slfhst/ansible
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

First commit

Browse Source
This commit is contained in:
VC
2019-09-04 09:06:55 +02:00
commit dded46ff64
144 changed files with 7495 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
roles/system/files/5-install Normal file
View File

@@ -0,0 +1 @@
dist-upgrade -y -o APT::Get::Show-Upgraded=true -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold

19
roles/system/files/dotbashrc Normal file
View File

@@ -0,0 +1,19 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
# Note: PS1 and umask are already set in /etc/profile. You should not
# need this unless you want different defaults for root.
# PS1='${debian_chroot:+($debian_chroot)}\h:\w\$ '
# umask 022
# You may uncomment the following lines if you want `ls' to be colorized:
export LS_OPTIONS='--color=auto'
eval "`dircolors`"
alias ls='ls $LS_OPTIONS'
alias ll='ls $LS_OPTIONS -l'
alias l='ls $LS_OPTIONS -lA'
#
# Some more alias to avoid making mistakes:
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'
. "/etc/x509/acme.sh.env"

1
roles/system/files/ssh/home.id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc1pahc4fTbyave6S4Y5co9yYKelnUbHjhHkA2yiHdgauwwvcMqHu+JbHSJyXjkyhDlVA0gXexa/rDE9XJyVw5KGKsz5l05K21YhiDC0btYyA1RBju3b6lEdl43MasWDhZPB+HU06jUTgGXqobfjiPkGy9CEhPSzNZd7fDy60BwqS7KNLE3PWQ46j3HTDmw6yJUGBmICIhu8wSmJ5qcnzAAF5tnBGAENBMuRrkhOFts/FPBnn6sUmXOO4X3DecTRPE8Fwchn+RlVHc/tKt+hUtak4enVIKfNsRRTAR1yZKwBJkqrpDI509tZRmvcmawP9/p25yAUD2PBi2Ft+nlqxz

1
roles/system/files/ssh/work.id_rsa.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzxdkNy1r7j79Lv9OdKHvpNr1LmHOz6np0w8JGH63kH/1y330aRu4p90mf4QZrnPsUx1nYUKWgaR5XNka3OOgh9/r8bskymteIPnx88oSG+c8bEowwNbevA8JURRh7FG/jWuclyngQW0nuplZgaCB6GuA68nYQSnFTw1xHg7Qbx7wukrsZz0dIDOTFUIcNRBabzjchP8vyDDB1jPw5ghK7VxTDSx8I6H+BhJydsCz1TJqvWvc8Z3X9yH5/OXp26rpSFkhCyDxV//9XXZvCsqjmz3KRvN0IwLMgQZZkDyDORunEg+OpSES++n0FN85tyf1BT6y8P5CcrJWMnS3fMJib

1117
roles/system/files/vim/colors/solarized.vim Normal file
View File

File diff suppressed because it is too large Load Diff

12
roles/system/files/vim/vimrc Normal file
View File

@@ -0,0 +1,12 @@
set nocompatible
set paste
set smartindent
set noexpandtab
set tabstop=4
set shiftwidth=4
set softtabstop=-1
syntax on
set background=dark
set list listchars=tab:»\ ,extends:,precedes:,nbsp,trail
colorscheme solarized
filetype plugin indent on

4
roles/system/handlers/main.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: restart sshd
service:
name: sshd
state: restarted

4
roles/system/tasks/apt-transport-https.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: install https transport for apt
package:
name: apt-transport-https
state: present

5
roles/system/tasks/aptitude.yml Normal file
View File

@@ -0,0 +1,5 @@
- name: install aptitude
package:
name: aptitude
state: present
when: ansible_facts['os_family'] == 'Debian'

6
roles/system/tasks/bashrc.yml Normal file
View File

@@ -0,0 +1,6 @@
- name: copy basic bashrc files
copy:
src: files/dotbashrc
dest: /root/.bashrc
owner: root
group: root

10
roles/system/tasks/cron-apt.yml Normal file
View File

@@ -0,0 +1,10 @@
- name: install cron-apt
package:
name: cron-apt
state: present
- name: default configuration file
copy:
src: files/5-install
dest: /etc/cron-apt/action.d/5-install

