# Ansible Catalogue of Ansible playbooks and helper scripts for server management ## TODO - Split user provisioning to get rid of `creator` and use `atmen` as fast as possible | This should be done using two differnt playbooks, and switch user between the two - Add configuration for `creator` to lock the account after initial provisioning, only allowing short connection with returned message ## Node configuration process ### Setup user configuration - Create provisioning user without password and sudo - Create tanguy user with password - Disable root login (passwd --lock root) ### SSH Setup - Install fail2ban - Disable SSH password login - Change SSH port ### Miscellaneous - Test if unattended-upgrade is installed - Disable if true - Disable IPv6 - Setup hostname ### Softwares - Install k3s with token - Install OMV for NAS node*(s) ## Update system - General package manager update # Additional configuration - Add label to output node on k3s to enable load balancer # OMV configuration ## NFS configuration - Create FS - Enable NFS - `subtree_check,insecure,no_root_squash,anonuid=1000,anongid=100` in NFS share extra options