From a4c3c076a3bc03ebc49963943dc7ece0edbbe4f8 Mon Sep 17 00:00:00 2001 From: Dirk Wirts Date: Fri, 3 Nov 2023 16:27:51 +0100 Subject: [PATCH] update --- Inventories/test/host_vars/ansible-test01.yml | 12 ++++- Inventories/test/host_vars/ansible-test02.yml | 12 ++++- ansible-setup_admins.yml | 14 +++++ ansible-setup_ssh_tunnel.yml | 51 +++++++++++++++++++ 4 files changed, 87 insertions(+), 2 deletions(-) create mode 100644 ansible-setup_admins.yml create mode 100644 ansible-setup_ssh_tunnel.yml diff --git a/Inventories/test/host_vars/ansible-test01.yml b/Inventories/test/host_vars/ansible-test01.yml index f00ed78..3aa440c 100644 --- a/Inventories/test/host_vars/ansible-test01.yml +++ b/Inventories/test/host_vars/ansible-test01.yml @@ -45,4 +45,14 @@ tcp_ports: - "8880" udp_ports: - - "3478" \ No newline at end of file + - "3478" + +ssh_pub_key: "" + +admin_users: + - admin-johannes + - admin-daniel + - admin-dirk + - admin-martin + +groups_to_add: "sudo,docker" \ No newline at end of file diff --git a/Inventories/test/host_vars/ansible-test02.yml b/Inventories/test/host_vars/ansible-test02.yml index f682492..6cb1ef3 100644 --- a/Inventories/test/host_vars/ansible-test02.yml +++ b/Inventories/test/host_vars/ansible-test02.yml @@ -45,4 +45,14 @@ tcp_ports: - "8880" udp_ports: - - "3478" \ No newline at end of file + - "3478" + +ssh_pub_key: "" + +admin_users: + - admin-johannes + - admin-daniel + - admin-dirk + - admin-martin + +groups_to_add: "sudo,docker" \ No newline at end of file diff --git a/ansible-setup_admins.yml b/ansible-setup_admins.yml new file mode 100644 index 0000000..9cafa5d --- /dev/null +++ b/ansible-setup_admins.yml @@ -0,0 +1,14 @@ +--- +- name: Setup Admin Users + hosts: all + become: true + + tasks: + - name: Add admin users and assign groups + ansible.builtin.user: + name: "{{ item.name }}" + groups: "{{ groups_to_add }}" + append: yes + create_home: yes + shell: /bin/bash + loop: "{{ admin_users }}" diff --git a/ansible-setup_ssh_tunnel.yml b/ansible-setup_ssh_tunnel.yml new file mode 100644 index 0000000..c6a6586 --- /dev/null +++ b/ansible-setup_ssh_tunnel.yml @@ -0,0 +1,51 @@ +--- +- name: Setup autossh-tunnel user for SSH tunneling + hosts: all + become: true + + tasks: + - name: Create SSH configuration for autossh-tunnel + ansible.builtin.copy: + dest: /etc/ssh/sshd_config.d/autossh-tunnel.conf + content: | + # Custom autossh-tunnel Settings + Match User autossh-tunnel + AllowTcpForwarding yes + PubkeyAuthentication yes + PasswordAuthentication no + AllowAgentForwarding no + ForceCommand /bin/false + X11Forwarding no + owner: root + group: root + mode: '0644' + validate: /usr/sbin/sshd -t -f %s + + - name: Add autossh-tunnel user + ansible.builtin.user: + name: autossh-tunnel + comment: "autossh-tunnel user" + uid: 33333 + group: nogroup + home: /home/autossh-tunnel + shell: /bin/false + create_home: yes + system: yes + + - name: Setup authorized_keys for autossh-tunnel + ansible.builtin.blockinfile: + path: /home/autossh-tunnel/.ssh/authorized_keys + create: yes + block: | + {{ ssh_pub_key }} autossh-tunnel + owner: autossh-tunnel + group: nogroup + mode: '0600' + + - name: Set permissions for .ssh directory + ansible.builtin.file: + path: /home/autossh-tunnel/.ssh + state: directory + owner: autossh-tunnel + group: nogroup + mode: '0700'