Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
HP t730 Configuration with Ansible.
# This creates an ansible user that will only be used the ansible scripts. The idea is only you have the private key to get
# into the user, which keeps it 100% secure.
- hosts: "t730"
become: yes
tasks:
- name: Create an ansible user
user:
name: ansible
state: present
shell: /bin/bash
system: yes
create_home: yes
home: /etc/ssh/ansible
- name: Add the ssh key
authorized_key:
user: ansible
state: present
exclusive: True
key: "{{ lookup('file', './assets/id_ed25519.pub') }}"
- name: Enable the ansible user to use sudo passwordless
lineinfile:
path: /etc/sudoers
line: "ansible ALL=(ALL) NOPASSWD:ALL"
# This playbook will utilize the ansible user created in the previous snippet to install some packages and harden the system.
- hosts: "t730"
become: yes
tasks:
- name: Remove deb cdrom repo
lineinfile:
path: /etc/apt/sources.list
state: absent
regexp: '^deb\ cdrom'
- name: install helpful pkgs
apt:
update_cache: yes
pkg:
- gnupg
- ca-certificates
- smartmontools
- lsof
- vim
state: present
- name: remove extra pkgs
apt:
pkg:
- exim4
- exim4-base
- exim4-config
- exim4-daemon-light
- firefox-esr
state: absent
- name: add apt key for docker
apt_key:
url: https://download.docker.com/linux/debian/gpg
state: present
- name: add repo for docker
apt_repository:
repo: deb [arch=amd64] https://download.docker.com/linux/debian buster stable
- name: install docker-ce
apt:
name: docker-ce
state: latest
update_cache: yes
- name: enable docker
systemd:
name: docker
state: started
enabled: yes
- name: sshd configuration, pt1
lineinfile:
path: /etc/ssh/sshd_config
line: PermitRootLogin no
- name: sshd configuration, pt2
lineinfile:
path: /etc/ssh/sshd_config
line: PasswordAuthentication no
- name: sshd restart service
systemd:
name: sshd
state: restarted
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment