it-team/lmn-client
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make systems production ready.

Browse source
This commit is contained in:
Andreas B. Mundt 2023-09-06 10:07:16 +02:00
parent b518b9a206
commit 9d11c95794
2 changed files with 29 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lmn-desktop.yml
View file

@ -36,6 +36,14 @@
mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/ mirror_msfonts: http://livebox.pn.steinbeis.schule/mscorefonts/
rsyncsecret: Muster! rsyncsecret: Muster!
keys2deploy:
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKOY0hChWaCDtuiuQcM0v4/u1499esjTtnMjl4uYlnS0 andi@netboot'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAN5ylqP936MPjGNxzrzV5jMwIfMhKJdOGuVh3xGQKTM andi@yogi'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxgeu7Rpb/1++531+MopqP9haUkyh1XXpv5kmbgSjx6'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBbdOT+WSDmsBcaVFfzPRcmvOfd3CqO/FBOH44UVm7c7 raphael@uranus'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGICjy88HnMg5oaz4BJ20hgzqFWSem+HHD2PQ+As42pA raphael@pluto'
- 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKm9lu9dDo5TG99QWTkl2G5G+ZbYikLlRNOXfs/bRTHy sascha@america'
## Use grub-mkpasswd-pbkdf2 to calculate the password hash: ## Use grub-mkpasswd-pbkdf2 to calculate the password hash:
grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB' grub_pwd: 'grub.pbkdf2.sha512.10000.FB60266F69FB181327AFB76193192454FC64151559EFF4D6B8FB7C7904A2A9C4778EDD515B46F770DB6A009F36903C193917BBBC571C5B6AAB2A69208BE01A6E.7B82114A0239C0EC55A50E95C48FA74A8910DEE4088447786DAB35770B9C2CF2D1550CF3B7452155EB55D5F84E5D357BF12B8D299CF9B01BF5D71D516CF826DB'
nfs4: false nfs4: false
@ -60,6 +68,7 @@
- lmn_vm - lmn_vm
- lmn_printer - lmn_printer
- kerberize - kerberize
- lmn_security
tasks: tasks:
- name: Add local user 'virti' in the 'libvirt' group - name: Add local user 'virti' in the 'libvirt' group

20
roles/lmn_security/tasks/main.yml Normal file
View file

@ -0,0 +1,20 @@
---
- name: Deploy SSH keys
ansible.posix.authorized_key:
user: ansible
key: "{{ item }}"
loop: "{{ keys2deploy }}"
- name: Allow sudo access without password
ansible.builtin.lineinfile:
path: /etc/sudoers.d/95-lmn-ansible
line: 'ansible ALL=(root) NOPASSWD: ALL'
create: True
owner: root
group: root
mode: '0700'
- name: Disable ansible user login
ansible.builtin.user:
name: ansible
password_lock: True