2020-03-14 15:47:06 +01:00
|
|
|
Table of contents
|
|
|
|
|
=================
|
|
|
|
|
|
2020-03-14 15:34:13 +01:00
|
|
|
<!--ts-->
|
2020-03-14 15:36:06 +01:00
|
|
|
* [Prerequisites](#prerequisites)
|
|
|
|
|
* [Setup](#setup)
|
2020-03-14 15:38:43 +01:00
|
|
|
* [Run defaults](#run-defaults)
|
|
|
|
|
* [Run optionals](#run-optionals)
|
|
|
|
|
* [Versions](#versions)
|
|
|
|
|
* [Git push](#git-push)
|
2020-03-14 15:34:13 +01:00
|
|
|
<!--te-->
|
|
|
|
|
|
2020-03-14 15:49:50 +01:00
|
|
|
NOTA BENE
|
|
|
|
|
=================
|
2022-12-27 19:14:10 +01:00
|
|
|
I've tested the playbooks on:
|
|
|
|
|
- Debian 9
|
|
|
|
|
- Debian 10
|
2022-12-27 19:48:35 +01:00
|
|
|
- Debian 11 (everything)
|
2024-02-11 15:55:12 +01:00
|
|
|
- Debian 12
|
2022-12-27 19:48:35 +01:00
|
|
|
- Ubuntu 20.04
|
|
|
|
|
- Ubuntu 22.04 (common,docker_host)
|
|
|
|
|
- Centos 7 (almost everything)
|
2022-12-27 19:14:10 +01:00
|
|
|
|
2020-03-14 15:49:50 +01:00
|
|
|
I've started converting the roles to distinguish between OSes but it's incomplete.
|
|
|
|
|
|
2024-02-11 15:55:12 +01:00
|
|
|
I'ts being tested also on LXC containers and I've added a skip of sysctl tasks when in a container.
|
|
|
|
|
You can check the case by using: systemd-detect-virt
|
|
|
|
|
none: baremetal
|
|
|
|
|
kvm: vm (on Proxmox)
|
|
|
|
|
lxc: container (on Proxmox)
|
|
|
|
|
|
2020-03-14 15:34:13 +01:00
|
|
|
|
2020-03-14 15:36:06 +01:00
|
|
|
Prerequisites
|
|
|
|
|
=============
|
2020-03-13 20:05:35 +01:00
|
|
|
|
2020-03-14 00:52:38 +01:00
|
|
|
install ansible:
|
|
|
|
|
apt-get install -y ansible
|
2020-03-13 20:05:35 +01:00
|
|
|
|
2020-03-14 00:52:38 +01:00
|
|
|
add hosts lines to ansible:
|
2020-03-13 20:05:35 +01:00
|
|
|
echo "[thismachine]" >> /etc/ansible/hosts
|
|
|
|
|
echo "127.0.0.1" >> /etc/ansible/hosts
|
|
|
|
|
|
|
|
|
|
|
2020-03-14 15:36:06 +01:00
|
|
|
Setup
|
|
|
|
|
=====
|
2020-03-13 20:05:35 +01:00
|
|
|
|
2020-03-14 11:28:22 +01:00
|
|
|
you have to change at least 2 variables:
|
|
|
|
|
- users
|
|
|
|
|
- hostname
|
|
|
|
|
|
|
|
|
|
which by default are set to "CHANGEME" anche the playbook is set to fail if these are set to CHANGEME
|
|
|
|
|
|
2020-03-14 00:13:46 +01:00
|
|
|
insert your user in:
|
|
|
|
|
variables.yml
|
2020-03-13 20:05:35 +01:00
|
|
|
in the list:
|
|
|
|
|
users:
|
|
|
|
|
goofy
|
|
|
|
|
and their ssh keys in the folder
|
|
|
|
|
keys
|
|
|
|
|
in form of filename:
|
|
|
|
|
goofy.key.pub
|
|
|
|
|
and format:
|
|
|
|
|
ssh-rsa [/CUT] user@host
|
|
|
|
|
|
2020-03-14 11:28:22 +01:00
|
|
|
insert your hostname in
|
|
|
|
|
variables.yml
|
|
|
|
|
in the variable:
|
|
|
|
|
hostname:
|
2020-03-13 20:05:35 +01:00
|
|
|
|
2020-03-14 15:38:43 +01:00
|
|
|
Run defaults
|
|
|
|
|
============
|
