diff options
| -rw-r--r-- | group_vars/all/vars.yaml | 9 | ||||
| -rw-r--r-- | group_vars/spreadspace/vars.yaml | 2 | ||||
| -rw-r--r-- | host_vars/thetys.yaml | 15 | ||||
| -rw-r--r-- | hosts.ini | 1 | ||||
| -rw-r--r-- | playbooks/thetys.yaml | 8 | ||||
| -rw-r--r-- | roles/docker/tasks/main.yaml | 22 | ||||
| -rw-r--r-- | roles/kubernetes-base/tasks/main.yaml | 28 | ||||
| -rw-r--r-- | roles/sshserver/tasks/main.yaml | 12 | ||||
| -rw-r--r-- | roles/zsh/tasks/main.yaml | 6 |
9 files changed, 103 insertions, 0 deletions
diff --git a/group_vars/all/vars.yaml b/group_vars/all/vars.yaml new file mode 100644 index 00000000..89980566 --- /dev/null +++ b/group_vars/all/vars.yaml @@ -0,0 +1,9 @@ +--- +ssh_keys: + equinox: + chaos: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8afqxWieebpxezBuLj2CIx/iAuTY9ziJt8JCJE0qYh+B2wXe9e+sPaKwz5yyS0X0MoEPHbYuVytxGQfGhdVR57gWWTYq5MBBFEqmu5MexAFKlNxad4TNQQwhs7rnI+lptKJO+rqeG/vaQBgao+61ZVwRR5Zr1zsXEoo5m4VB8VPo3TW0nSb97LdMyUmb1TaqDKJ5hrtrV6YcokXzE8FwHMK15oJsuJC7YUReijol3hGsRVw1H5S1zu4uDz7G32dPVxoLOPgupnf0SxnXdNVfNU50MHHSK68HzBXz4/rE1YLacRPloOhO7xegkWd5KGa09opEbUGzGu/lSXgHuAJpPgloy14cehDhLJ7F7SbXK4QBBtVgV+1CYXG2eJsRHIdkWiTWLuG+QZ4oEFLjQBjWpUYsEiDt9FEtSVCtKH2vBk26ps5yIoSCtYq6POvg9miGgcpQA6HHwh5ekVUaKRGWuMdAIvjvQSlCsFjYkxD1NpCgU1RhyWWTI3xTSKzTxcXiCWWZoBDJVoW46EpSvySsOpxL/hLxJwMR8ouc6cPRZZl3m51824Rv3LdEXNBmn3vnojzIvrOed3sxpD0+7+tbA4J1uTbAxtkOMhK94WXKiUAOD7e5bJYdzajvDD2T9tkj/Mqdo8z3iR2/yjkGMEAeWWVOQEh7QhQS7OFEAKK4fw== equinox@chaos-at-home.org + ele: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwjCMiwyz7f0b1b6S5RjGbYXjd+hkTVsNzZ9xIkqqvdF8zCU6qZTqkhem13m6E1aPjALl0iyrmpb8N2pmASD7axUaTMTDd2tktkB3LULBbQCCApMnw5viZc9fm9dLBdbdiYyRtNrpk/b39V+9uViAbRtATBrYS5vV/14gT42WxPhpFiCz6A5JsKpmbBafS9vfexnqLTvKBtYLt+zhuS9eFovMHM5k7Qq4mRdKe+wdMBDeRls2z2G/ZjPrfHAkw2WctFUdSY+YAVzLB0SddVWnbOSZ19tsnzskyHpDD49LWb7wYl0OJ9fhxO02lnxW5Vdpwwwx8I7FVH83fDTQpzfSdr8tMY3F9rvCmi4noiTGDE2AAWqh73unKuydvBomNYX8HbuiJO9eTgwUIRAqsl8vHNU5rA10YF5r2SUqofrBNfINUH8x0NhpLGzNPIlazndaPY1no+XeQRQtgSU1bdDQzmySyyn5g9mlMSTU+jHfzyoK7yqlKE0W/R2ZTOEwr6+uRdFqn+mWmB0Mr20YavjVretseVs1AkmqaVClEO1juwb/CWI//Nd4uboD9zdZwkHmCjLlOmC+GkGrnLValaqQDh8iR8aKiVbaQVffl3ph1pD3BCn79KJy56YySLTbaI4lFDUHherkTdvgyMVmZJZMROzwuX7i4bi04TZ/GKTfDrw== equinox@elevate.at + ff: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjqlbFhzWRt2EnUrd7AFgR2iqPbV655OE38184ws+RvO82ImpJsKy80AvLQ3DhplLAN2W9kROBn3bga89pK7Sf78EwYYb5e+McVA0vUH/mnPurJpgPHg6q34yW5G5JVqKTmlqzQMDzmYw0iFNcieGmWXmx2QTtHj8qLuGOuBOE6/mljhgE7Pq4S0oyMjH2tLOhHS1Lykh5DH/OaHpofyUcd2uOCkgOClOUBHZ7Oo82J7yk5SZSVcrjQ4psO9ptqWNmw58ZBX5OPDTV/N7wPjgr2TL3HfCe8gkf2jERsghKufSuFpf2P6bNrK4k+grxB+LXuZihvOxJGRjemqImqvqaADLs23yCUWhgF/9oQ25ACydRGhHc56KIC3lQ3KOGoYT2IGo3Si/bQ7FpQIkODRWPHNKqbpItGm07uSTvkPZ4CadlG0MRhlOEjzRQgP1GYjr8w6917RZxO3DHndC1TfsciYhuwDGLon8WNtw1AjqRXolGnrkB2GsEENGvtJC97dioxPamOBctu06xdmDXwYpynXePoAp4+XxFlj/lUC8draUrKjAh++/LkId2Ldlxm0b1tGyfPl1ox1Gu9lY4QwoeGsTm/RJFnVH8kKns0aLHIlSdYp1+XdlQmBYSIIvVYFynVOQIKBzMBqQG9wcLbnMt7+Kz4coPI0TSvmn2dbDVKw== equinox@ffgraz.net + mur: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDUW4fz/Vs4w5JMIFxoftimcbkqksZPDMfbHH/wfPKFAfJdi+fdGfWqqP7hy2/1iREF5W0L5dz9zQus0xS1/kkneUUL3CCKBD3+VzZqIbhy5rMlifd+jacVV+UZGhl/WP/wagu4+Mv0/ksXIlN6/2Pv2+ojjpGeCv4FHG/kR68zKoKNLxjHiTKt3LM9AFtx3Pn3ghIO3egbzaQ8vnTdQjGJHiosfKxiGZfnkAWvrMMq1sCJUJS7A8n2S3QUjoap3OYrVqFcPO4R/VaCaBWVdSKrymnpOGABvP9QuGenZ0CFXgl+p5QwKJz7n3CQHooUai+FPmmrCmtRV1QICyON8vdNI4hU5O1ksZOYxa0vptfqd//FMyauek5JzCDr4ExOWaZvhGsvZdLuWwiN/8KwpsgY+duiqWVC9jCOymFBPQ0Qik1hjCLXUWxDKcJIpF3WfHaHPESAlmNCKPbH5X7oBDOI5k96J34vDl1cBLjcVydtwfwbJmbApOMz3IukoUlYusbvLo2bJicHolkNrlS6qcSbaPpKsrjZ5II0Fks/S39q5rE//nVsY5oE35Gm5Pb7gndSuo/l01WOANYmKuYiwUz/XC62fis7fxiCxmLPMG3PIym7E3pe+lTjSOI3SN24cgwArDEvGZhqeyOHN468Yt8mPersXvY/cUMS1XFvLadtnw== equinox@mur.at + r3: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDj7AcnQZCRihToOI7/L5YslP4bkZlZwR2dg6hV8EfQ+37z1p0imhoqc2Oz/zIEgOVARBHkn5XmfR9Bu6e3YfKpXpJXC9O3jpRSw34Xac/8qXzWZsqVAXbtzvBlYA/G4j0NQM9XIVBa1ZzBZu87xeE4KUWzO80fnQ+G3GSBp28BM4TUiSOmX9y58chPZfUp2DE80fInoXv11ikLLCBDXfMkzFCZ4Gcexhr0TYcBUgLV7ufL0xqLg4yE+Z21PLtttvVYgZIers2nWetLPoREi5yDGKeCjJVyT00X2rp6h3eFkc/VaHfb5c2MY9/4BOt+cbFCx73sG0C1SnSzWd624K/8CEoJTsX4MazLLrxwi3hIwiYX1mCCfq4+S4PpSFvMUGdMWB52PkBRXulQislCVBA/lzma93xJr1jWVFSikjkvAUt8Zt33vHMRd7RMYDfsDVIEKpUT49cBj0v7zs6IVE858J33sUZoVXaiA2sjsap8RguNtjJMSYx8+nwkQAjxwlTiV2J6pHGQHJDyeVsqGlnMpEk32ZeSs/BQ7XWPG62FT3SN6E4C/fa8dawvs7RgY0cbZkhucECBu9Zto/KakIhzLtFzgDighPmK5SlAPoNEJLJYPo5ry2SBTysc4uV7xYZSQ6OVofeQeFXKL8oPe/ZAvKafn3Zk0mQcCtH0Z8q8iQ== equinox@realraum.at + spread: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCtmysXjBidEwJek6hBgaENiyVOwroFi19xRZZw+cYYqi6asDfF6B/h6gYNkJGWo0rD5ZaLdau1O210O5Xu+TfK1e2bZbxuFIj2fguUkat9wN6IQIO2m2Wcf4k/eiTmtAE3dp0l5ThMqfxxE8dj76mOOrUHCfJUIVoATGs4X5TLcGcXroAcZ+DFFoDzjxjFYNmIuUNtXDwXTpPc63SAYmRvW0ZYZlvH1qZ6irLh+GtE1dZ1Q5lQZvp6xUYcjInbpcd5Ko3KbG/In7sNmUCI7iaTwC4DPDTcHFj99Ll1jruAbdaQqe+ClZv55dbQ+92RDF6fsuQBD8FeRz7nYChvCqNPT1KOvcVsDtbW0iJ1PZ05QdE27w23wJj9OE0JWM09P3AH3ttswHaJ+P4s7mSxxK2m6YZcqop3czLlWWoGna0ynd5eV6l/rtvAQUvBOXjKQ5fPQY5d9cF0Z87NBE54HM9a/IKZ2toU2MuYNUpI/DUoAA9ILS4bJm3AUz8wbaC5EiuIhbM6I/u0NANamaQKRrolGNP4ETaQvhABs+S3/NSSBy4DMjtwax2BxyenF6i89vyHPNY+LZzBOn842yUlEGn6Z11MxiE5fhIfMPUclSYi5bQJDf1fvAyAo59/AX8sPqRK+/OCLIgLwdtW6D4OZGXjqrBJe2j/5uZSJEsl6ROyKw== equinox@spreadspace.org diff --git a/group_vars/spreadspace/vars.yaml b/group_vars/spreadspace/vars.yaml new file mode 100644 index 00000000..47cb7fb6 --- /dev/null +++ b/group_vars/spreadspace/vars.yaml @@ -0,0 +1,2 @@ +--- +sshserver_root_keys: "{{ [ ssh_keys.equinox.spread ] | join('\n') }}" diff --git a/host_vars/thetys.yaml b/host_vars/thetys.yaml new file mode 100644 index 00000000..71608cc6 --- /dev/null +++ b/host_vars/thetys.yaml @@ -0,0 +1,15 @@ +--- +sshserver_allowusers_host: +- equinox + +docker_lvm: + vg: thetys + lv: docker + size: 10G + fs: ext4 + +kubelet_lvm: + vg: thetys + lv: kubelet + size: 5G + fs: ext4 @@ -12,6 +12,7 @@ mimas [spreadspace] ssbuild dione +thetys [skillz] diff --git a/playbooks/thetys.yaml b/playbooks/thetys.yaml new file mode 100644 index 00000000..11dfab64 --- /dev/null +++ b/playbooks/thetys.yaml @@ -0,0 +1,8 @@ +--- +- name: Basic Setup + hosts: thetys + roles: + - role: base + - role: sshserver + - role: zsh + - role: kubernetes-base diff --git a/roles/docker/tasks/main.yaml b/roles/docker/tasks/main.yaml index 89d7815d..c07888f7 100644 --- a/roles/docker/tasks/main.yaml +++ b/roles/docker/tasks/main.yaml @@ -1,4 +1,26 @@ --- +- name: prepare /var/lib/docker as LVM + when: docker_lvm is defined + block: + + - name: create logical volume + lvol: + vg: "{{ docker_lvm.vg }}" + lv: "{{ docker_lvm.lv }}" + size: "{{ docker_lvm.size }}" + + - name: create filesystem + filesystem: + fstype: "{{ docker_lvm.fs }}" + dev: "/dev/mapper/{{ docker_lvm.vg }}-{{ docker_lvm.lv }}" + + - name: mount filesytem + mount: + src: "/dev/mapper/{{ docker_lvm.vg }}-{{ docker_lvm.lv }}" + path: /var/lib/docker + fstype: "{{ docker_lvm.fs }}" + state: mounted + - name: install apt https transport apt: name: apt-transport-https diff --git a/roles/kubernetes-base/tasks/main.yaml b/roles/kubernetes-base/tasks/main.yaml index 163e2cef..f00c736b 100644 --- a/roles/kubernetes-base/tasks/main.yaml +++ b/roles/kubernetes-base/tasks/main.yaml @@ -1,4 +1,26 @@ --- +- name: prepare /var/lib/kubelet as LVM + when: kubelet_lvm is defined + block: + + - name: create logical volume + lvol: + vg: "{{ kubelet_lvm.vg }}" + lv: "{{ kubelet_lvm.lv }}" + size: "{{ kubelet_lvm.size }}" + + - name: create filesystem + filesystem: + fstype: "{{ kubelet_lvm.fs }}" + dev: "/dev/mapper/{{ kubelet_lvm.vg }}-{{ kubelet_lvm.lv }}" + + - name: mount filesytem + mount: + src: "/dev/mapper/{{ kubelet_lvm.vg }}-{{ kubelet_lvm.lv }}" + path: /var/lib/kubelet + fstype: "{{ kubelet_lvm.fs }}" + state: mounted + - name: install apt https transport apt: name: apt-transport-https @@ -23,3 +45,9 @@ apt: name: "{{ item }}" state: present + +- name: add dummy user with uid 1000 + user: + name: app + uid: 1000 + password: "!" diff --git a/roles/sshserver/tasks/main.yaml b/roles/sshserver/tasks/main.yaml index d2c5c9f0..fd92f12d 100644 --- a/roles/sshserver/tasks/main.yaml +++ b/roles/sshserver/tasks/main.yaml @@ -25,3 +25,15 @@ regexp: "^AllowUsers" line: "AllowUsers {{ ' '.join([ 'root' ] | union(sshserver_allowusers_group | default([])) | union(sshserver_allowusers_host | default([]))) }}" notify: restart ssh + +- name: install ssh keys for root + authorized_key: + user: root + key: "{{ sshserver_root_keys }}" + exclusive: yes + +- name: delete root password + user: + name: root + password: "!" + diff --git a/roles/zsh/tasks/main.yaml b/roles/zsh/tasks/main.yaml index 93bb1abf..409274a9 100644 --- a/roles/zsh/tasks/main.yaml +++ b/roles/zsh/tasks/main.yaml @@ -19,3 +19,9 @@ name: "{{ item }}" shell: /bin/zsh with_items: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" + +- name: set zsh the default shell for adduser + lineinfile: + regexp: '^#?DSHELL=' + line: 'DSHELL=/bin/zsh' + path: /etc/adduser.conf |