diff --git a/.github/workflows/ansible-lint.yml b/.github/workflows/ansible-lint.yml new file mode 100644 index 0000000..a5178e4 --- /dev/null +++ b/.github/workflows/ansible-lint.yml @@ -0,0 +1,10 @@ +name: ansible-lint +on: [push] +jobs: + build: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Run ansible-lint + uses: ansible/ansible-lint@main diff --git a/Ansible/.ansible-lint b/Ansible/.ansible-lint new file mode 100644 index 0000000..c1648fc --- /dev/null +++ b/Ansible/.ansible-lint @@ -0,0 +1,2 @@ +skip_list: + - '403' diff --git a/Ansible/elasticsearch.yml b/Ansible/elasticsearch.yml deleted file mode 100644 index e69de29..0000000 diff --git a/Ansible/fail2ban.yml b/Ansible/fail2ban.yml index 191bf2a..4a6adef 100644 --- a/Ansible/fail2ban.yml +++ b/Ansible/fail2ban.yml @@ -1,18 +1,21 @@ -- hosts: linux +--- +- name: Fail2ban Configuration + hosts: linux remote_user: bhays become: true become_user: root tasks: - - name: Update/install Fail2Ban - apt: - name: fail2ban - state: latest - update_cache: yes - - name: Copy Secure Configuration File - copy: - src: ../Configs/jail.local - dest: /etc/fail2ban/jail.local - - name: Restart Fail2Ban - systemd_service: - name: fail2ban - state: restarted + - name: Update/install Fail2Ban + ansible.builtin.apt: + name: fail2ban + state: latest + update_cache: true + - name: Copy Secure Configuration File + ansible.builtin.copy: + mode: "0664" + src: ../Configs/jail.local + dest: /etc/fail2ban/jail.local + - name: Restart Fail2Ban + ansible.builtin.systemd: + name: fail2ban + state: restarted diff --git a/Ansible/grafana-docker.yml b/Ansible/grafana-docker.yml deleted file mode 100644 index 80598cd..0000000 --- a/Ansible/grafana-docker.yml +++ /dev/null @@ -1,38 +0,0 @@ -- hosts: grafana - remote_user: bhays - become: true - become_user: root - tasks: - - name: Update package cache - apt: - update_cache: yes - tags: docker - - name: Install Docker - apt: - name: docker-compose - state: latest - tags: docker - - name: Ensure Docker service is enabled and started - systemd: - name: docker - state: started - enabled: yes - tags: docker - - name: Add 'bhays' user to Docker group - user: - name: bhays - groups: docker - append: yes - tags: docker - - name: Copy grafana-docker.sh to home directory - copy: - src: ../Bash/grafana-docker.sh - dest: /home/bhays/grafana-docker.sh - owner: bhays - group: bhays - mode: '0755' - tags: grafana - - name: Execute grafana-docker.sh as root with bash - command: - cmd: /bin/bash /home/bhays/grafana-docker.sh - tags: grafana \ No newline at end of file diff --git a/Ansible/openssh.yml b/Ansible/openssh.yml index 5964045..c80f2d7 100644 --- a/Ansible/openssh.yml +++ b/Ansible/openssh.yml @@ -1,39 +1,45 @@ -- hosts: linux +- name: OpenSSH Configuration Playbook + hosts: linux remote_user: bhays become: true become_user: root tasks: - - name: Update/install OpenSSH - apt: - name: openssh-server - state: latest - update_cache: yes - - name: Add 'bhays' user - user: - name: bhays - groups: sudo,adm - append: yes - shell: /bin/bash - comment: Benjamin Hays - - name: Update/install Sudo - apt: - name: sudo - state: latest - - name: Ensure .ssh user folder exists - file: - path: "/home/bhays/.ssh/" - state: directory - - name: Copy public key - copy: - src: ~/.ssh/authorized_keys - dest: /home/bhays/.ssh/authorized_keys - - name: Copy Secure Configuration File - copy: - src: ../Configs/sshd_config - dest: /etc/ssh/sshd_config - - - name: Restart OpenSSH - systemd: - name: sshd - state: restarted - + - name: Update/install OpenSSH + ansible.builtin.apt: + name: openssh-server + state: latest + update_cache: true + - name: Add 'bhays' user + ansible.builtin.user: + name: bhays + groups: sudo,adm + append: true + shell: /bin/bash + comment: Benjamin Hays + - name: Update/install Sudo + ansible.builtin.apt: + name: sudo + state: latest + - name: Ensure .ssh user folder exists + ansible.builtin.file: + path: "/home/bhays/.ssh/" + owner: bhays + group: bhays + mode: "0600" + state: directory + - name: Copy public key + ansible.builtin.copy: + owner: bhays + mode: "0600" + src: ~/.ssh/authorized_keys + dest: /home/bhays/.ssh/authorized_keys + - name: Copy Secure Configuration File + ansible.builtin.copy: + owner: bhays + mode: "0600" + src: ../Configs/sshd_config + dest: /etc/ssh/sshd_config + - name: Restart OpenSSH + ansible.builtin.systemd: + name: sshd + state: restarted diff --git a/Ansible/proxmox.yml b/Ansible/proxmox.yml index 1c42128..c974986 100644 --- a/Ansible/proxmox.yml +++ b/Ansible/proxmox.yml @@ -1,27 +1,27 @@ -- hosts: proxmox +--- +- name: Proxmox Configuration Playbook + hosts: proxmox remote_user: root tasks: - name: Adding ansible SSH Pubkey as authorized - copy: + ansible.builtin.copy: + mode: "0600" src: ~/.ssh/authorized_keys dest: /root/.ssh/authorized_keys - - - name: adding PVE-no-subscription repo - blockinfile: + - name: Adding PVE-no-subscription repo + ansible.builtin.blockinfile: path: /etc/apt/sources.list - insertbefore: "^# security" + insertbefore: ^# security block: | # PVE pve-no-subscription repository provided by proxmox.com, # NOT recommended for production use deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription - - - name: upgrading system - apt: + - name: Upgrading system + ansible.builtin.apt: upgrade: full - update_cache: yes + update_cache: true cache_valid_time: 7200 - - - name: installing sudo - apt: + - name: Installing sudo + ansible.builtin.apt: name: sudo - state: present \ No newline at end of file + state: present