reloaded + +- name: restart network + service: name=systemd-networkd state=restarted diff --git a/roles/debian/tasks/main.yml b/roles/debian/tasks/main.yml new file mode 100644 index 0000000..8f1119b --- /dev/null +++ b/roles/debian/tasks/main.yml @@ -0,0 +1,82 @@ +--- +- name: Install defaults + package: + name: + - zsh + +- name: Download .zshrc from grml + get_url: + url: https://raw.githubusercontent.com/grml/grml-etc-core/v0.12.5/etc/zsh/zshrc + dest: /etc/zsh/zshrc + checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce + validate_certs: false + +- name: ssh publickey + authorized_key: + user: root + state: present + key: "{{ default_root_ssh_publickey }}" + +- name: Update SSH configuration + notify: reload sshd + replace: + dest: /etc/ssh/sshd_config + regexp: '^([\#\s]*)?{{ item.key }}\s+([\w_-]+)' + replace: "{{item.key}} {{item.value}}" + with_items: + - key: PermitRootLogin + value: without-password + - key: PasswordAuthentication + value: 'no' + - key: ChallengeResponseAuthentication + value: 'no' + - key: PrintLastLog + value: 'yes' + - key: UseDNS + value: 'no' + +- name: Change shell of user root + user: + name: root + shell: /usr/bin/zsh + +- name: Enable sshd + systemd: + name: sshd + enabled: yes + state: started + +- name: Configure Network + notify: restart network + when: ipv4 is defined or ipv6 is defined + template: + src: systemd.network + dest: /etc/systemd/network/main.network + owner: root + mode: 644 + +- name: enable systemd-networkd + notify: restart network + systemd: + name: systemd-networkd + state: started + enabled: yes + +- name: disable networking + systemd: + name: networking + state: stopped + enabled: no + +- name: start systemd-resolved + systemd: + name: systemd-resolved + state: started + enabled: yes + +- name: symling /etc/resolve + file: + src: /run/systemd/resolve/stub-resolv.conf + dest: /etc/resolv.conf + state: link + force: yes diff --git a/roles/debian/templates/systemd.network b/roles/debian/templates/systemd.network new file mode 100644 index 0000000..68e67ad --- /dev/null +++ b/roles/debian/templates/systemd.network @@ -0,0 +1,25 @@ +# {{ ansible_managed }} +[Match] +Name=e* + +{% if dns is defined %} +[Network] +DNS={{ dns }} +{% endif %} + +{% if ipv4 is defined %} +[Address] +Address={{ipv4}} +{% if ipv4.split("/")[1] is equalto "32" %} +Peer={{ipv4Yroute}}/32 +{% endif %} + +[Route] +Gateway={{ipv4route}} +{% endif %} + +{% if ipv6 is defined %} +[Network] +Address={{ipv6}} +Gateway={{ipv6route}} +{% endif %}