2020-03-13 20:05:35 +01:00
|
|
|
|
|
|
|
|
ansible-playbook common.yml
|
|
|
|
|
|
2020-03-19 18:47:34 +01:00
|
|
|
or if you are running as non-root:
|
|
|
|
|
|
|
|
|
|
sudo ansible-playbook common.yml
|
|
|
|
|
|
2020-03-14 15:45:17 +01:00
|
|
|
this playbok will:
|
|
|
|
|
- check if the variables are set
|
|
|
|
|
- change the hostname to the one that has been set in the variables
|
|
|
|
|
- set the timezone to the one in the variables (default: Europe/Rome)
|
|
|
|
|
- update repositories
|
|
|
|
|
- install base packages
|
|
|
|
|
- retrieve the main network interface (the one that is associated with the default gateway)
|
|
|
|
|
- iptables:
|
|
|
|
|
- create the users defined in the variables with the keys
|
|
|
|
|
- create basic ipv4 rules
|
|
|
|
|
- create blocking ipv6 rules
|
|
|
|
|
- apply said rules in iptables-persistent
|
|
|
|
|
- fix bashrc how I like it
|
|
|
|
|
- harden ssh
|
|
|
|
|
|
2020-03-14 15:38:43 +01:00
|
|
|
Run optionals
|
|
|
|
|
=============
|
2020-03-14 15:47:06 +01:00
|
|
|
- docker.yml
|
|
|
|
|
- installs docker-ce and docker-compose (variable in variables.yml for latest of docker-compose)
|
|
|
|
|
- lldp.yml
|
|
|
|
|
- installs and enables LLDP
|
2020-03-14 00:55:16 +01:00
|
|
|
- telegraf.yml
|
|
|
|
|
- tincvpn.yml
|
|
|
|
|
- transmission.yml
|
2020-03-14 15:47:06 +01:00
|
|
|
- singularity.yml
|
|
|
|
|
- installs go and builds and installs singularity
|
|
|
|
|
- tor.yml
|
|
|
|
|
- installs tor base from tor repo
|
2020-03-14 11:28:22 +01:00
|
|
|
|
2020-03-14 15:38:43 +01:00
|
|
|
Versions
|
|
|
|
|
========
|
2020-03-14 15:26:21 +01:00
|
|
|
* docker-compose:
|
2020-03-14 15:26:53 +01:00
|
|
|
* variable: compose_ver
|
|
|
|
|
* look here: https://github.com/docker/compose/releases/latest
|
2020-03-14 15:26:21 +01:00
|
|
|
* go:
|
2020-03-14 15:26:53 +01:00
|
|
|
* variable: singularity_go_ver
|
|
|
|
|
* look here: https://golang.org/dl/ , the package is like go1.14.linux-amd64.tar.gz and you take the "1.14"
|
2020-03-14 15:26:21 +01:00
|
|
|
* singularity:
|
2020-03-14 15:26:53 +01:00
|
|
|
* varaible: singularity_ver
|
|
|
|
|
* look here: https://github.com/sylabs/singularity/releases/latest
|
2020-03-13 20:05:35 +01:00
|
|
|
|
2020-03-14 15:38:43 +01:00
|
|
|
Git push
|
|
|
|
|
========
|
2020-03-13 20:05:35 +01:00
|
|
|
git add --all
|
|
|
|
|
git commit -m "added things to readme"
|
|
|
|
|
git push -u origin master
|
|
|
|
|
|
|
|
|
|
or:
|
|
|
|
|
git add --all && git commit -m "message" && git push -u origin master
|
2020-03-14 15:34:13 +01:00
|
|
|
|
2020-03-14 15:45:17 +01:00
|
|
|
TODO
|
|
|
|
|
========
|
|
|
|
|
- [ ] fix the installation that is only for deb systems in common.yml
|
2020-03-14 15:47:06 +01:00
|
|
|
- [ ] test on centos
|
