bitlair/ansible
6
0
Fork 1
Code Issues Pull requests Releases Activity

Compare commits

base: bitlair:ba3c923b7788f40e7b0dbbe86b6d673c0a04fb42
Branches Tags
bitlair:main
bitlair:linting
...
compare: bitlair:cce26a439577ac6701a36e04bdaa04750ac62874
Branches Tags
bitlair:main
bitlair:linting

2 commits
ba3c923b77 ... cce26a4395

Author SHA1 Message Date
Mark Janssen
cce26a4395
Begin with shell-config 2024-07-25 00:22:18 +02:00
Mark Janssen
43406c49fc
Add shell / enable nft on kvm 2024-07-24 22:39:05 +02:00
7 changed files with 16 additions and 7 deletions
Show stats Expand all files Collapse all files

2
authorized_keys/ak.keys
View file

@ -1 +1,3 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ0ryG8LT5ryjc3tZggVP0cxjXoKOPzUIwmB9Yez+u3nDHc3RdLR0V/BdcVPCJl9vOQwsFaTE34ZEZ3A6qkcSaz2Npxqq0eFtcEAKTy9w41C6jE586jkwkednSK9ObFFZnlSA3ielYeB5bRuELHyvazHWSUGn+/nzuujAYpEABRGAlt0IV2eMugsb1aEs5v8/Hw3REGz6IeNBwlVOzDznGK4N0b1es270k2fpkD0XMRnga7x2eduD74gRYJHo41sKz6kqHFfXjvrH6Efrn5sNtTF7pIkPfeiX4ukDQYG6Ynxgkdbi1pMg5zGjjjRZ0iExKqNi+jtZhVewqFvj66vLX arjan@koopen.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ0ryG8LT5ryjc3tZggVP0cxjXoKOPzUIwmB9Yez+u3nDHc3RdLR0V/BdcVPCJl9vOQwsFaTE34ZEZ3A6qkcSaz2Npxqq0eFtcEAKTy9w41C6jE586jkwkednSK9ObFFZnlSA3ielYeB5bRuELHyvazHWSUGn+/nzuujAYpEABRGAlt0IV2eMugsb1aEs5v8/Hw3REGz6IeNBwlVOzDznGK4N0b1es270k2fpkD0XMRnga7x2eduD74gRYJHo41sKz6kqHFfXjvrH6Efrn5sNtTF7pIkPfeiX4ukDQYG6Ynxgkdbi1pMg5zGjjjRZ0iExKqNi+jtZhVewqFvj66vLX arjan@koopen.net
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEAhA2rt1rIpqWG5BzwTFCCRCEZViWNk3GGIVyIpKg0A0+btJxPu66AKcudP88nsdzp8rPVES1qLBpIt6QsHnoioF+MjUjrkodc0gNescE+7frlf0+wCwN7/OQjSTDURa0THwQQGuGJm4cWaMf7w/sfkU89KmuRPvxZGNn4ahSRkRVyKP09B3xI14CDpRSP4Xg9bCz7QYxLixXfk0zBMOgbrSzsNs2eO4YUUsHFX1x0nX6CK7fauO0l8UC1nYeFGNofbmpn0mnqSj0u1i+ikjiCv+8ruXuI0ufLjfcIQjsYmkrMEfwuf0nyOAha5U2z4U05J2Je4do0cYVoC4/kCoAod3nrX7fVur0RVdD7XEAzvtxZh87dOhM3TrYYVFs37jeDtt4ZO9XYRSrV2l/TgPdWoST/h69/10QhdS8lYQXTJWY8AgQs+MtIHj6z1lCsVbRZN/JKYulhXpGuHmNt/gBlMscFVDezmdGwuqPB8XdYHBVcDqgpynbvlaBXMX+hHIjPKC6ExLxmUtJYGetTKyEPWeIVjp6D1zs/aMVVEOxvKfjtGDLyByzUEnHt0YL2v+tAp1+oqmWr0i5RWgnWOtTuzzEkFaa99Y6SMbskWx4p/3Of5VTrgFcADMG7TFHAwQ4vnv6Ca5P0pBTFjWCR1tX4v7qNgx9lqax7bbWlNjxLODM= arjan@koopen.net SL

