From 42a664fba8fc3f3c2fa178ad0f573b86df0befe0 Mon Sep 17 00:00:00 2001
From: stratholme <root@stratholme.zom.bi>
Date: Thu, 23 Mar 2023 00:57:19 +0100
Subject: [PATCH] add "common" role for users, packages and ssh keys

---
 ansible/group_vars/all/packages.yml  | 24 ++++++++++++++++++++++++
 ansible/group_vars/all/users.yml     | 20 ++++++++++++++++++++
 ansible/roles/common/tasks/apt.yml   |  4 ++++
 ansible/roles/common/tasks/main.yml  |  6 ++++++
 ansible/roles/common/tasks/ssh.yml   | 22 ++++++++++++++++++++++
 ansible/roles/common/tasks/users.yml | 16 ++++++++++++++++
 6 files changed, 92 insertions(+)
 create mode 100644 ansible/group_vars/all/packages.yml
 create mode 100644 ansible/group_vars/all/users.yml
 create mode 100644 ansible/roles/common/tasks/apt.yml
 create mode 100644 ansible/roles/common/tasks/main.yml
 create mode 100644 ansible/roles/common/tasks/ssh.yml
 create mode 100644 ansible/roles/common/tasks/users.yml

diff --git a/ansible/group_vars/all/packages.yml b/ansible/group_vars/all/packages.yml
new file mode 100644
index 0000000..1f6e0a9
--- /dev/null
+++ b/ansible/group_vars/all/packages.yml
@@ -0,0 +1,24 @@
+---
+packages:
+  - "vim"
+  - "htop"
+  - "sudo"
+  - "tmux"
+  - "zsh"
+  - "bash"
+  - "git"
+  - "build-essential"
+  - "docker.io"
+  - "docker-compose"
+  - "ncdu"
+  - "curl"
+  - "wget"
+  - "unzip"
+  - "tar"
+  - "gzip"
+  - "emacs-nox"
+  - "man"
+  - "mtr"
+  - "nmap"
+  - "netcat"
+  - "python3-venv"
diff --git a/ansible/group_vars/all/users.yml b/ansible/group_vars/all/users.yml
new file mode 100644
index 0000000..a22ee7c
--- /dev/null
+++ b/ansible/group_vars/all/users.yml
@@ -0,0 +1,20 @@
+---
+users:
+  - name: bsod
+    uid: 1001
+    comment: bsod user
+    shell: /bin/bash
+    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1IX4cXX3VS6qpALQX+3COD1wPArr8CAMfyGZUYx3t3ZVhxyxvdNJFLZe5mIXEUlRI8Q7MzH9Cr2T9g0O7tJIpwTSiL0ZoUhpPf/fGcUxD+MP7L5Gd5qwxfzlafZGWb7pdcY3AsIfCdZKMGKS6B+D3acweENSKMFiKZ5QBnShjx0Tw6sFmVq6Yaxw82lSmRAu73UskL0wOBA81VkJj7+WOuQWw7aCiIEQGysquo5phMBlnMpl6s7yVL0TGJqMSya//mcwc3T7H7AHshaYYbbsWMURXcaLktXeQw3qTeWDH2JS/UBDfIth1artGQeMYG+ARlrDJVsgbVzZG7A+kMwkz bsod@glados"
+
+  - name: lino
+    uid: 1002
+    comment: Linus Erbil
+    shell: /bin/bash
+    key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5vHIAhSnWT3se5lC+DesiTYqELzU7E9JKTh7gNIWS+"
+
+  - name: lod
+    uid: 1003
+    comment: lod
+    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHHP8fvK2xoz/WnrZdPT6Qe6l1uILxIiUPHhU+4TrHwgqcba1UmURrF0aZBbXxmZKpQrWQxu6zye27Wk3CYgUQNmyC+qvWT5XtKdy4nlnVj51N7ihEZ5CHtcMBA8vldpE87YCaIgREq0DY05mEHn+5U5GiSvUKkgPLeV3wqEdYVgoDR9/eQ8rwBsQN2wfWJDJx63Ay+wBOxdvmQ4oWquQBpE6gX/dvhtuBG9OCM8hvevvsBg2N9TuMf70mkk/ElLx2rMUPUk3EgKlUhnnHNVSx0HnKiyqs81FdNCOU4tpSht15+9GnI4+ETMjwG617SsyESa1770U5k7VHPwyo0wB1zdQ58DDaA9sWizcREv5ru6Fr7dW8PGFIdx+i8ZsRkIXCP8be1n3KfCySvrLNmGvCoC9avjw3TbGTItXeSFrEdRh/pLkJtfvViU3UnwnT+HuQwCd6BrVKyd1Ee9MSrKKw9rYWph1UUqJK+Q3L/IWIa7pOkO6pMDizCnj8HjyU1YzvEQAkrlCSEQsU78EP4hg/f1BTPH1t/3Uy8q36/0V4dQIa5d1G+DDSgrRukM1G67V0IPq7uKEf6WBaoMb6XTXt8/RB2bLaD0XuRlcA5wkgRAmL8S0dBR9dSzwLMQMM91eCiejxX1akyvDSaSsZ6t2MpHQeG0sTn8Jld8NjSsEkbw=="
+
+
diff --git a/ansible/roles/common/tasks/apt.yml b/ansible/roles/common/tasks/apt.yml
new file mode 100644
index 0000000..af95ad2
--- /dev/null
+++ b/ansible/roles/common/tasks/apt.yml
@@ -0,0 +1,4 @@
+- name: Install software
+  apt:
+    pkg: "{{ packages }}"
+
diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml
new file mode 100644
index 0000000..79ef427
--- /dev/null
+++ b/ansible/roles/common/tasks/main.yml
@@ -0,0 +1,6 @@
+- name: install dependencies
+  include_tasks: apt.yml
+- name: create users
+  include_tasks: users.yml
+- name: configure SSH
+  include_tasks: ssh.yml
diff --git a/ansible/roles/common/tasks/ssh.yml b/ansible/roles/common/tasks/ssh.yml
new file mode 100644
index 0000000..485f066
--- /dev/null
+++ b/ansible/roles/common/tasks/ssh.yml
@@ -0,0 +1,22 @@
+- name: Allow 'sudo' group to have passwordless sudo
+  lineinfile:
+    dest: /etc/sudoers
+    state: present
+    regexp: '^%sudo'
+    line: '%sudo   ALL=(ALL:ALL) NOPASSWD: ALL'
+    validate: visudo -cf %s
+
+- name: root login is disabled
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    state: present
+    line: 'PermitRootLogin no'
+  notify: restart sshd
+
+- name: SSH Password auth is disabled
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    state: present
+    line: 'PasswordAuthentication no'
+  notify: restart sshd
+
diff --git a/ansible/roles/common/tasks/users.yml b/ansible/roles/common/tasks/users.yml
new file mode 100644
index 0000000..7f3edc7
--- /dev/null
+++ b/ansible/roles/common/tasks/users.yml
@@ -0,0 +1,16 @@
+---
+- name: Add users
+  user:
+    name: "{{ item.name }}"
+    comment: "{{ item.comment }}"
+    uid: "{{ item.uid }}"
+    shell: "{{ item.shell }}"
+    groups: "sudo"
+    state: present
+  loop: "{{ users }}"
+
+- name: Copy SSH Keys
+  authorized_key:
+    user: "{{ item.name }}"
+    key: "{{ item.key }}"
+  loop: "{{ users }}"