No Description

panda 7e3287de15 fixed container detection 1 month ago
debug 2e7b7c48b4 fix singularity 4 years ago
keys 4881a7d3ec second commit 4 years ago
repo 3601beb92b added docker-host 1 year ago
roles 8c73fe8f97 added support for docker-compose on aarch64 1 year ago
README.md 74744116ee Update 'README.md' 1 month ago
common.yml 7e3287de15 fixed container detection 1 month ago
docker.yml ca85dc19c8 fixed local execution 2 years ago
docker_host.yml 3601beb92b added docker-host 1 year ago
hosts 0016da9fed first commit 4 years ago
lldp.yml e1221e9071 fixed local execution 2 years ago
singularity.yml c2e3eeb0ff fixed local execution 2 years ago
telegraf.yml 24f0bf427f fixed local execution 2 years ago
tincvpn.yml f8ebbf73a5 fixed local execution 2 years ago
to_add.txt 4881a7d3ec second commit 4 years ago
tor.yml b009d17cc5 fixed local execution 2 years ago
transmission.yml 1f92da638a fixed local execution 2 years ago
variables.yml 093a061415 updated docker-compose to fetch latest version without specifying which one 1 year ago

README.md

Table of contents

NOTA BENE

I've tested the playbooks on:

  • Debian 9
  • Debian 10
  • Debian 11 (everything)
  • Debian 12
  • Ubuntu 20.04
  • Ubuntu 22.04 (common,docker_host)
  • Centos 7 (almost everything)

I've started converting the roles to distinguish between OSes but it's incomplete.

I'ts being tested also on LXC containers and I've added a skip of sysctl tasks when in a container. You can check the case by using: systemd-detect-virt none: baremetal kvm: vm (on Proxmox) lxc: container (on Proxmox)

Prerequisites

install ansible:

apt-get install -y ansible

add hosts lines to ansible:

echo "[thismachine]" >> /etc/ansible/hosts
echo "127.0.0.1" >> /etc/ansible/hosts

Setup

you have to change at least 2 variables:

  • users
  • hostname

which by default are set to "CHANGEME" anche the playbook is set to fail if these are set to CHANGEME

insert your user in:

variables.yml

in the list:

    users:
      goofy

and their ssh keys in the folder

keys

in form of filename:

goofy.key.pub

and format:

ssh-rsa [/CUT] user@host

insert your hostname in

variables.yml

in the variable:

hostname:

Run defaults

ansible-playbook common.yml

or if you are running as non-root:

sudo ansible-playbook common.yml

this playbok will:

  • check if the variables are set
  • change the hostname to the one that has been set in the variables
  • set the timezone to the one in the variables (default: Europe/Rome)
  • update repositories
  • install base packages
  • retrieve the main network interface (the one that is associated with the default gateway)
  • iptables:
    • create the users defined in the variables with the keys
    • create basic ipv4 rules
    • create blocking ipv6 rules
    • apply said rules in iptables-persistent
  • fix bashrc how I like it
  • harden ssh

Run optionals

  • docker.yml
    • installs docker-ce and docker-compose (variable in variables.yml for latest of docker-compose)
  • lldp.yml
    • installs and enables LLDP
  • telegraf.yml
  • tincvpn.yml
  • transmission.yml
  • singularity.yml
    • installs go and builds and installs singularity
  • tor.yml
    • installs tor base from tor repo

Versions

Git push

git add --all
git commit -m "added things to readme"
git push -u origin master

or:

git add --all && git commit -m "message" && git push -u origin master

TODO

  • fix the installation that is only for deb systems in common.yml
  • test on centos