ansible
455133c600
- Add comprehensive Ansible guidelines and best practices (CLAUDE.md) - Add infrastructure inventory documentation - Add VM deployment playbooks and configurations - Add dynamic inventory plugins (libvirt_kvm, ssh_config) - Add cloud-init and preseed configurations for automated deployments - Add security-first configuration templates - Add role and setup documentation 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
74 lines
1.3 KiB
YAML
74 lines
1.3 KiB
YAML
#cloud-config
|
|
hostname: debian
|
|
fqdn: debian.localdomain
|
|
manage_etc_hosts: true
|
|
|
|
# Create ansible user
|
|
users:
|
|
- name: ansible
|
|
groups: sudo
|
|
shell: /bin/bash
|
|
sudo: ['ALL=(ALL) NOPASSWD:ALL']
|
|
ssh_authorized_keys:
|
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILBrnivsqjhAxWYeuuvnYc3neeRRuHsr2SjeKv+Drtpu user@debian
|
|
|
|
# Set root password
|
|
chpasswd:
|
|
list: |
|
|
root:kpKzCuawxG3VFqOx0dEXrpRhbu/uNbdeu27GovG9IUU=
|
|
expire: False
|
|
|
|
# SSH configuration
|
|
ssh_pwauth: true
|
|
disable_root: false
|
|
|
|
# Package installation
|
|
packages:
|
|
- sudo
|
|
- vim
|
|
- htop
|
|
- tmux
|
|
- curl
|
|
- wget
|
|
- rsync
|
|
- git
|
|
- python3
|
|
- python3-pip
|
|
- jq
|
|
- bc
|
|
- aide
|
|
- auditd
|
|
- chrony
|
|
- ufw
|
|
|
|
# Configure SSH
|
|
write_files:
|
|
- path: /etc/ssh/sshd_config.d/99-security.conf
|
|
content: |
|
|
PermitRootLogin yes
|
|
PasswordAuthentication yes
|
|
PubkeyAuthentication yes
|
|
permissions: '0644'
|
|
- path: /etc/sudoers.d/ansible
|
|
content: |
|
|
ansible ALL=(ALL) NOPASSWD:ALL
|
|
permissions: '0440'
|
|
|
|
# Run commands
|
|
runcmd:
|
|
- systemctl enable ssh
|
|
- systemctl restart ssh
|
|
- systemctl enable chrony
|
|
- systemctl start chrony
|
|
|
|
# Enable services
|
|
packages_update: true
|
|
packages_upgrade: true
|
|
|
|
# Set timezone
|
|
timezone: UTC
|
|
|
|
# Enable logging
|
|
output:
|
|
all: '| tee -a /var/log/cloud-init-output.log'
|