Ansible/README.md

45 lines
1.3 KiB
Markdown

# Ansible
Catalogue of Ansible playbooks and helper scripts for server management
## TODO
- Split user provisioning to get rid of `creator` and use `atmen` as fast as possible | This should be done using two differnt playbooks, and switch user between the two
- Add configuration for `creator` to lock the account after initial provisioning, only allowing short connection with returned message
### Disable creator
Change `~/.profile` to only contain a print message and `exit 0`
Add `.hushlogin` to remove ssh login message
## Node configuration process
### Setup user configuration
- Create provisioning user without password and sudo
- Create tanguy user with password
- Disable root login (passwd --lock root)
### SSH Setup
- Install fail2ban
- Disable SSH password login
- Change SSH port
### Miscellaneous
- Test if unattended-upgrade is installed
- Disable if true
- Disable IPv6
- Setup hostname
### Softwares
- Install k3s with token
- Install OMV for NAS node*(s)
## Update system
- General package manager update
# Additional configuration
- Add label to output node on k3s to enable load balancer
# OMV configuration
## NFS configuration
- Create FS
- Enable NFS
- `subtree_check,insecure,no_root_squash,anonuid=1000,anongid=100` in NFS share extra options