setup-automation/user_setup.yml at master · torservers/setup-automation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
- hosts: all
  port: 22
  remote_user: root
  tasks:
      - name: Install sudo package
        action: apt pkg=sudo state=latest

      - name: Add sudo group
        action: group name=sudo state=present


      #
      # Exemplary user for Johannes, copy&paste for more
      #
      - name: Create user for johannes
        action: user name=johannes state=present groups=sudo shell=/bin/bash

      - name: Change password for johannes
        action: shell usermod -p `openssl passwd {{ lookup('password', 'account/'+host+'/johannes length=23') }}` johannes executable='/bin/bash'

      - name: Create .ssh folder for johannes
        action: file path=/home/johannes/.ssh/ state=directory owner=johannes

      - name: Copy SSH key for johannes
        action: authorized_key key="{{ lookup('file', 'keys/johannes.pub') }}"
            user=johannes

      #
      # End of per-user config
      #

      - name: Switch to torservers.net's recommended ssh config
        action: copy src=config/sshd_config dest=/etc/ssh/sshd_config backup=yes
        notify: restart ssh

      - name: Copy the iptables config to host
        action: copy src=config/iptables_rules dest=/etc/iptables.rules
            mode=600

      - name: Copy interface setup script
        action: copy src=config/iptables_script dest=/etc/network/if-pre-up.d/iptables
           mode=700

      - name: Activate iptables config
        shell: iptables-restore < /etc/iptables.rules

      - name: Test if still responds
        action: ping

      - name: Set hostname
        hostname: name={{ host }}

      - name: Add hostname to /etc/hosts
        shell: echo "127.0.0.1      {{ host }}" >> /etc/hosts

      - name: Disable recommended packages in APT
        copy: src=config/apt_no_recommends dest=/etc/apt/apt.conf.d/06norecommends

      - name: Full package upgrade
        apt: update_cache=yes upgrade=full

      - name: Install some required packages
        apt: update_cache=yes install_recommends=no pkg={{item}} state=present
        with_items:
            - less
            - htop
            - nload
            - screen
            - denyhosts
            - ntp
            - apticron
            - logcheck
            - logcheck-database

      - name: Remove portmap package
        apt: pkg=portmap purge=yes state=absent

      - name: Make apticron send diffs only
        shell: sed -i -e 's/^# DIFF_ONLY/DIFF_ONLY/' /etc/apticron/apticron.conf

      - name: Remove search line from resolv.conf
        shell: sed -e 's/^search.*$//' /etc/resolv.conf

      - name: Set torserver aliases
        copy: src=config/aliases dest=/etc/aliases

      - name: Apply Aliases
        shell: newaliases

  handlers:
      - name: restart ssh
        action: service name=ssh state=restarted