2
authorized_keys/foobar.keys
View file

@ -1,2 +1,4 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUIAkaRsvb6cD1XIGF80JpMH1mYE9XhCgptOkt9AfloZQlO7Ds5XeCwJk5/TsoidTcb/0yFUov8SMwaIVtrFfkNUqqeAsfm3luJ4JwOXeCwrXD6W7c5Wqg/FGNH0eZr0kEnxpNS10L72+oNBQgnlSNjqWS29lEmXApKQ3IKy6aP9cMwEh25fsH/2G7mHsZX2UMPK0tZPC6MPxY5P9PWLIulUpsX96c6OcAvGYIvsCnecsVsTdhK36w4Z/t7XoLFz5X6k3eXT7gG4SMGuBixjroTUhumWzgJJ6T1Nn/eESe7Im8krlzO/0hG/F8uBy3s04TAJuXFmygvtC4YLyq91U5 Sig-I/O Beheer key ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUIAkaRsvb6cD1XIGF80JpMH1mYE9XhCgptOkt9AfloZQlO7Ds5XeCwJk5/TsoidTcb/0yFUov8SMwaIVtrFfkNUqqeAsfm3luJ4JwOXeCwrXD6W7c5Wqg/FGNH0eZr0kEnxpNS10L72+oNBQgnlSNjqWS29lEmXApKQ3IKy6aP9cMwEh25fsH/2G7mHsZX2UMPK0tZPC6MPxY5P9PWLIulUpsX96c6OcAvGYIvsCnecsVsTdhK36w4Z/t7XoLFz5X6k3eXT7gG4SMGuBixjroTUhumWzgJJ6T1Nn/eESe7Im8krlzO/0hG/F8uBy3s04TAJuXFmygvtC4YLyq91U5 Sig-I/O Beheer key
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyKprIcR81+RFSBxU3iyW4vd0ctr0q1Pqifzxbro+0C mark@x240-ed25519 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyKprIcR81+RFSBxU3iyW4vd0ctr0q1Pqifzxbro+0C mark@x240-ed25519
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGc3py/K9wUSF86SIMv2AWtVAxEb1ZEy7BEz7VrGeZp/ sigio@t14

8
group_vars/all.yaml
View file

@ -10,16 +10,16 @@ trusted_ranges:
- { v: ipv4, cidr: "172.16.0.0/12", comment: "rfc1918" } - { v: ipv4, cidr: "172.16.0.0/12", comment: "rfc1918" }
- { v: ipv4, cidr: "192.168.0.0/16", comment: "rfc1918" } - { v: ipv4, cidr: "192.168.0.0/16", comment: "rfc1918" }
- { v: ipv4, cidr: "45.88.49.140", comment: "vihamij" } - { v: ipv4, cidr: "45.88.49.140", comment: "vihamij" }
- { v: ipv4, cidr: "204.2.64.0/20", comment: "eventinfra" } - { v: ipv4, cidr: "204.2.64.0/20", comment: "eventinfra / bitlair" }
- { v: ipv4, cidr: "100.64.0.0/10", comment: "bitlair" } - { v: ipv4, cidr: "100.64.0.0/10", comment: "bitlair" }
- { v: ipv4, cidr: "185.205.52.194/32", comment: "bitlair" } - { v: ipv4, cidr: "185.205.52.194/32", comment: "bitlair A2B" } # kan weg ??
- { v: ipv4, cidr: "31.187.251.213/32", comment: "foobar" } - { v: ipv4, cidr: "31.187.251.213/32", comment: "foobar thuis" }
# - { v: ipv6, cidr: "::/0", comment: "ipv6 localhost" } # - { v: ipv6, cidr: "::/0", comment: "ipv6 localhost" }
# - { v: ipv6, cidr: "fe80::/10", comment: "ipv6 link-local" } # - { v: ipv6, cidr: "fe80::/10", comment: "ipv6 link-local" }
# - { v: ipv6, cidr: "2a02:166b:92::/48", comment: "bitlair" } # /48's kunnen niet in de ipset # - { v: ipv6, cidr: "2a02:166b:92::/48", comment: "bitlair" } # /48's kunnen niet in de ipset
- { v: ipv6, cidr: "2001:678:814:68::/64", comment: "bitlair wifi" } - { v: ipv6, cidr: "2001:678:814:68::/64", comment: "bitlair wifi" }
- { v: ipv6, cidr: "2a05:2d01:0:4042::/64", comment: "bitlair servers" } - { v: ipv6, cidr: "2a05:2d01:0:4042::/64", comment: "bitlair servers" }
- { v: ipv6, cidr: "2a0e:5700:4:2::/64", comment: "foobar" } - { v: ipv6, cidr: "2a0e:5700:4:2::/64", comment: "foobar ipv6" }
root_access: root_access:
- ak - ak

2
group_vars/kvm.yaml
View file

@ -1,4 +1,2 @@
--- ---
# FIXME: nog niet kunnen testen, en mogelijk non-default config nodig ;)
nft: false

3
group_vars/shell.yaml Normal file
View file

@ -0,0 +1,3 @@
---
manage_sshd_config: false

5
inventory
View file

@ -39,6 +39,9 @@ service.bitlair.nl
[wiki] [wiki]
wiki.bitlair.nl wiki.bitlair.nl
[shell]
shell.bitlair.nl
[debian:children] [debian:children]
bank bank
fotos fotos
@ -51,4 +54,4 @@ monitoring
music music
services services
wiki wiki
shell

1
roles/common/tasks/main.yaml
View file

@ -117,6 +117,7 @@
line: 'PasswordAuthentication no' line: 'PasswordAuthentication no'
- regexp: '^#?DebianBanner' - regexp: '^#?DebianBanner'
line: 'DebianBanner no' line: 'DebianBanner no'
when: manage_sshd_config | default(true)
notify: reload sshd notify: reload sshd
- name: Allow SSH - name: Allow SSH