# Ansible

Catalogue of Ansible playbooks and helper scripts for server management
atmen: slave, servant

## Configuration options
### SSH Ports
The ssh port can be configured in 2 steps:
1. Change the `ansible_ssh_port` variable in `inventory/group_vars/all.yml`
2. Change the `sshd_port` variable in `inventory/vars/unprovisioned.yaml`

## Node configuration process
### Provisioning
- Add atmen user for provisioning
- Configure SSH key for atmen user
- Add maintainer user
- Configure SSH key for maintainer user
- Disable root login (passwd --lock root)
- Disable SSH login for creator user
- Disable SSH password login
- Change SSH port

### SSH Setup
- Install fail2ban

### Miscellaneous
- Disable unattended-upgrade is installed
- Disable IPv6
- Setup hostname
- Install open-iscsi, nfs-common, nfs-utils

### OMV configuration
- Install OMV through OMV-extras
- (lab) Add Vagrant user to SSH group
- Add atmen user to sudoers
- Install openmediavault-zfs, openmediavault-s3, openmediavault-filebrowser

# OMV manual configuration
## NFS configuration
- Create FS
- Enable NFS
- `subtree_check,insecure,no_root_squash,anonuid=1000,anongid=100` in NFS share extra options