From 0016da9fed438d43864a75f90ac512a6c4232035 Mon Sep 17 00:00:00 2001 From: panda Date: Fri, 13 Mar 2020 20:05:35 +0100 Subject: [PATCH] first commit --- README.md | 40 +++++++ ansible/common.yml | 130 +++++++++++++++++++++ ansible/keys/panda.key.pub | 2 + ansible/lldp.retry | 1 + ansible/lldp.yml | 8 ++ ansible/repo/bashrc | 116 ++++++++++++++++++ ansible/repo/telegraf_settings | 16 +++ ansible/repo/transmission_settings | 74 ++++++++++++ ansible/roles/lldp/tasks/main.yml | 29 +++++ ansible/roles/ssh_hardening/tasks/main.yml | 13 +++ ansible/roles/telegraf/tasks/main.yml | 73 ++++++++++++ ansible/roles/transmission/tasks/main.yml | 57 +++++++++ ansible/roles/vcn/tasks/main.yml | 13 +++ ansible/telegraf.retry | 1 + ansible/telegraf.yml | 9 ++ ansible/to_add.txt | 8 ++ ansible/transmission.yml | 8 ++ ansible/vcn.yml | 9 ++ common.yml | 130 +++++++++++++++++++++ hosts | 47 ++++++++ keys/panda.key.pub | 2 + lldp.yml | 8 ++ repo/bashrc | 116 ++++++++++++++++++ repo/telegraf_settings | 16 +++ repo/transmission_settings | 74 ++++++++++++ roles/lldp/tasks/main.yml | 29 +++++ roles/ssh_hardening/tasks/main.yml | 13 +++ roles/telegraf/tasks/main.yml | 73 ++++++++++++ roles/transmission/tasks/main.yml | 57 +++++++++ roles/vcn/tasks/main.yml | 13 +++ telegraf.yml | 9 ++ to_add.txt | 8 ++ transmission.yml | 8 ++ vcn.yml | 9 ++ 34 files changed, 1219 insertions(+) create mode 100644 README.md create mode 100644 ansible/common.yml create mode 100644 ansible/keys/panda.key.pub create mode 100644 ansible/lldp.retry create mode 100644 ansible/lldp.yml create mode 100644 ansible/repo/bashrc create mode 100644 ansible/repo/telegraf_settings create mode 100644 ansible/repo/transmission_settings create mode 100644 ansible/roles/lldp/tasks/main.yml create mode 100644 ansible/roles/ssh_hardening/tasks/main.yml create mode 100644 ansible/roles/telegraf/tasks/main.yml create mode 100644 ansible/roles/transmission/tasks/main.yml create mode 100644 ansible/roles/vcn/tasks/main.yml create mode 100644 ansible/telegraf.retry create mode 100644 ansible/telegraf.yml create mode 100644 ansible/to_add.txt create mode 100644 ansible/transmission.yml create mode 100644 ansible/vcn.yml create mode 100644 common.yml create mode 100644 hosts create mode 100644 keys/panda.key.pub create mode 100644 lldp.yml create mode 100644 repo/bashrc create mode 100644 repo/telegraf_settings create mode 100644 repo/transmission_settings create mode 100644 roles/lldp/tasks/main.yml create mode 100644 roles/ssh_hardening/tasks/main.yml create mode 100644 roles/telegraf/tasks/main.yml create mode 100644 roles/transmission/tasks/main.yml create mode 100644 roles/vcn/tasks/main.yml create mode 100644 telegraf.yml create mode 100644 to_add.txt create mode 100644 transmission.yml create mode 100644 vcn.yml diff --git a/README.md b/README.md new file mode 100644 index 0000000..56fff55 --- /dev/null +++ b/README.md @@ -0,0 +1,40 @@ +PREREQUISITES: + +apt-get install -y ansible + + echo "[thismachine]" >> /etc/ansible/hosts + echo "127.0.0.1" >> /etc/ansible/hosts + + +SETUP: + +insert your user and key in: + common.yml +in the list: + vars: + users: + goofy + +and their ssh keys in the folder + keys +in form of filename: + goofy.key.pub +and format: + ssh-rsa [/CUT] user@host + + +RUN DEFAULTS: + + ansible-playbook common.yml + + + + + +GIT PUSH: + git add --all + git commit -m "added things to readme" + git push -u origin master + +or: + git add --all && git commit -m "message" && git push -u origin master diff --git a/ansible/common.yml b/ansible/common.yml new file mode 100644 index 0000000..2cea964 --- /dev/null +++ b/ansible/common.yml @@ -0,0 +1,130 @@ +# playbook.yml: +--- +- name: "common config" + hosts: thismachine + connection: local + + vars: + users: + - panda + + tasks: + - name: Set timezone to Europe/Rome + timezone: + name: Europe/Rome + + - name: Update repositories cache + apt: + update_cache: yes + + - name: Install a list of packages + apt: + pkg: + - htop + - iotop + - glances + - screen + - sysstat + - git + - nmap + - ntp + - tinc + - fail2ban + - iptables-persistent + + - debug: + msg: The main interface is {{ ansible_default_ipv4.interface }} + + - name: Create a directory if it does not exist + file: + path: /scripts + state: directory + mode: '0755' + + - name: "Create user accounts and add users to groups" + user: + name: "{{ item }}" + shell: "/bin/bash" + with_items: "{{ users }}" + + - name: "Add authorized keys" + authorized_key: + user: "{{ item }}" + key: "{{ lookup('file', 'keys/'+ item + '.key.pub') }}" + with_items: "{{ users }}" + + - name: create rules.v4 + blockinfile: + create: yes + state: present +# path: "/scripts/rules.v4" + dest: "/scripts/rules.v4" + marker: "# {mark} ANSIBLE MANAGED BLOCK #" + block: | + # Generated by iptables-save