Last active
February 2, 2016 22:47
-
-
Save belminf/efed5a81b1622acfebf9 to your computer and use it in GitHub Desktop.
Ansible playbook used to bootstrap Ubuntu servers. Blog post: http://iambelmin.com/2016/01/03/using-ansible-to-bootstrap-ubuntu/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
- hosts: all | |
gather_facts: no | |
remote_user: root | |
pre_tasks: | |
- name: verify python installed | |
raw: dpkg -s python-simplejson > /dev/null 2>&1 | |
register: python_installed | |
ignore_errors: True | |
- name: install python | |
raw: apt-get -y install python python-simplejson | |
when: python_installed|failed | |
tasks: | |
- name: sudoers for authkey-only auth | |
lineinfile: "dest=/etc/sudoers regexp='^%sudo' line='%sudo ALL=(ALL:ALL) NOPASSWD: ALL'" | |
- name: add admin user accounts | |
user: name={{ admin_user }} shell=/bin/bash groups=sudo | |
- name: add pubkeys from GitHub | |
authorized_key: user={{ admin_user }} key=https://github.com/{{ github_user }}.keys | |
- name: install fail2ban | |
apt: name=fail2ban update_cache=yes state=latest | |
notify: restart fail2ban | |
- name: ensure fail2ban enabled | |
service: name=fail2ban enabled=yes | |
- name: add SSH ufw rule | |
ufw: name=OpenSSH rule=allow port=22 | |
- name: set default ufw policy | |
ufw: state=enabled policy=reject | |
- name: disable SSH password auth | |
lineinfile: dest=/etc/ssh/sshd_config regexp='^PasswordAuthentication ' line='PasswordAuthentication no' | |
notify: restart SSH | |
- name: disable SSH root logins | |
lineinfile: dest=/etc/ssh/sshd_config regexp='^PermitRootLogin ' line='PermitRootLogin no' | |
notify: restart SSH | |
handlers: | |
- name: restart fail2ban | |
action: service name=fail2ban state=restarted | |
- name: restart SSH | |
action: service name=ssh state=restarted |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment