Create basic repo

Signed-off-by: Frank Villaro-Dixon <frank@villaro-dixon.eu>

defaults/main.yml

@@ -0,0 +1,11 @@
+ntp_servers:
+  - chronos.ntp.k3s.fr
+  - ntp-s2-cra.ntp.k3s.fr
+  - ntp-s2-ces.ntp.k3s.fr
+
+ssh_keys:
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChSPXfIMvZHaK6c1mDNubZCNuR+908kzJGqQhhZ0kzjL3Gh/rdLVLBSEael2pEJeuSSA6ADHz/AneQnXqLLod1wHtirq9yspyjTRmEWNXiWI5giZ0Mz/twe4wMpBDZ8YX8XM0zxWhyzoidLI/yomA63s30v0UyzmUesSfRwHQJ3Md56pA0ZEomdMH97sNdgMOjlUlyAFdwuK8zVkbeCdbT/eCHM28PCT366KOOJfoaGQpVagIkrUBXjEvOIjnMAxy3gqfJ8kS/iFxDgws3m5o93Pm+WdWdcPLf/ir9NUwPt8l2GV2lCapWFnMC8ZqgdvTxlFikBZaTss8rO8SKB5QkG6eoypsbIaK9GGnRgOM/zGdX7e5rVW1N1Y6O8qoykuY9EQykN4Y48h1q/aGD6HGuxqeP9cqD4HUJyL9K62D3k8At6KO2BLCKbp5hPZ5tvHgfQK2ARa0rR5L/m08Hxac6qI2JDdWTa4XJnJj9+F/D7pYRZ/tzrYwMy+nTXarC5/JDsuC9sv5MR1vcjSuzjLB0iPjZnp7Tm6hszHy7D8qOZiHJdPh7s4/I3+Zj7mCaG3bRREvIgqAW1ZP+E2ZFuAM4lUL8e2Xu3LmyLOk+hrvovDc+SAplS6FJxLGJDfpFAcCgaGY6WPi8ETCClfxcdQxnejs2SNAmcRIUHw70keKHgQ== cardno:6708664
+  - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDEEf2vpLMXa2o9tA3xeoPWMZ0Dk1MjIV9AOPyKT4Gi8jSovEnN+Hu1FQhODLkRx+CGkD5dV9rirbL6yD4BC9vNXoO2FeQpgRPAl1WkMpmg+AvVmroOUlsiNYCQL/F/yIAGwXiIo4mWTcsYDNngnlFkmqWzjaUG1VltmVOJtN+YVYvMj5ak/NYnFQIF7UsUZ/TRmQ9pvej2Yw001crhqe7SUfCYinJL/ynBmT/pXnd2hKJR5JSQl9uqBpsOFhPBUuShKjOMH+zc/6aM/MNEPNBnstvykztht6t4u8umu7LujcfWotwccz8rBhDSU6sIii0hbzxIeNWcM2pvNp/YtqmpEXpDJ8Yz8ffQY92lreR6picfvkqkoR+RA2uhMGP0VzajWCLPYQAHFmWOZIba6PpvJ5bkTSM+IA8U5dtBJ7l9D4vCKhUeybZUHTKL3hwxpaumu75giszKtZ15SA76QhZ5fLz+AuG2LdQwgnEgcdgLmrXXGi3/SOhvj5O9JGkrt5dIJHNo1sADulqhCLXjurlE2I55j2SloLmpduVKTUSD+OC0iTqIwzn8Sk6VVgSYfrUoZs7ySmFKG4SH+2iAcatj3z6r45y6eGqGaLdkeSFRlA6PJPuI85p6Fc44NxOEFae5wXV/G9nWHsnfZYv8cr73gaIo4duUg7fqmdjJ8BeDw== /home/frank/.ssh/id_rsa.auth
+
+
+ansible_cfg_repo: infra/ansible-common

handlers/main.yml

@@ -0,0 +1,10 @@
+- name: restart systemd-timesyncd
+  systemd:
+    name: systemd-timesyncd
+    state: restarted
+
+
+- name: restart sshd
+  systemd:
+    name: sshd
+    state: restarted

tasks/main.yml

@@ -0,0 +1,4 @@
+- import_tasks: ntp.yml
+- import_tasks: ssh.yml
+- import_tasks: remove_alarm.yml
+- import_tasks: motd.yml

tasks/motd.yml

@@ -0,0 +1,25 @@
+- name: Set motd file
+  ansible.builtin.copy:
+    content: |
+      WARNING
+      WARNING
+      WARNING
+
+      {{ inventory_hostname }} is managed by Ansible
+
+      Repo is https://forge.k3s.fr/{{ ansible_cfg_repo }}
+      Don't update by hand, you fucker!
+
+      Thanks!
+    dest: /etc/motd
+
+- name: Set sshd Banner option to motd
+  lineinfile:
+          dest: /etc/ssh/sshd_config
+          regexp: ""
+          line: ""
+          state: present
+  with_items:
+    - regexp: "^#?Banner"
+      line: "Banner /etc/issue"
+  notify: restart sshd

tasks/ntp.yml

@@ -0,0 +1,8 @@
+- name: Configure NTP server for systemd-timesyncd
+  ini_file:
+    path: /etc/systemd/timesyncd.conf
+    section: Time
+    option: NTP
+    value: "{{ vars.ntp_servers | join(' ') }}"
+  notify: restart systemd-timesyncd
+

tasks/remove_alarm.yml

@@ -0,0 +1,4 @@
+- name: Remove the user 'alarm'
+  ansible.builtin.user:
+    name: alarm
+    state: absent

tasks/ssh.yml

@@ -0,0 +1,29 @@
+- name: Enable SSH root login in sshd_config
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^#?PermitRootLogin'
+    line: 'PermitRootLogin prohibit-password'
+    state: present
+  notify: restart sshd
+
+- name: Set up authorized_keys file for root
+  file:
+    path: /root/.ssh
+    state: directory
+    mode: '0700'
+    owner: root
+    group: root
+
+- name: Ensure authorized_keys keys
+  copy:
+    dest: /root/.ssh/authorized_keys
+    content: "{{ vars.ssh_keys | join('\n') }}"
+    owner: root
+    group: root
+    mode: '0600'
+
+- name: Ensure sshd service is started and enabled
+  systemd:
+    name: sshd
+    enabled: yes
+    state: started