You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

156 lines
2.8 KiB

- hosts: attitude-adjuster
tasks:
- name: install dependencies
package:
name: "{{ item }}"
state: present
with_items:
- git
- vim
become: yes
# Security
#
# https://www.raspberrypi.org/documentation/configuration/security.md
- hosts: attitude-adjuster
tasks:
- name: disable ssh password logins
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^(#\s*)?{{ item }} '
line: "{{ item }} no"
notify: reload ssh
with_items:
- ChallengeResponseAuthentication
- PasswordAuthentication
- UsePAM
become: yes
- name: disable pi user
user:
name: pi
password: !
become: yes
- name: install ufw and fail2ban
package:
name: "{{ item }}"
state: present
become: yes
with_items:
- ufw
- fail2ban
- name: allow access to dns, http, and https
ufw:
rule: allow
name: "{{ item }}"
with_items:
- DNS
- WWW Full
become: yes
- name: limit ssh access
ufw:
rule: limit
name: OpenSSH
become: yes
- name: enable ufw
ufw:
state: enabled
become: yes
- name: create jail.local
copy:
src: jail.local
dest: /etc/fail2ban/
become: yes
notify: reload fail2ban
handlers:
- name: reload ssh
service:
name: ssh
state: reloaded
- name: reload fail2ban
service:
name: fail2ban
state: reloaded
# Pi-Hole
- hosts: attitude-adjuster
tasks:
- name: clone the pi-hole repo
git:
repo: https://github.com/pi-hole/pi-hole.git
dest: ~/src/pi-hole
depth: 1
# ddclient
- hosts: attitude-adjuster
tasks:
- name: install ddclient
package:
name: ddclient
state: present
become: yes
- name: configure ddclient
copy:
src: ddclient.conf.private
dest: /etc/ddclient.conf
mode: go-r
become: yes
notify: restart ddclient
- name: enable ddclient
service:
name: ddclient
enabled: yes
become: yes
handlers:
- name: restart ddclient
service:
name: ddclient
state: restarted
become: yes
# Homebridge
- hosts: attitude-adjuster
tasks:
- name: install npm
package:
name: npm
state: present
become: yes
- name: install homebridge
npm:
name: "{{ item }}"
global: yes
with_items:
- homebridge
- homebridge-smartthings-tonesto7
become: yes
- name: create ~/.homebridge
file:
path: ~/.homebridge
state: directory
- name: copy homebridge config
copy:
src: config.json
dest: ~/.homebridge/config.json