Last active
September 8, 2015 12:05
-
-
Save ahmpro/57cca91f1a298b1adaa9 to your computer and use it in GitHub Desktop.
ahmpro ansible bootstrap
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # usage: ansible-playbook -i '8.8.8.8,' bootstrap.yml | |
| # oneline, for easy bootstrap, do not forget change ip and user :) | |
| # wget https://gist.githubusercontent.com/ahmpro/57cca91f1a298b1adaa9/raw/bootstrap.yml -O /tmp/ahmpro_bootstrap.yml && ansible-playbook -i '8.8.8.8,' /tmp/ahmpro_bootstrap.yml -u root | |
| - hosts: all | |
| become: yes | |
| become_user: root | |
| handlers: | |
| - name: restart ssh | |
| service: name=sshd state=restarted | |
| tasks: | |
| - name: install epel for CentOS/RHEL 6 | |
| when: (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat') and ansible_distribution_major_version == "6" | |
| yum: name=http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm state=present | |
| - name: install epel for CentOS/RHEL 7 | |
| when: (ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat') and ansible_distribution_major_version == "7" | |
| yum: name=http://download.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm state=present | |
| - name: upgrade system via yum | |
| when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' | |
| yum: name=* state=latest | |
| - name: install pkgs with yum | |
| when: ansible_distribution == 'CentOS' or ansible_distribution == 'RedHat' | |
| yum: "name={{ item }} state=latest enablerepo=epel" | |
| with_items: | |
| - sudo | |
| - vim | |
| - nano | |
| - mc | |
| - git | |
| - libselinux-python | |
| - telnet | |
| - htop | |
| - bash-completion | |
| - name: upgrade system via apt | |
| when: ansible_distribution == 'Ubuntu' | |
| apt: upgrade=safe update_cache=yes | |
| - name: install pkgs with apt | |
| when: ansible_distribution == 'Ubuntu' | |
| apt: "name={{ item }} state=present" | |
| with_items: | |
| - sudo | |
| - vim | |
| - nano | |
| - mc | |
| - git | |
| - python2.7-selinux | |
| - telnet | |
| - htop | |
| - name: add user to group sudo | |
| user: "name={{ item }} shell=/bin/bash groups=sudo append=yes" | |
| with_items: | |
| - ahmpro | |
| ignore_errors: True | |
| - name: add user to group wheel | |
| user: "name={{ item }} shell=/bin/bash groups=wheel append=yes" | |
| with_items: | |
| - ahmpro | |
| ignore_errors: True | |
| - name: add ahmpro pubkey | |
| authorized_key: "user=ahmpro key='ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhodtglDoz5njTCDM50TJixAhW1wlbPbZ918zG/4EC8ACtp1Zm4WT+SWh8BV1Bglj53ipg2Cm9cbcXgOT22RJWd/LcfLwWGDSRB5DqBdc6kcLaqrndjVXDX7Fwz0uCFHq88rji0iflHAgqqnrJ4n9BDy6diUhBiEiQMngIML3MJ4sEojQE1IYlrIKkeyyzjYluxQRD8g564OroGuvoosPPdn7uVU4aGfAIh5zVEq3Q7n8TBy4DMQcLiYjcFz1TJ5KFiIzwDGe4hJcvszFI7pfvsBLal+SRnEGYFUwJFxqc+YASgccKn2aqhZjzyfDf+ta+6Da/MPX6VCnuLjADsTzdQ== ahmpro'" | |
| - name: add ahmpro to sudoers | |
| lineinfile: "dest=/etc/sudoers line='ahmpro ALL=(ALL:ALL) NOPASSWD: ALL' state=present" | |
| - name: disallow password authentication | |
| lineinfile: dest=/etc/ssh/sshd_config regexp="^PasswordAuthentication" line="PasswordAuthentication no" state=present | |
| notify: restart ssh | |
| - name: disallow root access | |
| action: lineinfile dest=/etc/ssh/sshd_config regexp="^PermitRootLogin" line="PermitRootLogin no" state=present | |
| notify: restart ssh | |
| - name: disable dns | |
| action: lineinfile dest=/etc/ssh/sshd_config regexp="^UseDNS" line="UseDNS no" state=present | |
| notify: restart ssh | |
| - name: allow agent forwarding | |
| action: lineinfile dest=/etc/ssh/sshd_config regexp="^AllowAgentForwarding" line="AllowAgentForwarding yes" state=present | |
| notify: restart ssh |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment