feat ansible ssh configuration

2024-08-31 21:21:26 +01:00
parent 44ebbbf28a
commit b3d9bdfbe3
9 changed files with 96 additions and 21 deletions
--- a/ansible/roles/myInfra.dev.homesrv01/.gitignore
+++ b/ansible/roles/myInfra.dev.homesrv01/.gitignore
@@ -0,0 +1,27 @@
+# Ansible Tower ignore list
+
+# Ansible runtime and backups
+*.original
+*.tmp
+*.bkp
+*.retry
+*.*~
+
+# Tower runtime roles 
+roles/**
+!roles/myInfra.dev.homesrv01
+!roles/requirements.yml
+
+# Try tyo avoid any plain-text passwords 
+*pwd*
+*pass*
+*password*
+*.txt
+
+# Exclude all binaries
+*.bin
+*.jar
+*.tar
+*.zip
+*.gzip
+*.tgz
--- a/ansible/roles/myInfra.dev.homesrv01/handlers/main.yml
+++ b/ansible/roles/myInfra.dev.homesrv01/handlers/main.yml
@@ -0,0 +1,6 @@
+---
+- import_tasks: services.ssh.yml
+
+
+
+
--- a/ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml
+++ b/ansible/roles/myInfra.dev.homesrv01/handlers/services.ssh.yml
@@ -0,0 +1,8 @@
+---
+- name: SSH - Restart Service
+  become: true
+  ansible.builtin.service:
+    daemon_reload: true
+    name: ssh
+    enabled: true
+    state: restarted
--- a/ansible/roles/myInfra.dev.homesrv01/meta/main.yml
+++ b/ansible/roles/myInfra.dev.homesrv01/meta/main.yml
@@ -50,10 +50,11 @@ galaxy_info:
    # NOTE: A tag is limited to a single word comprised of alphanumeric characters.
    #       Maximum 20 tags per role.

-dependencies:
-  - role: myInfra.journald
-  - role: myInfra.docker.portainer
-  - role: myInfra.docker.promtail
-  - role: myInfra.docker.telegraf
+# dependencies:
+#  - role: myInfra.journald
+#  - role: myInfra.docker.portainer
+#  - role: myInfra.docker.promtail
+#  - role: myInfra.docker.telegraf
+#  - role: myInfra.dev.homesrv01.core
  # List your role dependencies here, one per line. Be sure to remove the '[]' above,
  # if you add dependencies to this list.
--- a/ansible/roles/myInfra.dev.homesrv01/tasks/main.yml
+++ b/ansible/roles/myInfra.dev.homesrv01/tasks/main.yml
@@ -0,0 +1,6 @@
+---
+- import_tasks: services.ssh.yml
+
+
+
+
--- a/ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml
+++ b/ansible/roles/myInfra.dev.homesrv01/tasks/services.ssh.yml
@@ -0,0 +1,26 @@
+---
+- name: SSH - Install/Update Latest
+  become: true
+  ansible.builtin.package:
+    name:
+      - openssh-server
+    state: latest
+  notify:
+    - SSH - Restart Service
+
+- name: SSH - Setup & Config
+  copy:
+    dest: /etc/ssh/sshd_config.d/10-myLimbo.conf
+    content: |
+      ###################################################################
+  
+      # maintained by myInfra.dev.homesrv01 ansible role
+      # https://git.limbosolutions.com/marcio.fernandes/homesrv01.dev.lan
+  
+      ####################################################################
+      
+      PermitRootLogin no
+      PasswordAuthentication no
+  
+  notify:
+    - SSH - Restart Service
--- a/ansible/run-site.local.sh
+++ b/ansible/run-site.local.sh
@@ -0,0 +1,2 @@
+#/bin/bash
+ansible-playbook --connection=local --inventory 127.0.0.1, --limit 127.0.0.1 site.yml
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -0,0 +1,4 @@
+- name: homesrv01 playbook
+  hosts: all
+  roles:
+    - myInfra.dev.homesrv01