41 lines
1.1 KiB
Markdown
41 lines
1.1 KiB
Markdown
# Ansible
|
|
|
|
Catalogue of Ansible playbooks and helper scripts for server management
|
|
|
|
## TODO
|
|
- Split user provisioning to get rid of `creator` and use `atmen` as fast as possible | This should be done using two differnt playbooks, and switch user between the two
|
|
- Add configuration for `creator` to lock the account after initial provisioning, only allowing short connection with returned message
|
|
|
|
## Node configuration process
|
|
### Setup user configuration
|
|
- Create provisioning user without password and sudo
|
|
- Create tanguy user with password
|
|
- Disable root login (passwd --lock root)
|
|
|
|
### SSH Setup
|
|
- Install fail2ban
|
|
- Disable SSH password login
|
|
- Change SSH port
|
|
|
|
### Miscellaneous
|
|
- Test if unattended-upgrade is installed
|
|
- Disable if true
|
|
- Disable IPv6
|
|
- Setup hostname
|
|
|
|
### Softwares
|
|
- Install k3s with token
|
|
- Install OMV for NAS node*(s)
|
|
|
|
## Update system
|
|
- General package manager update
|
|
|
|
# Additional configuration
|
|
- Add label to output node on k3s to enable load balancer
|
|
|
|
# OMV configuration
|
|
## NFS configuration
|
|
- Create FS
|
|
- Enable NFS
|
|
- `subtree_check,insecure,no_root_squash,anonuid=1000,anongid=100` in NFS share extra options
|