BenHays42/homelab-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed up Playbooks and added Ansible-Lint

Browse Source
This commit is contained in:
Benjamin Hays 2024-08-13 19:30:44 -04:00
parent cd10d66d6d
commit 3ecfe15e43
7 changed files with 84 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/ansible-lint.yml vendored Normal file
View File

@ -0,0 +1,10 @@
name: ansible-lint
on: [push]
jobs:
build:
name: Ansible Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Run ansible-lint
uses: ansible/ansible-lint@main

2
Ansible/.ansible-lint Normal file
View File

@ -0,0 +1,2 @@
skip_list:
- '403'

0
Ansible/elasticsearch.yml
View File

13
Ansible/fail2ban.yml
View File

@ -1,18 +1,21 @@
- hosts: linux ---
- name: Fail2ban Configuration
hosts: linux
remote_user: bhays remote_user: bhays
become: true become: true
become_user: root become_user: root
tasks: tasks:
- name: Update/install Fail2Ban - name: Update/install Fail2Ban
apt: ansible.builtin.apt:
name: fail2ban name: fail2ban
state: latest state: latest
update_cache: yes update_cache: true
- name: Copy Secure Configuration File - name: Copy Secure Configuration File
copy: ansible.builtin.copy:
mode: "0664"
src: ../Configs/jail.local src: ../Configs/jail.local
dest: /etc/fail2ban/jail.local dest: /etc/fail2ban/jail.local
- name: Restart Fail2Ban - name: Restart Fail2Ban
systemd_service: ansible.builtin.systemd:
name: fail2ban name: fail2ban
state: restarted state: restarted

38
Ansible/grafana-docker.yml
View File

@ -1,38 +0,0 @@
- hosts: grafana
remote_user: bhays
become: true
become_user: root
tasks:
- name: Update package cache
apt:
update_cache: yes
tags: docker
- name: Install Docker
apt:
name: docker-compose
state: latest
tags: docker
- name: Ensure Docker service is enabled and started
systemd:
name: docker
state: started
enabled: yes
tags: docker
- name: Add 'bhays' user to Docker group
user:
name: bhays
groups: docker
append: yes
tags: docker
- name: Copy grafana-docker.sh to home directory
copy:
src: ../Bash/grafana-docker.sh
dest: /home/bhays/grafana-docker.sh
owner: bhays
group: bhays
mode: '0755'
tags: grafana
- name: Execute grafana-docker.sh as root with bash
command:
cmd: /bin/bash /home/bhays/grafana-docker.sh
tags: grafana

30
Ansible/openssh.yml
View File

@ -1,39 +1,45 @@
- hosts: linux - name: OpenSSH Configuration Playbook
hosts: linux
remote_user: bhays remote_user: bhays
become: true become: true
become_user: root become_user: root
tasks: tasks:
- name: Update/install OpenSSH - name: Update/install OpenSSH
apt: ansible.builtin.apt:
name: openssh-server name: openssh-server
state: latest state: latest
update_cache: yes update_cache: true
- name: Add 'bhays' user - name: Add 'bhays' user
user: ansible.builtin.user:
name: bhays name: bhays
groups: sudo,adm groups: sudo,adm
append: yes append: true
shell: /bin/bash shell: /bin/bash
comment: Benjamin Hays comment: Benjamin Hays
- name: Update/install Sudo - name: Update/install Sudo
apt: ansible.builtin.apt:
name: sudo name: sudo
state: latest state: latest
- name: Ensure .ssh user folder exists - name: Ensure .ssh user folder exists
file: ansible.builtin.file:
path: "/home/bhays/.ssh/" path: "/home/bhays/.ssh/"
owner: bhays
group: bhays
mode: "0600"
state: directory state: directory
- name: Copy public key - name: Copy public key
copy: ansible.builtin.copy:
owner: bhays
mode: "0600"
src: ~/.ssh/authorized_keys src: ~/.ssh/authorized_keys
dest: /home/bhays/.ssh/authorized_keys dest: /home/bhays/.ssh/authorized_keys
- name: Copy Secure Configuration File - name: Copy Secure Configuration File
copy: ansible.builtin.copy:
owner: bhays
mode: "0600"
src: ../Configs/sshd_config src: ../Configs/sshd_config
dest: /etc/ssh/sshd_config dest: /etc/ssh/sshd_config
- name: Restart OpenSSH - name: Restart OpenSSH
systemd: ansible.builtin.systemd:
name: sshd name: sshd
state: restarted state: restarted

26
Ansible/proxmox.yml
View File

@ -1,27 +1,27 @@
- hosts: proxmox ---
- name: Proxmox Configuration Playbook
hosts: proxmox
remote_user: root remote_user: root
tasks: tasks:
- name: Adding ansible SSH Pubkey as authorized - name: Adding ansible SSH Pubkey as authorized
copy: ansible.builtin.copy:
mode: "0600"
src: ~/.ssh/authorized_keys src: ~/.ssh/authorized_keys
dest: /root/.ssh/authorized_keys dest: /root/.ssh/authorized_keys
- name: Adding PVE-no-subscription repo
- name: adding PVE-no-subscription repo ansible.builtin.blockinfile:
blockinfile:
path: /etc/apt/sources.list path: /etc/apt/sources.list
insertbefore: "^# security" insertbefore: ^# security
block: | block: |
# PVE pve-no-subscription repository provided by proxmox.com, # PVE pve-no-subscription repository provided by proxmox.com,
# NOT recommended for production use # NOT recommended for production use
deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription
- name: Upgrading system
- name: upgrading system ansible.builtin.apt:
apt:
upgrade: full upgrade: full
update_cache: yes update_cache: true
cache_valid_time: 7200 cache_valid_time: 7200
- name: Installing sudo
- name: installing sudo ansible.builtin.apt:
apt:
name: sudo name: sudo
state: present state: present