ansible/infra-automation
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10 Commits 1 Branch 0 Tags
048f2bf808034c701c97fa80220cdc25f904e596
Commit Graph

10 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ansible
048f2bf808 Convert secrets directory to private git submodule 
- Remove secrets files from main repository
- Add secrets as git submodule pointing to private repository
- Secrets repository: ansible/secrets (private)
- Follows security best practice of separating sensitive data

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-10 23:11:01 +01:00
ansible
455133c600 Initial commit: Ansible infrastructure automation 
- Add comprehensive Ansible guidelines and best practices (CLAUDE.md)
- Add infrastructure inventory documentation
- Add VM deployment playbooks and configurations
- Add dynamic inventory plugins (libvirt_kvm, ssh_config)
- Add cloud-init and preseed configurations for automated deployments
- Add security-first configuration templates
- Add role and setup documentation

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
 2025-11-10 23:02:32 +01:00
Infrastructure Team
5ba666dfbf Add quick reference cheatsheets for all playbooks 
Cheatsheets created:
- deploy-debian12-vm.md - Basic Debian 12 deployment reference
- deploy-debian-lvm-netinst.md - Network installer with native LVM
- deploy-linux-vm.md - Multi-distribution quick reference
- deploy-linux-vm-lvm.md - Multi-distro with post-config LVM
- deploy-linux-vm-role.md - Role-based deployment guide
- test-deploy-linux-vm-role.md - Testing and validation procedures

Each cheatsheet includes:
- Quick deployment commands
- Variable reference tables
- Tag-based execution examples
- Post-deployment verification steps
- LVM management commands (where applicable)
- Troubleshooting procedures
- Security validation steps
- VM management commands
 2025-11-10 22:52:11 +01:00
Infrastructure Team
04a381e0d5 Add comprehensive documentation 
- Add linux-vm-deployment.md with complete deployment guide
  - Architecture overview and security model
  - Supported distributions matrix
  - LVM partitioning specifications
  - Distribution-specific configurations
  - Troubleshooting procedures
  - Performance tuning guidelines
 2025-11-10 22:52:03 +01:00
Infrastructure Team
82796a18e4 Add test playbook for deploy_linux_vm role 
- Test configuration for Debian 12 with LVM enabled
- Validates LVM configuration compliance
- Tests SSH hardening (GSSAPI disabled)
- Verifies security features (firewall, audit, updates)
- Includes post-test validation checklist
- Documents expected test output and verification steps
 2025-11-10 22:51:57 +01:00
Infrastructure Team
eec15a1cc2 Add deploy_linux_vm role with LVM and SSH hardening 
Features:
- Multi-distribution support (Debian, Ubuntu, RHEL, AlmaLinux, Rocky, SUSE)
- LVM configuration with meaningful volume groups and logical volumes
- 8 LVs: lv_opt, lv_tmp, lv_home, lv_var, lv_var_log, lv_var_tmp, lv_var_audit, lv_swap
- Security mount options on sensitive directories

SSH Hardening:
- GSSAPI authentication disabled
- GSSAPI cleanup credentials disabled
- Root login disabled via SSH
- Password authentication disabled
- Key-based authentication only
- MaxAuthTries: 3, ClientAliveInterval: 300s

Security Features:
- SELinux enforcing (RHEL family)
- AppArmor enabled (Debian family)
- Firewall configuration (UFW/firewalld)
- Automatic security updates
- Audit daemon (auditd) enabled
- Time synchronization (chrony)
- Essential security packages (aide, auditd)

Role Structure:
- Modular task organization (validate, install, download, storage, deploy, lvm)
- Tag-based execution for selective deployment
- OS-family specific cloud-init templates
- Comprehensive variable defaults (100+ configurable options)
- Post-deployment validation tasks
 2025-11-10 22:51:51 +01:00
Infrastructure Team
47df4035c3 Add LVM-enabled VM deployment playbooks 
- Add deploy-debian-lvm-netinst.yml for Debian with native LVM
  - Uses network installer with preseed configuration
  - Full LVM partitioning per infrastructure guidelines
  - Creates vg_system with 8 logical volumes
  - Separate /boot, /opt, /tmp, /home, /var, /var/log, /var/tmp, /var/log/audit
  - Security mount options (noexec,nosuid,nodev on /tmp and /var/tmp)

- Add deploy-linux-vm-lvm.yml for multi-distro with post-config LVM
  - Supports all distributions from deploy-linux-vm.yml
  - Deploys VM with secondary 30GB disk for LVM
  - Post-deployment LVM configuration on /dev/vdb
  - Data migration from primary disk to LVM volumes
  - Automatic fstab updates
 2025-11-10 22:51:40 +01:00
Infrastructure Team
a5337029ff Add multi-distribution VM deployment playbooks 
- Add deploy-debian12-vm.yml for basic Debian 12 deployment
- Add deploy-linux-vm.yml for multi-distribution support
  - Support for Debian, Ubuntu, RHEL, CentOS, Rocky, Alma, SUSE
  - Cloud-init based provisioning
  - Distribution-specific security hardening
  - Automatic security updates configuration
  - UFW/firewalld setup per OS family
  - SELinux enforcing for RHEL family
 2025-11-10 22:51:30 +01:00
Infrastructure Team
e7f5c7aea7 Add dynamic inventory configuration 
- Add development environment inventory structure
- Configure libvirt/KVM inventory plugin for VM management
- Add grokbox hypervisor host configuration
- Include existing VM hosts (pihole, mymx, derp)
- Set up SSH ProxyJump through grokbox for all VMs
 2025-11-10 22:51:17 +01:00
Infrastructure Team
77d3dda572 Add infrastructure configuration files 
- Add .gitignore for Ansible project (Python, temp files, secrets)
- Add ansible.cfg with optimized settings
  - Enable SSH pipelining for performance
  - Configure fact caching with jsonfile backend
  - Set roles_path and inventory defaults
 2025-11-10 22:50:59 +01:00