No Description

panda 49da73c8fa added instructions for non-root users		4 years ago
debug	2e7b7c48b4 fix singularity	4 years ago
keys	4881a7d3ec second commit	4 years ago
repo	0016da9fed first commit	4 years ago
roles	e6014d1355 removed part of iptables command for compatibility	4 years ago
README.md	49da73c8fa added instructions for non-root users	4 years ago
common.yml	4aa137f8a6 added ssh to the packages installation since it might not be installed and the hardening is not optional	4 years ago
docker.yml	e9fa43f8e0 add docker	4 years ago
hosts	0016da9fed first commit	4 years ago
lldp.yml	0016da9fed first commit	4 years ago
singularity.yml	2d15791ead added singularity	4 years ago
telegraf.yml	0016da9fed first commit	4 years ago
tincvpn.yml	e9fa43f8e0 add docker	4 years ago
to_add.txt	4881a7d3ec second commit	4 years ago
tor.yml	d57d37b693 add tor	4 years ago
transmission.yml	0016da9fed first commit	4 years ago
variables.yml	e8837a173c fix README	4 years ago

Prerequisites
Setup
Run defaults
Run optionals
Versions
Git push

NOTA BENE

I've tested the playbooks mainly on Debian 9 and ubuntu (server) 18.04 LTS running as root, on Ubuntu (Desktop) 19.04 running ad user. I've started converting the roles to distinguish between OSes but it's incomplete.

Prerequisites

install ansible:

apt-get install -y ansible

add hosts lines to ansible:

echo "[thismachine]" >> /etc/ansible/hosts
echo "127.0.0.1" >> /etc/ansible/hosts

Setup

you have to change at least 2 variables:

users
hostname

which by default are set to "CHANGEME" anche the playbook is set to fail if these are set to CHANGEME

insert your user in:

variables.yml

in the list:

    users:
      goofy

and their ssh keys in the folder

keys

in form of filename:

goofy.key.pub

and format:

ssh-rsa [/CUT] user@host

insert your hostname in

variables.yml

in the variable:

hostname:

Run defaults

ansible-playbook common.yml

or if you are running as non-root:

sudo ansible-playbook common.yml

this playbok will:

check if the variables are set
change the hostname to the one that has been set in the variables
set the timezone to the one in the variables (default: Europe/Rome)
update repositories
install base packages
retrieve the main network interface (the one that is associated with the default gateway)
iptables:
- create the users defined in the variables with the keys
- create basic ipv4 rules
- create blocking ipv6 rules
- apply said rules in iptables-persistent
fix bashrc how I like it
harden ssh

Run optionals

docker.yml
- installs docker-ce and docker-compose (variable in variables.yml for latest of docker-compose)
lldp.yml
- installs and enables LLDP
telegraf.yml
tincvpn.yml
transmission.yml
singularity.yml
- installs go and builds and installs singularity
tor.yml
- installs tor base from tor repo

Versions

docker-compose:
- variable: compose_ver
- look here: https://github.com/docker/compose/releases/latest
go:
- variable: singularity_go_ver
- look here: https://golang.org/dl/ , the package is like go1.14.linux-amd64.tar.gz and you take the "1.14"
singularity:
- varaible: singularity_ver
- look here: https://github.com/sylabs/singularity/releases/latest

Git push

git add --all
git commit -m "added things to readme"
git push -u origin master

or:

git add --all && git commit -m "message" && git push -u origin master

TODO

fix the installation that is only for deb systems in common.yml
test on centos

README.md

Table of contents