v1.4.21 on Tue Nov 19 22:41:29 2019 + *filter + :INPUT DROP [0:0] + :FORWARD DROP [0:0] + :OUTPUT ACCEPT [372:91728] + :fail2ban-ssh - [0:0] + -A INPUT -i lo -j ACCEPT + -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh + -A INPUT -i {{ ansible_default_ipv4.interface }} -p tcp -m tcp --dport 22 -j ACCEPT + -A INPUT -i {{ ansible_default_ipv4.interface }} -p icmp -m icmp --icmp-type 8 -j ACCEPT + -A INPUT -i vcn -p icmp -m icmp --icmp-type 8 -j ACCEPT + -A INPUT -s 172.20.1.125/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda blackfox" -j ACCEPT + -A INPUT -s 172.20.1.65/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda kiwi" -j ACCEPT + -A INPUT -s 172.20.1.90/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda scass1" -j ACCEPT + #-A INPUT -s 172.20.1.82/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment davide -j ACCEPT + #-A INPUT -s 172.20.1.15/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment encrypt -j ACCEPT + -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + -A INPUT -j DROP + -A OUTPUT -o lo -j ACCEPT + -A fail2ban-ssh -j RETURN + COMMIT + # Completed on Tue Nov 19 22:41:29 2019 + + - name: create rules.v6 + blockinfile: + create: yes + state: present +# path: "/scripts/rules.v4" + dest: "/scripts/rules.v6" + marker: "# {mark} ANSIBLE MANAGED BLOCK #" + block: | + # Generated by ip6tables-save v1.4.21 on Tue Nov 19 22:58:08 2019 + *filter + :INPUT DROP [0:0] + :FORWARD DROP [0:0] + :OUTPUT DROP [0:0] + COMMIT + # Completed on Tue Nov 19 22:58:08 2019 + + - name: reload iptables v4 + action: shell /sbin/iptables-restore -! < /scripts/rules.v4 + + - name: reload iptables v4 + action: shell /sbin/ip6tables-restore -! < /scripts/rules.v6 + + - name: save iptables v4 rules + shell: iptables-save > /etc/iptables/rules.v4 + + - name: save iptables v6 rules + shell: ip6tables-save > /etc/iptables/rules.v6 + + + - name: "Copy file with owner and permissions" + copy: + backup: yes + src: "{{ playbook_dir }}/repo/bashrc" + dest: /root/.bashrc + owner: root + group: root + mode: '0644' + + +- name: "ssh_hardening" + hosts: thismachine + connection: local + roles: + - ssh_hardening diff --git a/ansible/keys/panda.key.pub b/ansible/keys/panda.key.pub new file mode 100644 index 0000000..e5b16d7 --- /dev/null +++ b/ansible/keys/panda.key.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDggvHQafvmP/bTxL4N0ZllGYuHlOVH66iOmgI4FXbndfwhWXumVVWR7W24UTz1SWdfrakDvz87QY4F6mva4pVSNgXQtKCFYewSrCw5+hxF/iHncwYTAq6TJFfGEXtb1irJDEJAnatCINQqZD5vEXkogbansfMvhq0xnnbO0PeTb3QMAGr+2WtZhsUoLY60TQY3nKvTUIzNeCMZBrlNXZueyVTsldyLZY0izkP6c14UjzhrCJ9K0GrbquDyHHb2H3eBiDLknQkmiqWSemWWnZTE0NaJad+tI+yrORa7S5LeuIg1uD0xxkACz+oSIwg8TVDViOyFSUqQ5CoJnQlWKk6YWNyZiPkQSfNt4em/hrVNma6bCgFQaV/pYaRIhze+LkGRyHfC1eHGIK/NGNBYiHF0/sTOpDIFiFrTUXwo5L6J01hR1wu4hjLgRPWteMaPtp6z6ujrTxQo/U1a6b3nKiMzBor4engCsDxJ2ulpy9kRmy5YcEz4+hzmAfI2EcnJALXR2QAGrp5ZYqG7u1aNmzU5P4L78ypJ3q5NWKkUR+RhyNwwb1/BRGhzn4tadjO3Ft0G4LxxTMShWnDBA8N7+WtexP92LuJZm7jPdPC2nF9i5TQInFBNxTzvl3Pk7/ckqUjPXxM57O6ykLuF3FMO6oBPEhGdkddSwNBPUA1oIEmu/w== gino@hl + diff --git a/ansible/lldp.retry b/ansible/lldp.retry new file mode 100644 index 0000000..7b9ad53 --- /dev/null +++ b/ansible/lldp.retry @@ -0,0 +1 @@ +127.0.0.1 diff --git a/ansible/lldp.yml b/ansible/lldp.yml new file mode 100644 index 0000000..185a277 --- /dev/null +++ b/ansible/lldp.yml @@ -0,0 +1,8 @@ +# playbook.yml: +--- + +- name: "lldp" + hosts: thismachine + connection: local + roles: + - lldp diff --git a/ansible/repo/bashrc b/ansible/repo/bashrc new file mode 100644 index 0000000..0962d0e --- /dev/null +++ b/ansible/repo/bashrc @@ -0,0 +1,116 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac + +# don't put duplicate lines or lines starting with space in the history. +# See bash(1) for more options +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=999999 +HISTFILESIZE=200000 + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# If set, the pattern "**" used in a pathname expansion context will +# match all files and zero or more directories and subdirectories. +#shopt -s globstar + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + #alias grep='grep --color=auto' + #alias fgrep='fgrep --color=auto' + #alias egrep='egrep --color=auto' +fi + +# some more ls aliases +alias ll='ls -lahs --color=auto' +#alias la='ls -A' +#alias l='ls -CF' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi + +HISTTIMEFORMAT="%Y-%m-%d_%T - " +export PS1="\[\e[00;37m\]\t_\[\e[0m\]\[\e[00;33m\]\u\[\e[0m\]\[\e[00;37m\]@\[\e[0m\]\[\e[01;31m\]\h\[\e[0m\]\[\e[00;37m\]:\[\e[0m\]\[\e[00;36m\][\w]:\\$\[\e[0m\]\[\e[00;37m\]\[\e[0m\]" + +cd ~ + diff --git a/ansible/repo/telegraf_settings b/ansible/repo/telegraf_settings new file mode 100644 index 0000000..e7db8e4 --- /dev/null +++ b/ansible/repo/telegraf_settings @@ -0,0 +1,16 @@ +telegraf now installed, edit /etc/telegraf/telegraf.conf adding: + +[[outputs.influxdb]] + urls = ["http://SERVER:PORT"] + database = "DB" + username = "USER" + password = "PASS" + + +and restart it + +just + +cat repo/telegraf_settings + +for all the info not garbled diff --git a/ansible/repo/transmission_settings b/ansible/repo/transmission_settings new file mode 100644 index 0000000..5a62f77 --- /dev/null +++ b/ansible/repo/transmission_settings @@ -0,0 +1,74 @@ +{ + "alt-speed-down": 1215751, + "alt-speed-enabled": true, + "alt-speed-time-begin": 90, + "alt-speed-time-day": 127, + "alt-speed-time-enabled": false, + "alt-speed-time-end": 420, + "alt-speed-up": 3567586, + "bind-address-ipv4": "0.0.0.0", + "bind-address-ipv6": "::", + "blocklist-enabled": true, + "blocklist-url": "http://john.bitsurge.net/public/biglist.p2p.gz", + "cache-size-mb": 4, + "dht-enabled": true, + "download-dir": "/data/torrents/", + "download-limit": 100, + "download-limit-enabled": 0, + "download-queue-enabled": false, + "download-queue-size": 5, + "encryption": 2, + "idle-seeding-limit": 30, + "idle-seeding-limit-enabled": false, + "incomplete-dir": "/data/torrents/_incomplete/", + "incomplete-dir-enabled": true, + "lpd-enabled": true, + "max-peers-global": 200, + "message-level": 1, + "peer-congestion-algorithm": "", + "peer-id-ttl-hours": 6, + "peer-limit-global": 16959, + "peer-limit-per-torrent": 9999, + "peer-port": 51413, + "peer-port-random-high": 65535, + "peer-port-random-low": 49152, + "peer-port-random-on-start": false, + "peer-socket-tos": "default", + "pex-enabled": true, + "port-forwarding-enabled": false, + "preallocation": 1, + "prefetch-enabled": 1, + "queue-stalled-enabled": true, + "queue-stalled-minutes": 30, + "ratio-limit": 2, + "ratio-limit-enabled": false, + "rename-partial-files": true, + "rpc-authentication-required": true, + "rpc-bind-address": "0.0.0.0", + "rpc-enabled": true, + "rpc-password": "{8ed7b18864b8eba7ea5aa5b5df1ef3c7494f9c7fm7lsHLa0", + "rpc-port": 9091, + "rpc-url": "/transmission/", + "rpc-username": "transmission", + "rpc-whitelist": "0.0.0.0", + "rpc-whitelist-enabled": false, + "scrape-paused-torrents-enabled": true, + "script-torrent-done-enabled": false, + "script-torrent-done-filename": "", + "seed-queue-enabled": false, + "seed-queue-size": 10, + "speed-limit-down": 20000, + "speed-limit-down-enabled": true, + "speed-limit-up": 1020, + "speed-limit-up-enabled": true, + "start-added-torrents": true, + "trash-original-torrent-files": true, + "umask": 18, + "upload-limit": 100, + "upload-limit-enabled": 0, + "upload-slots-per-torrent": 14, + "utp-enabled": true, + "watch-dir": "/data/torrents/_watchdir/", + "watch-dir-enabled": true +} + diff --git a/ansible/roles/lldp/tasks/main.yml b/ansible/roles/lldp/tasks/main.yml new file mode 100644 index 0000000..f93d3f4 --- /dev/null +++ b/ansible/roles/lldp/tasks/main.yml @@ -0,0 +1,29 @@ +- name: Install lldpd + apt: + pkg: + - lldpd + +- name: stop transmission + systemd: + state: stopped + name: lldpd + +- name: memorize hostname variable + shell: hostname + register: hostname + +- set_fact: + hostname={{ hostname.stdout }} + +- name: Add a line to a file if the file does not exist, without passing regexp + lineinfile: +# path: /etc/lldpd.d/hostname.conf + destfile: /etc/lldpd.d/hostname.conf + line: configure system description {{ hostname }} + create: yes + state: present + +- name: stop transmission + systemd: + state: started + name: lldpd diff --git a/ansible/roles/ssh_hardening/tasks/main.yml b/ansible/roles/ssh_hardening/tasks/main.yml new file mode 100644 index 0000000..bf488e7 --- /dev/null +++ b/ansible/roles/ssh_hardening/tasks/main.yml @@ -0,0 +1,13 @@ +- name: Password based logins are disabled - only public key based logins are allowed. + lineinfile: dest=/etc/ssh/sshd_config regexp='^#?AuthenticationMethods' line='AuthenticationMethods publickey' +- lineinfile: dest=/etc/ssh/sshd_config regexp='^#?PasswordAuthentication' line='PasswordAuthentication no' +- lineinfile: dest=/etc/ssh/sshd_config regexp='^#?ChallengeResponseAuthentication' line='ChallengeResponseAuthentication no' +- lineinfile: dest=/etc/ssh/sshd_config regexp='^#?PubkeyAuthentication' line='PubkeyAuthentication yes' +- lineinfile: dest=/etc/ssh/sshd_config regexp='^PermitRootLogin' line='PermitRootLogin No' + +- name: restart sshd + systemd: + state: restarted + daemon_reload: yes + name: sshd + diff --git a/ansible/roles/telegraf/tasks/main.yml b/ansible/roles/telegraf/tasks/main.yml new file mode 100644 index 0000000..4a5fc30 --- /dev/null +++ b/ansible/roles/telegraf/tasks/main.yml @@ -0,0 +1,73 @@ +- name: Install telegraf prerequsistes + apt: + pkg: + - apt-transport-https + - curl + +- name: Add influx repo key + shell: curl -sL https://repos.influxdata.com/influxdb.key | apt-key add - + +#- name: Check system version +# shell: source /etc/os-release +# args: +# executable: /bin/bash +# +#- set_fact: VERSION_ID="{{ lookup('env','VERSION_ID') }}" + +- name: memorize debian version variable + shell: cat /etc/debian_version | cut -d. -f1 + register: debian_version + +- set_fact: + debian_version={{ debian_version.stdout }} + +- name: add repo for debian 7 + when: "{{ debian_version }} == 7" + shell: echo "deb https://repos.influxdata.com/debian wheezy stable" | tee /etc/apt/sources.list.d/influxdb.list + +- name: add repo for debian 8 + when: "{{ debian_version }} == 8" + shell: echo "deb https://repos.influxdata.com/debian jessie stable" | tee /etc/apt/sources.list.d/influxdb.list + +- name: add repo for debian 9 + when: "{{ debian_version }} == 9" + shell: echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sources.list.d/influxdb.list + +- name: Update repositories cache + apt: + update_cache: yes + +- name: telegraf + apt: + pkg: + - telegraf + +- name: create telegraf basic config + shell: telegraf -sample-config -input-filter cpu:mem:swap:net:netstat:disk:diskio:docker:system:processes:kernel:sysstat:conntrack:nstat:iptables:sensors -output-filter influxdb > /etc/telegraf/telegraf.conf + +- name: restart telegraf + systemd: + state: restarted + name: telegraf + +- name: restart telegraf + systemd: + enabled: yes + name: telegraf + +#- name: display public key +# vars: +# debug: +# msg: +# - 'telegraf now installed, edit /etc/telegraf/telegraf.conf adding:' +# - '[[outputs.influxdb]]' +# - ' urls = ["http://172.20.1.168:8086"]' +# - ' database = "telegraf_vcn_int"' +# - ' username = "telegraf_akari"' +# - ' password = "FCw7izWVan8cnh3upuwxtn15pnlhjWY2"' + +- name: display help next steps + vars: + contents: "{{ lookup('file', 'repo/telegraf_settings') }}" + debug: msg="{{ contents.split('\n') }}" + diff --git a/ansible/roles/transmission/tasks/main.yml b/ansible/roles/transmission/tasks/main.yml new file mode 100644 index 0000000..cc30f96 --- /dev/null +++ b/ansible/roles/transmission/tasks/main.yml @@ -0,0 +1,57 @@ +- name: Install transmission + apt: + pkg: + - transmission-daemon + +- name: stop transmission + systemd: + state: stopped + name: transmission-daemon + + +- name: "Copy file with owner and permissions" + copy: + backup: yes + src: "{{ playbook_dir }}/repo/transmission_settings" + dest: /etc/transmission-daemon/settings.json + owner: debian-transmission + group: debian-transmission + mode: '0600' + +- name: Create dir /data + file: + path: /data + state: directory + owner: root + group: root + mode: '0755' + +- name: Create dir /data/torrents + file: + path: /data/torrents + state: directory + owner: debian-transmission + group: debian-transmission + mode: '0755' + +- name: Create dir /data/torrents/_incomplete + file: + path: /data/torrents/_incomplete + state: directory + owner: debian-transmission + group: debian-transmission + mode: '0755' + +- name: Create dir /data/torrents/_watchdir + file: + path: /data/torrents/_watchdir + state: directory + owner: debian-transmission + group: debian-transmission + mode: '0755' + +- name: restart transmission + systemd: + state: restarted + daemon_reload: yes + name: transmission-daemon diff --git a/ansible/roles/vcn/tasks/main.yml b/ansible/roles/vcn/tasks/main.yml new file mode 100644 index 0000000..7261de4 --- /dev/null +++ b/ansible/roles/vcn/tasks/main.yml @@ -0,0 +1,13 @@ +- name: create vcn folder + file: + path: /etc/tinc/vcn + state: directory + mode: '0700' + +- name: create keys + shell: tincd -n vcn -K4096 + +- name: display public key + vars: + contents: "{{ lookup('file', '/etc/tinc/vcn/rsa_key.pub') }}" + debug: msg="vcn public key is {{ contents }}" diff --git a/ansible/telegraf.retry b/ansible/telegraf.retry new file mode 100644 index 0000000..7b9ad53 --- /dev/null +++ b/ansible/telegraf.retry @@ -0,0 +1 @@ +127.0.0.1 diff --git a/ansible/telegraf.yml b/ansible/telegraf.yml new file mode 100644 index 0000000..d988eee --- /dev/null +++ b/ansible/telegraf.yml @@ -0,0 +1,9 @@ +# playbook.yml: +--- + +- name: "telegraf" + hosts: thismachine + connection: local + roles: + - telegraf + diff --git a/ansible/to_add.txt b/ansible/to_add.txt new file mode 100644 index 0000000..cb58509 --- /dev/null +++ b/ansible/to_add.txt @@ -0,0 +1,8 @@ +vcn: +nano /lib/systemd/system/tinc@.service + +ExecStart=/usr/sbin/tincd -n %i -D --logfile +ExecReload=/usr/sbin/tincd -n %i -kHUP --logfile + + +systemctl restart tinc@vcn diff --git a/ansible/transmission.yml b/ansible/transmission.yml new file mode 100644 index 0000000..81f2fdc --- /dev/null +++ b/ansible/transmission.yml @@ -0,0 +1,8 @@ +# playbook.yml: +--- + +- name: "transmission" + hosts: thismachine + connection: local + roles: + - transmission diff --git a/ansible/vcn.yml b/ansible/vcn.yml new file mode 100644 index 0000000..7d9691f --- /dev/null +++ b/ansible/vcn.yml @@ -0,0 +1,9 @@ +# playbook.yml: +--- + +- name: "vcn" + hosts: thismachine + connection: local + roles: + - vcn + diff --git a/common.yml b/common.yml new file mode 100644 index 0000000..2cea964 --- /dev/null +++ b/common.yml @@ -0,0 +1,130 @@ +# playbook.yml: +--- +- name: "common config" + hosts: thismachine + connection: local + + vars: + users: + - panda + + tasks: + - name: Set timezone to Europe/Rome + timezone: + name: Europe/Rome + + - name: Update repositories cache + apt: + update_cache: yes + + - name: Install a list of packages + apt: + pkg: + - htop + - iotop + - glances + - screen + - sysstat + - git + - nmap + - ntp + - tinc + - fail2ban + - iptables-persistent + + - debug: + msg: The main interface is {{ ansible_default_ipv4.interface }} + + - name: Create a directory if it does not exist + file: + path: /scripts + state: directory + mode: '0755' + + - name: "Create user accounts and add users to groups" + user: + name: "{{ item }}" + shell: "/bin/bash" + with_items: "{{ users }}" + + - name: "Add authorized keys" + authorized_key: + user: "{{ item }}" + key: "{{ lookup('file', 'keys/'+ item + '.key.pub') }}" + with_items: "{{ users }}" + + - name: create rules.v4 + blockinfile: + create: yes + state: present +# path: "/scripts/rules.v4" + dest: "/scripts/rules.v4" + marker: "# {mark} ANSIBLE MANAGED BLOCK #" + block: | + # Generated by iptables-save v1.4.21 on Tue Nov 19 22:41:29 2019 + *filter + :INPUT DROP [0:0] + :FORWARD DROP [0:0] + :OUTPUT ACCEPT [372:91728] + :fail2ban-ssh - [0:0] + -A INPUT -i lo -j ACCEPT + -A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh + -A INPUT -i {{ ansible_default_ipv4.interface }} -p tcp -m tcp --dport 22 -j ACCEPT + -A INPUT -i {{ ansible_default_ipv4.interface }} -p icmp -m icmp --icmp-type 8 -j ACCEPT + -A INPUT -i vcn -p icmp -m icmp --icmp-type 8 -j ACCEPT + -A INPUT -s 172.20.1.125/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda blackfox" -j ACCEPT + -A INPUT -s 172.20.1.65/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda kiwi" -j ACCEPT + -A INPUT -s 172.20.1.90/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment "panda scass1" -j ACCEPT + #-A INPUT -s 172.20.1.82/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment davide -j ACCEPT + #-A INPUT -s 172.20.1.15/32 -i vcn -p tcp -m tcp --dport 22 -m comment --comment encrypt -j ACCEPT + -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + -A INPUT -j DROP + -A OUTPUT -o lo -j ACCEPT + -A fail2ban-ssh -j RETURN + COMMIT + # Completed on Tue Nov 19 22:41:29 2019 + + - name: create rules.v6 + blockinfile: + create: yes + state: present +# path: "/scripts/rules.v4" + dest: "/scripts/rules.v6" + marker: "# {mark} ANSIBLE MANAGED BLOCK #" + block: | + # Generated by ip6tables-save v1.4.21 on Tue Nov 19 22:58:08 2019 + *filter + :INPUT DROP [0:0] + :FORWARD DROP [0:0] + :OUTPUT DROP [0:0] + COMMIT + # Completed on Tue Nov 19 22:58:08 2019 + + - name: reload iptables v4 + action: shell /sbin/iptables-restore -! < /scripts/rules.v4 + + - name: reload iptables v4 + action: shell /sbin/ip6tables-restore -! < /scripts/rules.v6 + + - name: save iptables v4 rules + shell: iptables-save > /etc/iptables/rules.v4 + + - name: save iptables v6 rules + shell: ip6tables-save > /etc/iptables/rules.v6 + + + - name: "Copy file with owner and permissions" + copy: + backup: yes + src: "{{ playbook_dir }}/repo/bashrc" + dest: /root/.bashrc + owner: root + group: root + mode: '0644' + + +- name: "ssh_hardening" + hosts: thismachine + connection: local + roles: + - ssh_hardening diff --git a/hosts b/hosts new file mode 100644 index 0000000..8460724 --- /dev/null +++ b/hosts @@ -0,0 +1,47 @@ +# This is the default ansible 'hosts' file. +# +# It should live in /etc/ansible/hosts +# +# - Comments begin with the '#' character +# - Blank lines are ignored +# - Groups of hosts are delimited by [header] elements +# - You can enter hostnames or ip addresses +# - A hostname/ip can be a member of multiple groups + +# Ex 1: Ungrouped hosts, specify before any group headers. + +#green.example.com +#blue.example.com +#192.168.100.1 +#192.168.100.10 + +# Ex 2: A collection of hosts belonging to the 'webservers' group + +#[webservers] +#alpha.example.org +#beta.example.org +#192.168.1.100 +#192.168.1.110 + +# If you have multiple hosts following a pattern you can specify +# them like this: + +#www[001:006].example.com + +# Ex 3: A collection of database servers in the 'dbservers' group + +#[dbservers] +# +#db01.intranet.mydomain.net +#db02.intranet.mydomain.net +#10.25.1.56 +#10.25.1.57 + +# Here's another example of host ranges, this time there are no +# leading 0s: + +#db-[99:101]-node.example.com + + +[thismachine] +127.0.0.1 diff --git a/keys/panda.key.pub b/keys/panda.key.pub new file mode 100644 index 0000000..e5b16d7 --- /dev/null +++ b/keys/panda.key.