@@ -0,0 +1,3 @@ | |||
[defaults] | |||
log_path=ansible.log | |||
nocows = 1 |
@@ -0,0 +1,7 @@ | |||
access_list: | |||
- { keypath: "../keys/admin.pub", username: "root" } | |||
- { keypath: "../keys/techguy.pub", username: "root" } | |||
- { keypath: "../keys/interserver.pub", username: "root" } | |||
secret_list: | |||
- { keypath: "../keys/interserver.pem", username: "root" } |
@@ -0,0 +1,8 @@ | |||
access_list: | |||
- { keypath: "../keys/interserver.pub", username: "root" } | |||
- { keypath: "../keys/admin.pub", username: "root" } | |||
- { keypath: "../keys/project-git.pub", username: "root" } | |||
- { keypath: "../keys/developer1.pub", username: "root" } | |||
- { keypath: "../keys/developer2.pub", username: "root" } | |||
secret_list: |
@@ -0,0 +1,4 @@ | |||
access_list: | |||
- { keypath: "../keys/admin.pub", username: "root" } | |||
- { keypath: "../keys/techguy.pub", username: "root" } | |||
secret_list: |
@@ -0,0 +1,8 @@ | |||
access_list: | |||
- { keypath: "../keys/admin.pub", username: "root" } | |||
- { keypath: "../keys/techguy.pub", username: "root" } | |||
- { keypath: "../keys/interserver.pub", username: "root" } | |||
secret_list: | |||
- { keypath: "../keys/interserver.pem", username: "root" } | |||
@@ -0,0 +1,15 @@ | |||
[monitoring] | |||
monitor ansible_host=44.165.225.144 ansible_user=root ansible_ssh_private_key_file="secrets/superkey.pem" | |||
[hetzner:children] | |||
hetzner-balancers | |||
hetzner-nodes | |||
[hetzner-nodes] | |||
hetzner-node0 ansible_host=145.251.216.112 ansible_user=root ansible_ssh_private_key_file="secrets/superkey.pem" | |||
hetzner-node1 ansible_host=154.64.4.185 ansible_user=root ansible_ssh_private_key_file="secrets/superkey.pem" | |||
hetzner-node2 ansible_host=168.251.172.244 ansible_user=root ansible_ssh_private_key_file="secrets/superkey.pem" | |||
[hetzner-balancers] | |||
hetzner-balancer0 ansible_host=145.251.216.154 ansible_user=root ansible_ssh_private_key_file="secrets/superkey.pem" | |||
hetzner-balancer1 ansible_host=78.46.246.78 ansible_user=root ansible_ssh_private_key_file="secrets/superkey.pem" |
@@ -0,0 +1 @@ | |||
allow_duplicates: true |
@@ -0,0 +1,7 @@ | |||
--- | |||
- name: Set administrative keys and delete others | |||
authorized_key: | |||
user: root | |||
state: present | |||
exclusive: True | |||
key: "{{ lookup('file', 'secrets/superkey.pub') }}" |
@@ -0,0 +1 @@ | |||
allow_duplicates: true |
@@ -0,0 +1,18 @@ | |||
--- | |||
- name: Minimum packages for Debian-like | |||
apt: name="{{ item }}" state=present update_cache=yes | |||
become: yes | |||
with_items: | |||
- mc | |||
- htop | |||
when: (ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian') and preinstall is defined | |||
- name: Minimum packages for RedHat-like | |||
become: yes | |||
yum: name="{{ item }}" state=present update_cache=yes | |||
with_items: | |||
- mc | |||
- htop | |||
when: (ansible_distribution == 'Red Hat' or ansible_distribution == 'Centos') and preinstall is defined | |||
@@ -0,0 +1 @@ | |||
allow_duplicates: true |
@@ -0,0 +1,21 @@ | |||
--- | |||
#- debug: | |||
# msg: "{{ access_list }}" | |||
- name: Set authorized keys | |||
