[last try from k0sctl, migration to github]
This commit is contained in:
@@ -1,7 +1,61 @@
|
||||
- hosts: localtest
|
||||
- hosts: all
|
||||
#! Need first setup with root access user
|
||||
become: true
|
||||
vars:
|
||||
# os_remove_additional_root_users: false
|
||||
#* USERS
|
||||
users:
|
||||
- username: bot
|
||||
name: bot user
|
||||
# groups: ['wheel','systemd-journal']
|
||||
# uid: 1000
|
||||
home: /home/bot
|
||||
# profile: |
|
||||
# alias ll='ls -lah'
|
||||
ssh_key:
|
||||
#- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7/ReeTsubS/KwTRaR/5k/6d5CEef0XTXvyRwfVBjwW"
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFof5AdYrrwtMsxSWB8KW04/s3hl5rrHzF0zhk7zK5dF"
|
||||
# - username: dbtest
|
||||
# name: dbtest user
|
||||
# groups: ['wheel','systemd-journal']
|
||||
# uid: 1000
|
||||
sudo_sudoers_files:
|
||||
- path: /etc/sudoers.d/bot
|
||||
user_specifications:
|
||||
- users:
|
||||
- bot
|
||||
hosts:
|
||||
- ALL
|
||||
operators:
|
||||
- ALL
|
||||
commands:
|
||||
- "NOPASSWD: ALL"
|
||||
# - path: /etc/sudoers.d/orbstack
|
||||
# user_specifications:
|
||||
# - users:
|
||||
# - stephanegratias
|
||||
# hosts:
|
||||
# - ALL
|
||||
# operators:
|
||||
# - ALL
|
||||
# commands:
|
||||
# - "NOPASSWD: ALL"
|
||||
#* PACKAGES
|
||||
package_repo:
|
||||
- python3-pip
|
||||
- podman
|
||||
- lsof
|
||||
# package_pip:
|
||||
# - python3-libsemanage
|
||||
#* FIREWALL
|
||||
firewall_allowed_tcp_ports:
|
||||
- "22"
|
||||
- "6443"
|
||||
- "80"
|
||||
- "443"
|
||||
- "6881"
|
||||
pre_tasks:
|
||||
|
||||
- ansible.builtin.apt:
|
||||
update_cache: yes
|
||||
|
||||
@@ -26,9 +80,26 @@
|
||||
loop: "{{ package_pip }}"
|
||||
when: package_pip is defined
|
||||
|
||||
#! ROLES
|
||||
roles:
|
||||
- name: singleplatform-eng.users
|
||||
- name: linux-system-roles.sudo
|
||||
- name: devsec.hardening.ssh_hardening
|
||||
- name: devsec.hardening.os_hardening
|
||||
- name: geerlingguy.firewall
|
||||
#! delete user like root
|
||||
# - name: devsec.hardening.os_hardening
|
||||
- name: geerlingguy.firewall
|
||||
|
||||
|
||||
|
||||
|
||||
# # #! Launch single node
|
||||
# alias docker=podman
|
||||
# docker run -d --name k0s-controller --hostname k0s-controller \
|
||||
# --network host \
|
||||
# --privileged \
|
||||
# -v /var/lib/k0s \
|
||||
# --tmpfs /run \
|
||||
# --tmpfs /tmp \
|
||||
# -p 6443:6443 \
|
||||
# docker.io/k0sproject/k0s:v1.34.3-k0s.0 \
|
||||
# k0s controller --enable-worker --single=true --ignore-pre-flight-checks
|
||||
|
||||
Reference in New Issue
Block a user