You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
156 lines
2.8 KiB
156 lines
2.8 KiB
- hosts: attitude-adjuster
|
|
tasks:
|
|
|
|
- name: install dependencies
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
with_items:
|
|
- git
|
|
- vim
|
|
become: yes
|
|
|
|
# Security
|
|
#
|
|
# https://www.raspberrypi.org/documentation/configuration/security.md
|
|
|
|
- hosts: attitude-adjuster
|
|
tasks:
|
|
|
|
- name: disable ssh password logins
|
|
lineinfile:
|
|
path: /etc/ssh/sshd_config
|
|
regexp: '^(#\s*)?{{ item }} '
|
|
line: "{{ item }} no"
|
|
notify: reload ssh
|
|
with_items:
|
|
- ChallengeResponseAuthentication
|
|
- PasswordAuthentication
|
|
- UsePAM
|
|
become: yes
|
|
|
|
- name: disable pi user
|
|
user:
|
|
name: pi
|
|
password: !
|
|
become: yes
|
|
|
|
- name: install ufw and fail2ban
|
|
package:
|
|
name: "{{ item }}"
|
|
state: present
|
|
become: yes
|
|
with_items:
|
|
- ufw
|
|
- fail2ban
|
|
|
|
- name: allow access to dns, http, and https
|
|
ufw:
|
|
rule: allow
|
|
name: "{{ item }}"
|
|
with_items:
|
|
- DNS
|
|
- WWW Full
|
|
become: yes
|
|
|
|
- name: allow access to dhcp
|
|
ufw:
|
|
rule: allow
|
|
proto: udp
|
|
port: 67
|
|
become: yes
|
|
|
|
- name: limit ssh access
|
|
ufw:
|
|
rule: limit
|
|
name: OpenSSH
|
|
become: yes
|
|
|
|
- name: enable ufw
|
|
ufw:
|
|
state: enabled
|
|
become: yes
|
|
|
|
- name: create jail.local
|
|
copy:
|
|
src: jail.local
|
|
dest: /etc/fail2ban/
|
|
become: yes
|
|
notify: reload fail2ban
|
|
|
|
handlers:
|
|
- name: reload ssh
|
|
service:
|
|
name: ssh
|
|
state: reloaded
|
|
- name: reload fail2ban
|
|
service:
|
|
name: fail2ban
|
|
state: reloaded
|
|
|
|
- import_playbook: pihole.yml
|
|
|
|
# ddclient
|
|
|
|
- hosts: attitude-adjuster
|
|
vars_files:
|
|
- vars.yml.private
|
|
tasks:
|
|
|
|
- name: install ddclient
|
|
package:
|
|
name: ddclient
|
|
state: present
|
|
become: yes
|
|
|
|
- name: configure ddclient
|
|
template:
|
|
src: ddclient.conf
|
|
dest: /etc/ddclient.conf
|
|
mode: go-r
|
|
become: yes
|
|
notify: restart ddclient
|
|
|
|
- name: enable ddclient
|
|
service:
|
|
name: ddclient
|
|
enabled: yes
|
|
become: yes
|
|
|
|
handlers:
|
|
- name: restart ddclient
|
|
service:
|
|
name: ddclient
|
|
state: restarted
|
|
become: yes
|
|
|
|
# Homebridge
|
|
|
|
- hosts: attitude-adjuster
|
|
tasks:
|
|
|
|
- name: install npm
|
|
package:
|
|
name: npm
|
|
state: present
|
|
become: yes
|
|
|
|
- name: install homebridge
|
|
npm:
|
|
name: "{{ item }}"
|
|
global: yes
|
|
with_items:
|
|
- homebridge
|
|
- homebridge-smartthings-tonesto7
|
|
become: yes
|
|
|
|
- name: create ~/.homebridge
|
|
file:
|
|
path: ~/.homebridge
|
|
state: directory
|
|
|
|
- name: copy homebridge config
|
|
copy:
|
|
src: config.json
|
|
dest: ~/.homebridge/config.json
|