Initial commit: Ansible infrastructure automation

- Add comprehensive Ansible guidelines and best practices (CLAUDE.md) - Add infrastructure inventory documentation - Add VM deployment playbooks and configurations - Add dynamic inventory plugins (libvirt_kvm, ssh_config) - Add cloud-init and preseed configurations for automated deployments - Add security-first configuration templates - Add role and setup documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-10 23:02:32 +01:00
parent 5ba666dfbf
commit 455133c600
17 changed files with 2983 additions and 0 deletions
--- a/setup-debian-vm.yml
+++ b/setup-debian-vm.yml
@@ -0,0 +1,113 @@
+---
+- name: Configure Debian VM with ansible user and LVM partitioning
+  hosts: debian_vm
+  remote_user: root
+  gather_facts: yes
+  vars:
+    ansible_ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBrnivsqjhAxWYeuuvnYc3neeRRuHsr2SjeKv+Drtpu user@debian"
+
+  tasks:
+    - name: Create ansible user
+      user:
+        name: ansible
+        groups: sudo
+        shell: /bin/bash
+        create_home: yes
+
+    - name: Create .ssh directory for ansible user
+      file:
+        path: /home/ansible/.ssh
+        state: directory
+        owner: ansible
+        group: ansible
+        mode: '0700'
+
+    - name: Add SSH authorized key for ansible user
+      copy:
+        content: "{{ ansible_ssh_key }}\n"
+        dest: /home/ansible/.ssh/authorized_keys
+        owner: ansible
+        group: ansible
+        mode: '0600'
+
+    - name: Configure passwordless sudo for ansible user
+      copy:
+        content: "ansible ALL=(ALL) NOPASSWD:ALL\n"
+        dest: /etc/sudoers.d/ansible
+        mode: '0440'
+        validate: 'visudo -cf %s'
+
+    - name: Configure SSH security settings
+      copy:
+        content: |
+          PermitRootLogin no
+          PasswordAuthentication no
+          PubkeyAuthentication yes
+        dest: /etc/ssh/sshd_config.d/99-security.conf
+        mode: '0644'
+      notify: restart sshd
+
+    - name: Install essential packages
+      apt:
+        name:
+          - sudo
+          - vim
+          - htop
+          - tmux
+          - curl
+          - wget
+          - rsync
+          - git
+          - python3
+          - python3-pip
+          - jq
+          - bc
+          - aide
+          - auditd
+          - chrony
+          - ufw
+          - lvm2
+          - cloud-guest-utils
+          - parted
+        state: present
+        update_cache: yes
+
+    - name: Check current disk layout
+      command: lsblk -o NAME,SIZE,TYPE,MOUNTPOINT
+      register: disk_layout
+      changed_when: false
+
+    - name: Display current disk layout
+      debug:
+        var: disk_layout.stdout_lines
+
+    - name: Check if LVM is already configured
+      stat:
+        path: /dev/vg_system
+      register: vg_system_check
+
+    - name: Configure LVM partitioning (if not already configured)
+      when: not vg_system_check.stat.exists
+      block:
+        - name: Grow root partition to use available space
+          command: growpart /dev/vda 1
+          ignore_errors: yes
+
+        - name: Resize root filesystem
+          command: resize2fs /dev/vda1
+          ignore_errors: yes
+
+    - name: Gather final disk usage
+      command: df -h
+      register: disk_usage
+      changed_when: false
+
+    - name: Display disk usage
+      debug:
+        var: disk_usage.stdout_lines
+
+  handlers:
+    - name: restart sshd
+      systemd:
+        name: sshd
+        state: restarted