Created
October 19, 2022 17:23
-
-
Save cloudnull/d593db48870bbfb93f605b64fb4341d5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Required config | |
| # $ export ANSIBLE_SCP_IF_SSH=False | |
| # $ export ANSIBLE_SSH_ARGS="-F /home/USERNAME/.ssh/teleport.cfg" | |
| # $ export ANSIBLE_INVENTORY_ENABLED=yaml | |
| # $ export ANSIBLE_HOST_KEY_CHECKING=false | |
| --- | |
| - hosts: all | |
| gather_facts: true | |
| become: true | |
| vars: | |
| teleport_lables: | |
| ssh_service: | |
| enabled: "yes" | |
| labels: | |
| environment: "{{ runtime_environment | default('dev') }}" | |
| ansible_user: "{{ ansible_user }}" | |
| codename: "{{ ansible_lsb.codename }}" | |
| arch: "{{ ansible_machine }}" | |
| commands: | |
| - name: hostname | |
| command: [hostname] | |
| period: 1h0m0s | |
| - name: kernel | |
| command: [uname, -r] | |
| period: 1h0m0s | |
| - name: machine-id | |
| command: [cat, /etc/machine-id] | |
| period: 24h0m0s | |
| handlers: | |
| - name: Update certificates | |
| ansible.builtin.command: update-ca-certificates | |
| changed_when: false | |
| - name: Restart systemd-resolved | |
| ansible.builtin.systemd: | |
| name: systemd-resolved | |
| state: restarted | |
| daemon_reload: true | |
| - name: Restart teleport | |
| ansible.builtin.systemd: | |
| name: teleport | |
| state: restarted | |
| daemon_reload: true | |
| async: 1024 | |
| poll: 0 | |
| tasks: | |
| - name: Ensure the hostname is added to the hosts file | |
| ansible.builtin.lineinfile: | |
| path: /etc/hosts | |
| regexp: "^127.1.1.1.*" | |
| line: "127.1.1.1 {{ inventory_hostname }}" | |
| - name: Pass options to dpkg on run | |
| ansible.builtin.apt: | |
| upgrade: dist | |
| update_cache: yes | |
| dpkg_options: 'force-confold,force-confdef' | |
| - name: Install packages | |
| ansible.builtin.package: | |
| name: | |
| - curl | |
| - ca-certificates | |
| state: present | |
| - name: Ensure DNS | |
| ansible.builtin.lineinfile: | |
| path: /etc/systemd/resolved.conf | |
| regexp: '^#DNS=' | |
| line: DNS=172.16.25.171 | |
| - name: Create a symbolic link | |
| ansible.builtin.file: | |
| src: /var/run/systemd/resolve/resolv.conf | |
| dest: /etc/resolv.conf | |
| force: true | |
| state: link | |
| - name: Setup units | |
| ansible.builtin.systemd: | |
| name: "{{ item.name }}" | |
| state: "{{ item.state }}" | |
| enabled: "{{ item.enabled }}" | |
| failed_when: false | |
| loop: | |
| - name: resolvconf | |
| state: stopped | |
| enabled: false | |
| - name: systemd-resolved | |
| state: started | |
| enabled: true | |
| - name: Create systemd-resolved override directory | |
| ansible.builtin.file: | |
| state: directory | |
| path: /etc/systemd/system/systemd-networkd.service.d | |
| - name: Create systemd-resolved override file | |
| ansible.builtin.copy: | |
| content: |- | |
| [Unit] | |
| After=systemd-sysusers.service systemd-networkd.service dbus.service | |
| dest: /etc/systemd/system/systemd-networkd.service.d/override.conf | |
| notify: Restart systemd-resolved | |
| - name: Remove packages | |
| ansible.builtin.package: | |
| name: | |
| - resolvconf | |
| - lxd* | |
| - lxc* | |
| - snapd* | |
| state: absent | |
| - name: Download CAcloudnull | |
| ansible.builtin.get_url: | |
| url: https://gist.githubusercontent.com/cloudnull/e0c6e84220c24060d5730632cbbb3d64/raw/3c6deedf2c04fcbfac0aa645dce97c471d66935f/CAcloudnull.dev.crt | |
| dest: /usr/local/share/ca-certificates/CAcloudnull.dev.crt | |
| notify: | |
| - Update certificates | |
| - name: Slurp teleport file | |
| ansible.builtin.slurp: | |
| path: /etc/teleport.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment