commit 3e20eb8828d5d0510215646858e41fae0a7e96d9
Author: Frank Villaro-Dixon <frank@villaro-dixon.eu>
Date:   Fri Oct 4 18:52:39 2024 +0200

    Create basic repo
    
    Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu>

diff --git a/defaults/main.yml b/defaults/main.yml
new file mode 100644
index 0000000..6fede56
--- /dev/null
+++ b/defaults/main.yml
@@ -0,0 +1,11 @@
+ntp_servers:
+  - chronos.ntp.k3s.fr
+  - ntp-s2-cra.ntp.k3s.fr
+  - ntp-s2-ces.ntp.k3s.fr
+
+ssh_keys:
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChSPXfIMvZHaK6c1mDNubZCNuR+908kzJGqQhhZ0kzjL3Gh/rdLVLBSEael2pEJeuSSA6ADHz/AneQnXqLLod1wHtirq9yspyjTRmEWNXiWI5giZ0Mz/twe4wMpBDZ8YX8XM0zxWhyzoidLI/yomA63s30v0UyzmUesSfRwHQJ3Md56pA0ZEomdMH97sNdgMOjlUlyAFdwuK8zVkbeCdbT/eCHM28PCT366KOOJfoaGQpVagIkrUBXjEvOIjnMAxy3gqfJ8kS/iFxDgws3m5o93Pm+WdWdcPLf/ir9NUwPt8l2GV2lCapWFnMC8ZqgdvTxlFikBZaTss8rO8SKB5QkG6eoypsbIaK9GGnRgOM/zGdX7e5rVW1N1Y6O8qoykuY9EQykN4Y48h1q/aGD6HGuxqeP9cqD4HUJyL9K62D3k8At6KO2BLCKbp5hPZ5tvHgfQK2ARa0rR5L/m08Hxac6qI2JDdWTa4XJnJj9+F/D7pYRZ/tzrYwMy+nTXarC5/JDsuC9sv5MR1vcjSuzjLB0iPjZnp7Tm6hszHy7D8qOZiHJdPh7s4/I3+Zj7mCaG3bRREvIgqAW1ZP+E2ZFuAM4lUL8e2Xu3LmyLOk+hrvovDc+SAplS6FJxLGJDfpFAcCgaGY6WPi8ETCClfxcdQxnejs2SNAmcRIUHw70keKHgQ== cardno:6708664
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDEEf2vpLMXa2o9tA3xeoPWMZ0Dk1MjIV9AOPyKT4Gi8jSovEnN+Hu1FQhODLkRx+CGkD5dV9rirbL6yD4BC9vNXoO2FeQpgRPAl1WkMpmg+AvVmroOUlsiNYCQL/F/yIAGwXiIo4mWTcsYDNngnlFkmqWzjaUG1VltmVOJtN+YVYvMj5ak/NYnFQIF7UsUZ/TRmQ9pvej2Yw001crhqe7SUfCYinJL/ynBmT/pXnd2hKJR5JSQl9uqBpsOFhPBUuShKjOMH+zc/6aM/MNEPNBnstvykztht6t4u8umu7LujcfWotwccz8rBhDSU6sIii0hbzxIeNWcM2pvNp/YtqmpEXpDJ8Yz8ffQY92lreR6picfvkqkoR+RA2uhMGP0VzajWCLPYQAHFmWOZIba6PpvJ5bkTSM+IA8U5dtBJ7l9D4vCKhUeybZUHTKL3hwxpaumu75giszKtZ15SA76QhZ5fLz+AuG2LdQwgnEgcdgLmrXXGi3/SOhvj5O9JGkrt5dIJHNo1sADulqhCLXjurlE2I55j2SloLmpduVKTUSD+OC0iTqIwzn8Sk6VVgSYfrUoZs7ySmFKG4SH+2iAcatj3z6r45y6eGqGaLdkeSFRlA6PJPuI85p6Fc44NxOEFae5wXV/G9nWHsnfZYv8cr73gaIo4duUg7fqmdjJ8BeDw== /home/frank/.ssh/id_rsa.auth
+
+
+ansible_cfg_repo: infra/ansible-common
\ No newline at end of file
diff --git a/handlers/main.yml b/handlers/main.yml
new file mode 100644
index 0000000..855f67b
--- /dev/null
+++ b/handlers/main.yml
@@ -0,0 +1,10 @@
+- name: restart systemd-timesyncd
+  systemd:
+    name: systemd-timesyncd
+    state: restarted
+
+
+- name: restart sshd
+  systemd:
+    name: sshd
+    state: restarted
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..aa4828c
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,4 @@
+- import_tasks: ntp.yml
+- import_tasks: ssh.yml
+- import_tasks: remove_alarm.yml
+- import_tasks: motd.yml
diff --git a/tasks/motd.yml b/tasks/motd.yml
new file mode 100644
index 0000000..8b5ffd8
--- /dev/null
+++ b/tasks/motd.yml
@@ -0,0 +1,25 @@
+- name: Set motd file
+  ansible.builtin.copy:
+    content: |
+      WARNING
+      WARNING
+      WARNING
+
+      {{ inventory_hostname }} is managed by Ansible
+
+      Repo is https://forge.k3s.fr/{{ ansible_cfg_repo }}
+      Don't update by hand, you fucker!
+
+      Thanks!
+    dest: /etc/motd
+
+- name: Set sshd Banner option to motd
+  lineinfile:
+          dest: /etc/ssh/sshd_config
+          regexp: ""
+          line: ""
+          state: present
+  with_items:
+    - regexp: "^#?Banner"
+      line: "Banner /etc/issue"
+  notify: restart sshd
diff --git a/tasks/ntp.yml b/tasks/ntp.yml
new file mode 100644
index 0000000..093b10f
--- /dev/null
+++ b/tasks/ntp.yml
@@ -0,0 +1,8 @@
+- name: Configure NTP server for systemd-timesyncd
+  ini_file:
+    path: /etc/systemd/timesyncd.conf
+    section: Time
+    option: NTP
+    value: "{{ vars.ntp_servers | join(' ') }}"
+  notify: restart systemd-timesyncd
+
diff --git a/tasks/remove_alarm.yml b/tasks/remove_alarm.yml
new file mode 100644
index 0000000..72297ba
--- /dev/null
+++ b/tasks/remove_alarm.yml
@@ -0,0 +1,4 @@
+- name: Remove the user 'alarm'
+  ansible.builtin.user:
+    name: alarm
+    state: absent
\ No newline at end of file
diff --git a/tasks/ssh.yml b/tasks/ssh.yml
new file mode 100644
index 0000000..b3fb413
--- /dev/null
+++ b/tasks/ssh.yml
@@ -0,0 +1,29 @@
+- name: Enable SSH root login in sshd_config
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?PermitRootLogin'
+    line: 'PermitRootLogin prohibit-password'
+    state: present
+  notify: restart sshd
+
+- name: Set up authorized_keys file for root
+  file:
+    path: /root/.ssh
+    state: directory
+    mode: '0700'
+    owner: root
+    group: root
+
+- name: Ensure authorized_keys keys
+  copy:
+    dest: /root/.ssh/authorized_keys
+    content: "{{ vars.ssh_keys | join('\n') }}"
+    owner: root
+    group: root
+    mode: '0600'
+
+- name: Ensure sshd service is started and enabled
+  systemd:
+    name: sshd
+    enabled: yes
+    state: started
\ No newline at end of file