4
roles/system/tasks/cron.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: install cron
package:
name: cron
state: present

4
roles/system/tasks/curl.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: install curl
package:
name: curl
state: present

4
roles/system/tasks/gpg.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: install gpg package
package:
name: gpg
state: present

22
roles/system/tasks/locales.yml Normal file
View File

@@ -0,0 +1,22 @@
- name: Set default locale to fr_FR.UTF-8
debconf:
name: locales
question: locales/default_environment_locale
value: fr_FR.UTF-8
vtype: select
- name: set to generate locales fr_FR/en_US
debconf:
name: locales
question: locales/locales_to_be_generated
value: en_US.UTF-8 UTF-8, fr_FR.UTF-8 UTF-8
vtype: multiselect
- name: delete original locale.gen
file:
path: /etc/locale.gen
state: absent
when: ansible_facts['env']['LANG'] != 'fr_FR.UTF-8'
- name: update original locale.gen
command: dpkg-reconfigure -f noninteractive locales
when: ansible_facts['env']['LANG'] != 'fr_FR.UTF-8'

4
roles/system/tasks/localtime.yml Normal file
View File

@@ -0,0 +1,4 @@
- file:
src: /usr/share/zoneinfo/Europe/Paris
dest: /etc/localtime
state: link

14
roles/system/tasks/main.yml Normal file
View File

@@ -0,0 +1,14 @@
- include_tasks: aptitude.yml
- include_tasks: localtime.yml
- include_tasks: locales.yml
- include_tasks: ping.yml
- include_tasks: telnet.yml
- include_tasks: bashrc.yml
- include_tasks: vimrc.yml
- include_tasks: sshd.yml
- include_tasks: curl.yml
- include_tasks: wget.yml
- include_tasks: cron.yml
- include_tasks: apt-transport-https.yml
- include_tasks: gpg.yml
- include_tasks: cron-apt.yml

4
roles/system/tasks/ping.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: install ping utility
package:
name: iputils-ping
state: present

18
roles/system/tasks/sshd.yml Normal file
View File

@@ -0,0 +1,18 @@
- name: ssh configuration file
template:
src: sshd_config.j2
dest: /etc/ssh/sshd_config
notify:
- restart sshd
- name: ssh keys home
authorized_key:
user: root
state: present
key: "{{ lookup('file', 'ssh/home.id_rsa.pub') }}"
- name: ssh keys work
authorized_key:
user: root
state: present
key: "{{ lookup('file', 'ssh/work.id_rsa.pub') }}"

4
roles/system/tasks/telnet.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: install telnet
package:
name: telnet
state: present

11
roles/system/tasks/vimrc.yml Normal file
View File

@@ -0,0 +1,11 @@
- name: install vim package
package:
name: vim
state: present
- name: copy vimrc config file
copy:
src: files/vim/
dest: /root/.vim
owner: root
group: root

4
roles/system/tasks/wget.yml Normal file
View File

@@ -0,0 +1,4 @@
- name: install wget package
package:
name: wget
state: present

36
roles/system/templates/sshd_config.j2 Normal file
View File

@@ -0,0 +1,36 @@
##########
# THIS FILE IS MANAGED BY ANSIBLE
# ANY MODIFICATION IS LIKELY TO BE ERASED
##########
# Host key pour les différents protocoles possibles
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Algorithmes de chiffrement utilisés
KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
# Log
SyslogFacility AUTHPRIV
LogLevel VERBOSE
# Log SFTP
Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
# Autorisation et authentification
PasswordAuthentication yes
ChallengeResponseAuthentication no
PermitRootLogin without-password
GSSAPIAuthentication yes
UsePAM yes
X11Forwarding yes
# Privilège attribué
UsePrivilegeSeparation sandbox # Default for new installations.
# Variable d'environnement
AcceptEnv LANG LANGUAGE LC_*
AcceptEnv USER_LS_COLORS LS_COLORS
AcceptEnv XMODIFIERS