nicolas
/
Rasberry-PI-at-ITIX
mirror of https://github.com/nmasse-itix/Rasberry-PI-at-ITIX.git
1
0
Fork 0
Code Issues Releases Wiki Activity
My Ansible playbooks to install my Raspberry PI
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
28 KiB
Tree: c5b89633ce
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'c5b89633ce'
${ noResults }
Rasberry-PI-at-ITIX/roles/base/tasks/main.yml

73 lines
2.2 KiB
Raw Blame History

---
- name: Create groups
group: name={{ item.name }} state=present
with_items: "{{ itix_groups }}"
tags: bootstrap
- name: Create users
user: state=present name={{ item.login }} group={{ item.group }} groups={{ item.groups }} uid={{ item.uid }} comment={{ item.comment }} password={{ item.password }}
with_items: "{{ itix_users }}"
tags: bootstrap
- name: Create the .ssh directory for users
file: state=directory owner={{ item.login }} group={{ item.group }} mode=0700 path=/home/{{ item.login }}/.ssh
with_items: "{{ itix_users }}"
tags: bootstrap
- name: Set a strong root password (only usable from console)
user: name=root password={{ root_password }}
tags: bootstrap
- name: Set SSH key for users
authorized_key: user={{ item.login }} key="{{ item.ssh_public_key }}"
with_items: "{{ itix_users }}"
when: "item.ssh_public_key is defined"
tags: bootstrap
- name: Tell SSHD not to use DNS
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *UseDNS +" line="UseDNS no"
notify: restart sshd
tags: config
- name: Tell SSHD to forbid root accesses
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PermitRootLogin +" line="PermitRootLogin no"
notify: restart sshd
tags: config
- name: Tell SSHD to forbid password accesses
lineinfile: dest=/etc/ssh/sshd_config regexp="^#* *PasswordAuthentication +" line="PasswordAuthentication no"
notify: restart sshd
tags: config
- name: Install some software
dnf: name={{ item }} state=installed
with_items:
- vim-enhanced
- tmux
- unzip
- tcpdump
- telnet
- strace
- man-pages
- man
- iptraf
- wget
- openssh-clients
tags: rpm
- name: Fix /etc/environment to include PATH
lineinfile: dest=/etc/environment regexp="^PATH=" line="PATH=/bin:/usr/bin:/sbin:/usr/sbin"
tags: config
- name: Set the hostname
command: hostnamectl set-hostname {{ inventory_hostname_short }} --static
tags:
- config
- dns
- name: Ensure consistent locale across systems (1/2)
lineinfile: dest=/etc/locale.conf regexp="^LANG=" line="LANG=en_US.utf8"
- name: Ensure consistent locale across systems (2/2)
lineinfile: dest=/etc/locale.conf line="LC_CTYPE=en_US.utf8"