Add ansible roles + templates

ansible/ansible.cfg

@@ -0,0 +1,8 @@
+[defaults]
+
+action_warnings=True
+force_color=False
+nocolor=False
+nocows=True
+
+home=~/ansible-lol/ansible

ansible/inventory

@@ -0,0 +1,19 @@
+all:
+  children:
+    debian:
+      hosts:
+        reverse-proxy:
+        git:
+        labolyon-fr:
+        matrix:
+        wiki:
+        blogs:
+        mail:
+        radius:
+        ansible:
+        dn42-router:
+        lolix-rs1:
+        lolix-ixpman:
+        dns:
+        mosquitto:
+        monitoring:

ansible/playbooks/debug.yml

@@ -0,0 +1,11 @@
+---
+# Playbook to debug and display variables
+
+- name: Display all variables/facts known for a host
+  hosts: all
+  become: no
+  tasks:
+    - name: Display all variables/facts known for a host
+      tags: debug_info
+      debug:
+        var: hostvars[inventory_hostname]

ansible/playbooks/dns.yml

@@ -0,0 +1,8 @@
+---
+# Playbook to set up the local DNS resolver
+
+- name: Install and configure the local DNS resolver
+  hosts: dns
+  become: yes
+  roles:
+    - dns-internal

ansible/playbooks/setup.yml

@@ -0,0 +1,9 @@
+---
+# Playbook to set up the servers
+
+- name: Configure access and install work tools
+  hosts: all
+  become: yes
+  roles:
+    - tools
+    - users

ansible/roles/dns-internal/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+## Reload NSD on changes
+- name: restart nsd
+  ansible.builtin.service:
+    name: nsd
+    state: restarted

ansible/roles/dns-internal/tasks/main.yml

@@ -0,0 +1,35 @@
+---
+
+- name: Install packages for local resolver
+  tags: resolver-install
+  ansible.builtin.package:
+    name:
+      - nsd
+      - git
+    state: latest
+
+- name: NSD - Enable service
+  tags: nsd-enable
+  ansible.builtin.service:
+    name: 'nsd'
+    state: started
+    enabled: yes
+
+- name: NSD - Define configuration
+  tags: nsd-configure
+  ansible.builtin.template:
+   src: nsd.conf
+   dest: /etc/nsd/nsd.conf
+   validate: /usr/sbin/nsd-checkconf %s
+   backup: yes
+  notify: restart nsd
+
+- name: Auto-update the git repo for the internal zone
+  tags: nsd-dns-gitupdate
+  ansible.builtin.git:
+   repo: https://git.labolyon.fr/LOL-si/dns-lolinternal.git
+   dest: /srv/nsd/
+   version: main
+   update: yes
+  notify:
+    - restart nsd

ansible/roles/dns-internal/templates/nsd.conf

@@ -0,0 +1,22 @@
+server:
+  server-count: 1
+  hide-version: yes
+  debug-mode: no
+  verbosity: 2
+  zonesdir: "/srv/nsd/"
+
+remote-control:
+  control-enable: yes
+  control-interface: /var/run/nsd.sock
+
+zone:
+  name: "int.labolyon.fr"
+  zonefile: "int.labolyon.fr.zone"
+
+zone:
+  name: "labolyon.dn42"
+  zonefile: "labolyon.dn42.zone"
+
+zone:
+  name: "labolyon.fr"
+  zonefile: "labolyon.fr.zone"

ansible/roles/tools/tasks/main.yml

@@ -0,0 +1,10 @@
+---
+
+- name: Load variables
+  include_vars: "{{ ansible_os_family|lower }}.yml"
+
+- name: Tools | install common packages for servers
+  ansible.builtin.package:
+    name: '{{ common_packages }}'
+    state: latest
+  tags: common-tools

ansible/roles/tools/vars/debian.yml

@@ -0,0 +1,15 @@
+---
+# vars file for tools role
+common_packages:
+  - htop
+  - neofetch
+  - curl
+  - bash
+  - figlet
+  - vim
+  - rsync
+  - needrestart
+  - lynis
+  - apt-listbugs
+  - dnsutils
+  - libpam-radius-auth

ansible/roles/users/tasks/main.yml

@@ -0,0 +1,52 @@
+---
+
+- name: Load variables
+  include_vars: "{{ ansible_os_family|lower }}.yml"
+
+- name: Linux | Set bash path for Linux hosts
+  ansible.builtin.set_fact:
+    bash_path: /bin/bash
+
+- name: All hosts | Create the users
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    home: /home/{{ item.name }}
+    shell: '{{ bash_path }}'
+    groups: sudo
+    append: true
+    state: present
+  with_items: "{{ user_details }}"
+
+- name: All hosts | Set up home directory permissions for users
+  ansible.builtin.file:
+    path: /home/{{ item.name }}
+    owner: "{{ item.name }}"
+    state: directory
+    mode: 0700
+  with_items: "{{ user_details }}"
+
+- name: All hosts | Set up ssh directory for users
+  ansible.builtin.file:
+    path: /home/{{ item.name }}/.ssh
+    owner: "{{ item.name }}"
+    state: directory
+    mode: 0700
+  with_items: "{{ user_details }}"
+
+#- name: All hosts | Add ssh keys for allowing connections
+#  ansible.builtin.template:
+#   src: authorized_keys
+#   dest: /home/vinishor/.ssh/authorized_keys
+#   owner: vinishor
+#   mode: 0600
+
+- name: Linux | Correct sudoers file permissions for ansible user
+  ansible.builtin.file:
+    path: "/etc/sudoers.d/ansible"
+    owner: root
+    group: root
+    mode: 0640
+
+- name: Linux | Define MOTD file
+  ansible.builtin.shell:
+    cmd: figlet -t {{ inventory_hostname_short | quote }} > /etc/motd

ansible/roles/users/vars/debian.yml

@@ -0,0 +1,7 @@
+---
+
+user_details:
+     - { name: vincent }
+     - { name: mirsal }
+     - { name: jerome }
+     - { name: sofian }