become: true | |||
become_user: "{{ item.username }}" | |||
authorized_key: user="{{ item.username }}" key="{{ lookup('file', item.keypath) }}" state=present | |||
with_items: "{{ access_list }}" | |||
when: access_list != None and access_list is defined | |||
#- debug: | |||
# msg: "{{ secret_list }}" | |||
- name: Upload secret keys | |||
become: true | |||
become_user: "{{ item.username }}" | |||
copy: src="{{ item.keypath }}" dest="~/.ssh/{{ item.keypath | basename }}" mode=0600 | |||
with_items: "{{ secret_list }}" | |||
when: secret_list != None and secret_list is defined | |||
@@ -0,0 +1,27 @@ | |||
-----BEGIN RSA PRIVATE KEY----- | |||
MIIEpAIBAAKCAQEAwNv29GRDfroj6Ue5iPsj/E5nX7QWRPzfHIj8pMms3+YY/rt6 | |||
em077AXFGQITr874Y5tnjS7joO1LnOU71D/Yy80ty4kqL56U20OBGLrFxv/swJgf | |||
QweSv9nFkj+sEONqu/kM7Ailu4sOkcAzH/aA8tLVpAyC5xf+wYhtX3twUkbSPgpG | |||
N6hV/TaNMt27moWwOMui0Hm6EYriPYBD7c7wHwgLwkksq+SLLHDqJqiWrBSRnwCv | |||
KBAIpMyqwhjLICk7LyuAZdXF+LdJXssXLnnpwl1HspkRt/QhbznRqyLqdD6pfVRv | |||
yRalZxK7xv8akYlCzzWgCHGbw98KexUBLcw8oQIDAQABAoIBAFcjS7pyjth0bANc | |||
B+Vva3v1RNnF+YXkJz6yWkxuXvCu+z4lIRqtvjRPCxXYjWKTBkGjFq+ArxKoBND3 | |||
9gdZba/vnbBn4iqv4RwMrQiqYvAd9C+0y/MyOcj7MTx6Dll3F2OlDISdB5zsIIIU | |||
MEVR0ENmpWbAzGhzvARfiuNoV4CkfCMk8+1l5m0eLuFih74IW3Ka62tUx6DUIl9/ | |||
KTsgFqsGY7if6RomEWJssoDWYhfVpy2PyIR9Rvs3sTSKXKlHAZIewTbiwsjsknjw | |||
8x6eJpi6KogZ2jsgmjOzAUkyAjFm5+Su7l0H58nJk6V0b4eskXGZD4nzzmUSmjEw | |||
L1MmW90CgYEA59RpCp3t0MGX5IPkKezaCXC6uvP1cUPKIcz9MrYDDzX4mWUIiKza | |||
hyPPllmV75sUk11/bMcwOlYiRlpwCRq6Wh5BV3D34/YSNF7gOyUkNrEWt04UAlSD | |||
pwEP8RMv+GXhPGfWJrhuF3zTYoWy8347LKuKgkLxDgWYwvYaJTXMVDsCgYEA1Pds | |||
Poup+X8eOOtF80w8T7joTEI4TM0h7LdJnK8Don99jG4dQdgXB/r8qsCSkjHG6nkn | |||
6qsJXEULybxuc4qD444LwNWAVVxHE6e69plW5jtzO5ZXEEMFOpBawAZDIOtiePUr | |||
ZrXp4X48o429XWBenZPJZmtCFCnd8943AEkLcNMCgYEAocEMNZMx3qllMNVxumr/ | |||
Svzz3QPhKlFRVLoxpFNo2REgTu82wB5TL12mNtJ1EkSTW6suAJkOpnV43ru1VjTm | |||
94AKuVciL1V/KDlWnQ3yMZLoNaftwB516W2NUPjBTMDRIhOVUVj3v72hxCljTg+y | |||
fB2IvBC3HsB68PVEEthxpAcCgYA+3N39xFojBGvWX1RhkcJHwgwH3pAh03dNGXlI | |||
H70R7VIQ7rwCIJgDygllGbzqHHlb4vFuapgzvUnSfaWYw21U8Sv0+tCL4dY1LhCZ | |||
FAA7q5bDIwiGC1JyzAONpQuRnwmNLMln4xCreAjMOl2IP5cOKn6LleOGcilK/+/6 | |||
TJVs8wKBgQDSOzTch2lQViWQhSFO2nnQ5Os7nLhQGhWLQP+L6JJiTIeAv0oITyQC | |||
IVOzsysepQYnm/bSHDXRHpzYR/Cq2FJIIPKvBIHuh60zqhpfpG97+fCibRFfWcoe | |||
DFR+2w5mcReEHjwAT5dVBfYVlLb75Zmu7P0/C4KG6DGtRNxEGSjUSw== | |||
-----END RSA PRIVATE KEY----- |
@@ -0,0 +1 @@ | |||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA2/b0ZEN+uiPpR7mI+yP8TmdftBZE/N8ciPykyazf5hj+u3p6bTvsBcUZAhOvzvhjm2eNLuOg7Uuc5TvUP9jLzS3LiSovnpTbQ4EYusXG/+zAmB9DB5K/2cWSP6wQ42q7+QzsCKW7iw6RwDMf9oDy0tWkDILnF/7BiG1fe3BSRtI+CkY3qFX9No0y3buahbA4y6LQeboRiuI9gEPtzvAfCAvCSSyr5IsscOomqJasFJGfAK8oEAikzKrCGMsgKTsvK4Bl1cX4t0leyxcueenCXUeymRG39CFvOdGrIup0Pql9VG/JFqVnErvG/xqRiULPNaAIcZvD3wp7FQEtzDyh demo key. do not use it! |
@@ -0,0 +1,3 @@ | |||
#!/bin/bash | |||
ansible-playbook ssh-keys.yml -i inventory.ini |
@@ -0,0 +1,7 @@ | |||
--- | |||
- hosts: all | |||
gather_facts: True | |||
roles: | |||
- master_key | |||
- preinstall | |||
- ssh_access |