Fixed up Playbooks and added Ansible-Lint

2024-08-13 19:30:44 -04:00 · 2024-08-13 19:30:44 -04:00 · 3ecfe15e43
commit 3ecfe15e43
parent cd10d66d6d
7 changed files with 84 additions and 101 deletions
--- a/.github/workflows/ansible-lint.yml
+++ b/.github/workflows/ansible-lint.yml
@ -0,0 +1,10 @@
+name: ansible-lint
+on: [push]
+jobs:
+  build:
+    name: Ansible Lint 
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Run ansible-lint
+        uses: ansible/ansible-lint@main
--- a/Ansible/.ansible-lint
+++ b/Ansible/.ansible-lint
@ -0,0 +1,2 @@
+skip_list:
+  - '403'
--- a/Ansible/elasticsearch.yml
+++ b/Ansible/elasticsearch.yml
--- a/Ansible/fail2ban.yml
+++ b/Ansible/fail2ban.yml
@ -1,18 +1,21 @@
- hosts: linux
+---
+- name: Fail2ban Configuration
+  hosts: linux
  remote_user: bhays
  become: true
  become_user: root
  tasks:
-  - name: Update/install Fail2Ban
-    apt: 
-      name: fail2ban
-      state: latest
-      update_cache: yes
-  - name: Copy Secure Configuration File
-    copy:
-      src: ../Configs/jail.local
-      dest: /etc/fail2ban/jail.local
-  - name: Restart Fail2Ban
-    systemd_service:
-      name: fail2ban
-      state: restarted
+    - name: Update/install Fail2Ban
+      ansible.builtin.apt:
+        name: fail2ban
+        state: latest
+        update_cache: true
+    - name: Copy Secure Configuration File
+      ansible.builtin.copy:
+        mode: "0664"
+        src: ../Configs/jail.local
+        dest: /etc/fail2ban/jail.local
+    - name: Restart Fail2Ban
+      ansible.builtin.systemd:
+        name: fail2ban
+        state: restarted
--- a/Ansible/grafana-docker.yml
+++ b/Ansible/grafana-docker.yml
@ -1,38 +0,0 @@
- hosts: grafana
-  remote_user: bhays
-  become: true
-  become_user: root
-  tasks:
-    - name: Update package cache
-      apt:
-        update_cache: yes
-      tags: docker
-    - name: Install Docker
-      apt:
-        name: docker-compose
-        state: latest
-      tags: docker
-    - name: Ensure Docker service is enabled and started
-      systemd:
-        name: docker
-        state: started
-        enabled: yes
-      tags: docker
-    - name: Add 'bhays' user to Docker group
-      user:
-        name: bhays
-        groups: docker
-        append: yes
-      tags: docker
-    - name: Copy grafana-docker.sh to home directory
-      copy:
-        src: ../Bash/grafana-docker.sh
-        dest: /home/bhays/grafana-docker.sh
-        owner: bhays
-        group: bhays
-        mode: '0755'
-      tags: grafana
-    - name: Execute grafana-docker.sh as root with bash
-      command:
-        cmd: /bin/bash /home/bhays/grafana-docker.sh
-      tags: grafana
--- a/Ansible/openssh.yml
+++ b/Ansible/openssh.yml
@ -1,39 +1,45 @@
- hosts: linux
+- name: OpenSSH Configuration Playbook
+  hosts: linux
  remote_user: bhays
  become: true
  become_user: root
  tasks:
-  - name: Update/install OpenSSH
-    apt: 
-      name: openssh-server
-      state: latest
-      update_cache: yes
-  - name: Add 'bhays' user
-    user:
-      name: bhays
-      groups: sudo,adm
-      append: yes
-      shell: /bin/bash
-      comment: Benjamin Hays
-  - name: Update/install Sudo
-    apt:
-      name: sudo
-      state: latest
-  - name: Ensure .ssh user folder exists
-    file: 
-      path: "/home/bhays/.ssh/"
-      state: directory
-  - name: Copy public key
-    copy:
-     src: ~/.ssh/authorized_keys
-     dest: /home/bhays/.ssh/authorized_keys
-  - name: Copy Secure Configuration File
-    copy:
-      src: ../Configs/sshd_config
-      dest: /etc/ssh/sshd_config
-  
-  - name: Restart OpenSSH
-    systemd:
-      name: sshd
-      state: restarted
-
+    - name: Update/install OpenSSH
+      ansible.builtin.apt:
+        name: openssh-server
+        state: latest
+        update_cache: true
+    - name: Add 'bhays' user
+      ansible.builtin.user:
+        name: bhays
+        groups: sudo,adm
+        append: true
+        shell: /bin/bash
+        comment: Benjamin Hays
+    - name: Update/install Sudo
+      ansible.builtin.apt:
+        name: sudo
+        state: latest
+    - name: Ensure .ssh user folder exists
+      ansible.builtin.file:
+        path: "/home/bhays/.ssh/"
+        owner: bhays
+        group: bhays
+        mode: "0600"
+        state: directory
+    - name: Copy public key
+      ansible.builtin.copy:
+        owner: bhays
+        mode: "0600"
+        src: ~/.ssh/authorized_keys
+        dest: /home/bhays/.ssh/authorized_keys
+    - name: Copy Secure Configuration File
+      ansible.builtin.copy:
+        owner: bhays
+        mode: "0600"
+        src: ../Configs/sshd_config
+        dest: /etc/ssh/sshd_config
+    - name: Restart OpenSSH
+      ansible.builtin.systemd:
+        name: sshd
+        state: restarted
--- a/Ansible/proxmox.yml
+++ b/Ansible/proxmox.yml
@ -1,27 +1,27 @@
- hosts: proxmox
+---
+- name: Proxmox Configuration Playbook
+  hosts: proxmox
  remote_user: root
  tasks:
    - name: Adding ansible SSH Pubkey as authorized
-      copy:
+      ansible.builtin.copy:
+        mode: "0600"
        src: ~/.ssh/authorized_keys
        dest: /root/.ssh/authorized_keys
-    
-    - name: adding PVE-no-subscription repo
-      blockinfile:
+    - name: Adding PVE-no-subscription repo
+      ansible.builtin.blockinfile:
        path: /etc/apt/sources.list
-        insertbefore: "^# security"
+        insertbefore: ^# security
        block: |
          # PVE pve-no-subscription repository provided by proxmox.com,
          # NOT recommended for production use
          deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
-
-    - name: upgrading system
-      apt:
+    - name: Upgrading system
+      ansible.builtin.apt:
        upgrade: full
-        update_cache: yes
+        update_cache: true
        cache_valid_time: 7200
-
-    - name: installing sudo
-      apt:
+    - name: Installing sudo
+      ansible.builtin.apt:
        name: sudo
-        state: present
+        state: present