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDggvHQafvmP/bTxL4N0ZllGYuHlOVH66iOmgI4FXbndfwhWXumVVWR7W24UTz1SWdfrakDvz87QY4F6mva4pVSNgXQtKCFYewSrCw5+hxF/iHncwYTAq6TJFfGEXtb1irJDEJAnatCINQqZD5vEXkogbansfMvhq0xnnbO0PeTb3QMAGr+2WtZhsUoLY60TQY3nKvTUIzNeCMZBrlNXZueyVTsldyLZY0izkP6c14UjzhrCJ9K0GrbquDyHHb2H3eBiDLknQkmiqWSemWWnZTE0NaJad+tI+yrORa7S5LeuIg1uD0xxkACz+oSIwg8TVDViOyFSUqQ5CoJnQlWKk6YWNyZiPkQSfNt4em/hrVNma6bCgFQaV/pYaRIhze+LkGRyHfC1eHGIK/NGNBYiHF0/sTOpDIFiFrTUXwo5L6J01hR1wu4hjLgRPWteMaPtp6z6ujrTxQo/U1a6b3nKiMzBor4engCsDxJ2ulpy9kRmy5YcEz4+hzmAfI2EcnJALXR2QAGrp5ZYqG7u1aNmzU5P4L78ypJ3q5NWKkUR+RhyNwwb1/BRGhzn4tadjO3Ft0G4LxxTMShWnDBA8N7+WtexP92LuJZm7jPdPC2nF9i5TQInFBNxTzvl3Pk7/ckqUjPXxM57O6ykLuF3FMO6oBPEhGdkddSwNBPUA1oIEmu/w== gino@hl + diff --git a/lldp.yml b/lldp.yml new file mode 100644 index 0000000..185a277 --- /dev/null +++ b/lldp.yml @@ -0,0 +1,8 @@ +# playbook.yml: +--- + +- name: "lldp" + hosts: thismachine + connection: local + roles: + - lldp diff --git a/repo/bashrc b/repo/bashrc new file mode 100644 index 0000000..0962d0e --- /dev/null +++ b/repo/bashrc @@ -0,0 +1,116 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples + +# If not running interactively, don't do anything +case $- in + *i*) ;; + *) return;; +esac + +# don't put duplicate lines or lines starting with space in the history. +# See bash(1) for more options +HISTCONTROL=ignoreboth + +# append to the history file, don't overwrite it +shopt -s histappend + +# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) +HISTSIZE=999999 +HISTFILESIZE=200000 + +# check the window size after each command and, if necessary, +# update the values of LINES and COLUMNS. +shopt -s checkwinsize + +# If set, the pattern "**" used in a pathname expansion context will +# match all files and zero or more directories and subdirectories. +#shopt -s globstar + +# make less more friendly for non-text input files, see lesspipe(1) +#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" + +# set variable identifying the chroot you work in (used in the prompt below) +if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then + debian_chroot=$(cat /etc/debian_chroot) +fi + +# set a fancy prompt (non-color, unless we know we "want" color) +case "$TERM" in + xterm-color) color_prompt=yes;; +esac + +# uncomment for a colored prompt, if the terminal has the capability; turned +# off by default to not distract the user: the focus in a terminal window +# should be on the output of commands, not on the prompt +#force_color_prompt=yes + +if [ -n "$force_color_prompt" ]; then + if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then + # We have color support; assume it's compliant with Ecma-48 + # (ISO/IEC-6429). (Lack of such support is extremely rare, and such + # a case would tend to support setf rather than setaf.) + color_prompt=yes + else + color_prompt= + fi +fi + +if [ "$color_prompt" = yes ]; then + PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\h\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' +else + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' +fi +unset color_prompt force_color_prompt + +# If this is an xterm set the title to user@host:dir +case "$TERM" in +xterm*|rxvt*) + PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\h: \w\a\]$PS1" + ;; +*) + ;; +esac + +# enable color support of ls and also add handy aliases +if [ -x /usr/bin/dircolors ]; then + test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" + alias ls='ls --color=auto' + #alias dir='dir --color=auto' + #alias vdir='vdir --color=auto' + + #alias grep='grep --color=auto' + #alias fgrep='fgrep --color=auto' + #alias egrep='egrep --color=auto' +fi + +# some more ls aliases +alias ll='ls -lahs --color=auto' +#alias la='ls -A' +#alias l='ls -CF' + +# Alias definitions. +# You may want to put all your additions into a separate file like +# ~/.bash_aliases, instead of adding them here directly. +# See /usr/share/doc/bash-doc/examples in the bash-doc package. + +if [ -f ~/.bash_aliases ]; then + . ~/.bash_aliases +fi + +# enable programmable completion features (you don't need to enable +# this, if it's already enabled in /etc/bash.bashrc and /etc/profile +# sources /etc/bash.bashrc). +if ! shopt -oq posix; then + if [ -f /usr/share/bash-completion/bash_completion ]; then + . /usr/share/bash-completion/bash_completion + elif [ -f /etc/bash_completion ]; then + . /etc/bash_completion + fi +fi + +HISTTIMEFORMAT="%Y-%m-%d_%T - " +export PS1="\[\e[00;37m\]\t_\[\e[0m\]\[\e[00;33m\]\u\[\e[0m\]\[\e[00;37m\]@\[\e[0m\]\[\e[01;31m\]\h\[\e[0m\]\[\e[00;37m\]:\[\e[0m\]\[\e[00;36m\][\w]:\\$\[\e[0m\]\[\e[00;37m\]\[\e[0m\]" + +cd ~ + diff --git a/repo/telegraf_settings b/repo/telegraf_settings new file mode 100644 index 0000000..e7db8e4 --- /dev/null +++ b/repo/telegraf_settings @@ -0,0 +1,16 @@ +telegraf now installed, edit /etc/telegraf/telegraf.conf adding: + +[[outputs.influxdb]] + urls = ["http://SERVER:PORT"] + database = "DB" + username = "USER" + password = "PASS" + + +and restart it + +just + +cat repo/telegraf_settings + +for all the info not garbled diff --git a/repo/transmission_settings b/repo/transmission_settings new file mode 100644 index 0000000..5a62f77 --- /dev/null +++ b/repo/transmission_settings @@ -0,0 +1,74 @@ +{ + "alt-speed-down": 1215751, + "alt-speed-enabled": true, + "alt-speed-time-begin": 90, + "alt-speed-time-day": 127, + "alt-speed-time-enabled": false, + "alt-speed-time-end": 420, + "alt-speed-up": 3567586, + "bind-address-ipv4": "0.0.0.0", + "bind-address-ipv6": "::", + "blocklist-enabled": true, + "blocklist-url": "http://john.bitsurge.net/public/biglist.p2p.gz", + "cache-size-mb": 4, + "dht-enabled": true, + "download-dir": "/data/torrents/", + "download-limit": 100, + "download-limit-enabled": 0, + "download-queue-enabled": false, + "download-queue-size": 5, + "encryption": 2, + "idle-seeding-limit": 30, + "idle-seeding-limit-enabled": false, + "incomplete-dir": "/data/torrents/_incomplete/", + "incomplete-dir-enabled": true, + "lpd-enabled": true, + "max-peers-global": 200, + "message-level": 1, + "peer-congestion-algorithm": "", + "peer-id-ttl-hours": 6, + "peer-limit-global": 16959, + "peer-limit-per-torrent": 9999, + "peer-port": 51413, + "peer-port-random-high": 65535, + "peer-port-random-low": 49152, + "peer-port-random-on-start": false, + "peer-socket-tos": "default", + "pex-enabled": true, + "port-forwarding-enabled": false, + "preallocation": 1, + "prefetch-enabled": 1, + "queue-stalled-enabled": true, + "queue-stalled-minutes": 30, + "ratio-limit": 2, + "ratio-limit-enabled": false, + "rename-partial-files": true, + "rpc-authentication-required": true, + "rpc-bind-address": "0.0.0.0", + "rpc-enabled": true, + "rpc-password": "{8ed7b18864b8eba7ea5aa5b5df1ef3c7494f9c7fm7lsHLa0", + "rpc-port": 9091, + "rpc-url": "/transmission/", + "rpc-username": "transmission", + "rpc-whitelist": "0.0.0.0", + "rpc-whitelist-enabled": false, + "scrape-paused-torrents-enabled": true, + "script-torrent-done-enabled": false, + "script-torrent-done-filename": "", + "seed-queue-enabled": false, + "seed-queue-size": 10, + "speed-limit-down": 20000, + "speed-limit-down-enabled": true, + "speed-limit-up": 1020, + "speed-limit-up-enabled": true, + "start-added-torrents": true, + "trash-original-torrent-files": true, + "umask": 18, + "upload-limit": 100, + "upload-limit-enabled": 0, + "upload-slots-per-torrent": 14, + "utp-enabled": true, + "watch-dir": "/data/torrents/_watchdir/", + "watch-dir-enabled": true +} + diff --git a/roles/lldp/tasks/main.yml b/roles/lldp/tasks/main.yml new file mode 100644 index 0000000..f93d3f4 --- /dev/null +++ b/roles/lldp/tasks/main.yml @@ -0,0 +1,29 @@ +- name: Install lldpd + apt: + pkg: + - lldpd + +- name: stop transmission + systemd: + state: stopped + name: lldpd + +- name: memorize hostname variable + shell: hostname + register: hostname + +- set_fact: + hostname={{ hostname.stdout }} + +- name: Add a line to a file if the file does not exist, without passing regexp + lineinfile: +# path: /etc/lldpd.d/hostname.conf + destfile: /etc/lldpd.d/hostname.conf + line: configure system description {{ hostname }} + create: yes + state: present + +- name: stop transmission + systemd: + state: started + name: lldpd diff --git a/roles/ssh_hardening/tasks/main.yml b/roles/ssh_hardening/tasks/main.yml new file mode 100644 index 0000000..bf488e7 --- /dev/null +++ b/roles/ssh_hardening/tasks/main.yml @@ -0,0 +1,13 @@ +- name: Password based logins are disabled - only public key based logins are allowed. + lineinfile: dest=/etc/ssh/sshd_config regexp='^#?AuthenticationMethods' line='AuthenticationMethods publickey' +- lineinfile: dest=/etc/ssh/sshd_config regexp='^#?PasswordAuthentication' line='PasswordAuthentication no' +- lineinfile: dest=/etc/ssh/sshd_config regexp='^#?ChallengeResponseAuthentication' line='ChallengeResponseAuthentication no' +- lineinfile: dest=/etc/ssh/sshd_config regexp='^#?PubkeyAuthentication' line='PubkeyAuthentication yes' +- lineinfile: dest=/etc/ssh/sshd_config regexp='^PermitRootLogin' line='PermitRootLogin No' + +- name: restart sshd + systemd: + state: restarted + daemon_reload: yes + name: sshd + diff --git a/roles/telegraf/tasks/main.yml b/roles/telegraf/tasks/main.yml new file mode 100644 index 0000000..4a5fc30 --- /dev/null +++ b/roles/telegraf/tasks/main.yml @@ -0,0 +1,73 @@ +- name: Install telegraf prerequsistes + apt: + pkg: + - apt-transport-https + - curl + +- name: