Catalogue of Ansible playbooks and helper scripts for server management
gitlab | ||
headscale | ||
inventory | ||
k3s-ansible@8e7081243b | ||
misc | ||
node-configuration | ||
wireguard@11883d85c9 | ||
.gitmodules | ||
backup.yml | ||
init.yml | ||
Makefile | ||
README.md |
Ansible
Catalogue of Ansible playbooks and helper scripts for server management
TODO
- Split user provisioning to get rid of
creator
and useatmen
as fast as possible | This should be done using two differnt playbooks, and switch user between the two - Add configuration for
creator
to lock the account after initial provisioning, only allowing short connection with returned message
Disable creator
Change ~/.profile
to only contain a print message and exit 0
Add .hushlogin
to remove ssh login message
Node configuration process
Setup user configuration
- Create provisioning user without password and sudo
- Create tanguy user with password
- Disable root login (passwd --lock root)
SSH Setup
- Install fail2ban
- Disable SSH password login
- Change SSH port
Miscellaneous
- Test if unattended-upgrade is installed
- Disable if true
- Disable IPv6
- Setup hostname
Softwares
- Install k3s with token
- Install OMV for NAS node*(s)
Update system
- General package manager update
Additional configuration
- Add label to output node on k3s to enable load balancer
OMV configuration
NFS configuration
- Create FS
- Enable NFS
subtree_check,insecure,no_root_squash,anonuid=1000,anongid=100
in NFS share extra options