Add influx repo key + shell: curl -sL https://repos.influxdata.com/influxdb.key | apt-key add - + +#- name: Check system version +# shell: source /etc/os-release +# args: +# executable: /bin/bash +# +#- set_fact: VERSION_ID="{{ lookup('env','VERSION_ID') }}" + +- name: memorize debian version variable + shell: cat /etc/debian_version | cut -d. -f1 + register: debian_version + +- set_fact: + debian_version={{ debian_version.stdout }} + +- name: add repo for debian 7 + when: "{{ debian_version }} == 7" + shell: echo "deb https://repos.influxdata.com/debian wheezy stable" | tee /etc/apt/sources.list.d/influxdb.list + +- name: add repo for debian 8 + when: "{{ debian_version }} == 8" + shell: echo "deb https://repos.influxdata.com/debian jessie stable" | tee /etc/apt/sources.list.d/influxdb.list + +- name: add repo for debian 9 + when: "{{ debian_version }} == 9" + shell: echo "deb https://repos.influxdata.com/debian stretch stable" | tee /etc/apt/sources.list.d/influxdb.list + +- name: Update repositories cache + apt: + update_cache: yes + +- name: telegraf + apt: + pkg: + - telegraf + +- name: create telegraf basic config + shell: telegraf -sample-config -input-filter cpu:mem:swap:net:netstat:disk:diskio:docker:system:processes:kernel:sysstat:conntrack:nstat:iptables:sensors -output-filter influxdb > /etc/telegraf/telegraf.conf + +- name: restart telegraf + systemd: + state: restarted + name: telegraf + +- name: restart telegraf + systemd: + enabled: yes + name: telegraf + +#- name: display public key +# vars: +# debug: +# msg: +# - 'telegraf now installed, edit /etc/telegraf/telegraf.conf adding:' +# - '[[outputs.influxdb]]' +# - ' urls = ["http://172.20.1.168:8086"]' +# - ' database = "telegraf_vcn_int"' +# - ' username = "telegraf_akari"' +# - ' password = "FCw7izWVan8cnh3upuwxtn15pnlhjWY2"' + +- name: display help next steps + vars: + contents: "{{ lookup('file', 'repo/telegraf_settings') }}" + debug: msg="{{ contents.split('\n') }}" + diff --git a/roles/transmission/tasks/main.yml b/roles/transmission/tasks/main.yml new file mode 100644 index 0000000..cc30f96 --- /dev/null +++ b/roles/transmission/tasks/main.yml @@ -0,0 +1,57 @@ +- name: Install transmission + apt: + pkg: + - transmission-daemon + +- name: stop transmission + systemd: + state: stopped + name: transmission-daemon + + +- name: "Copy file with owner and permissions" + copy: + backup: yes + src: "{{ playbook_dir }}/repo/transmission_settings" + dest: /etc/transmission-daemon/settings.json + owner: debian-transmission + group: debian-transmission + mode: '0600' + +- name: Create dir /data + file: + path: /data + state: directory + owner: root + group: root + mode: '0755' + +- name: Create dir /data/torrents + file: + path: /data/torrents + state: directory + owner: debian-transmission + group: debian-transmission + mode: '0755' + +- name: Create dir /data/torrents/_incomplete + file: + path: /data/torrents/_incomplete + state: directory + owner: debian-transmission + group: debian-transmission + mode: '0755' + +- name: Create dir /data/torrents/_watchdir + file: + path: /data/torrents/_watchdir + state: directory + owner: debian-transmission + group: debian-transmission + mode: '0755' + +- name: restart transmission + systemd: + state: restarted + daemon_reload: yes + name: transmission-daemon diff --git a/roles/vcn/tasks/main.yml b/roles/vcn/tasks/main.yml new file mode 100644 index 0000000..7261de4 --- /dev/null +++ b/roles/vcn/tasks/main.yml @@ -0,0 +1,13 @@ +- name: create vcn folder + file: + path: /etc/tinc/vcn + state: directory + mode: '0700' + +- name: create keys + shell: tincd -n vcn -K4096 + +- name: display public key + vars: + contents: "{{ lookup('file', '/etc/tinc/vcn/rsa_key.pub') }}" + debug: msg="vcn public key is {{ contents }}" diff --git a/telegraf.yml b/telegraf.yml new file mode 100644 index 0000000..d988eee --- /dev/null +++ b/telegraf.yml @@ -0,0 +1,9 @@ +# playbook.yml: +--- + +- name: "telegraf" + hosts: thismachine + connection: local + roles: + - telegraf + diff --git a/to_add.txt b/to_add.txt new file mode 100644 index 0000000..cb58509 --- /dev/null +++ b/to_add.txt @@ -0,0 +1,8 @@ +vcn: +nano /lib/systemd/system/tinc@.service + +ExecStart=/usr/sbin/tincd -n %i -D --logfile +ExecReload=/usr/sbin/tincd -n %i -kHUP --logfile + + +systemctl restart tinc@vcn diff --git a/transmission.yml b/transmission.yml new file mode 100644 index 0000000..81f2fdc --- /dev/null +++ b/transmission.yml @@ -0,0 +1,8 @@ +# playbook.yml: +--- + +- name: "transmission" + hosts: thismachine + connection: local + roles: + - transmission diff --git a/vcn.yml b/vcn.yml new file mode 100644 index 0000000..7d9691f --- /dev/null +++ b/vcn.yml @@ -0,0 +1,9 @@ +# playbook.yml: +--- + +- name: "vcn" + hosts: thismachine + connection: local + roles: + - vcn +