tudattr/ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

moved ssh to cert based

Browse Source 
Signed-off-by: Tuan-Dat Tran <tuan-dat.tran@tudattr.dev>
This commit is contained in:
Tuan-Dat Tran
2025-03-25 01:09:08 +01:00
parent 924e4a2f92
commit 56f058c254
21 changed files with 160 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ansible.cfg
View File

@@ -1,9 +1,12 @@
[defaults]
# (string) Path to the Python interpreter to be used for module execution on remote targets, or an automatic discovery mode. Supported discovery modes are ``auto`` (the default), ``auto_silent``, ``auto_legacy``, and ``auto_legacy_silent``. All discovery modes employ a lookup table to use the included system Python (on distributions known to include one), falling back to a fixed ordered list of well-known Python interpreter locations if a platform-specific default is not available. The fallback behavior will issue a warning that the interpreter should be set explicitly (since interpreters installed later may change which one is used). This warning behavior can be disabled by setting ``auto_silent`` or ``auto_legacy_silent``. The value of ``auto_legacy`` provides all the same behavior, but for backwards-compatibility with older Ansible releases that always defaulted to ``/usr/bin/python``, will use that interpreter if present.
interpreter_python=python3
# (pathspec) Colon separated paths in which Ansible will search for Roles.
roles_path=./roles
# (pathlist) Comma separated list of Ansible inventory sources
inventory=./inventory/production
inventory=./production.ini
# (path) The vault password file to use. Equivalent to --vault-password-file or --vault-id
# If executable, it will be run and the resulting stdout will be used as the password.

117
group_vars/all/secrets.yml
View File

@@ -1,56 +1,63 @@
$ANSIBLE_VAULT;1.1;AES256
34623331393561623539666362643966336661326136363431666465356535343663376236663066
3235363061633666626133313363373336656438633566630a383230393161323862303863656464
61633861323966343263363466343130306635343539326464363637383139343033656130336464
3163373535613961340a643335626165306663363063656339653862393533633534366331336231
63393432383731633463323164333831313535373261336166326237306230326465616239306536
37663863663161393130373835373062393866633864373465333937633838303130386334356566
64303663303862623038646235303934376230393538353466393232363764366339616633343433
65343730663864393766313134653335396562646135306637613031333461613965666465376532
32643261626665396338313836633337383932616265613662383132303539623239623965333966
66333638643635313262616434396164313833303065303662303736303232346535613834643435
32316434343231363662393163353832393166643739396165313631363539663439316133616361
61623830613035396333303363383332653736666231343763353666356539633433373066613330
65656631343764323234333161636632616130353139626362343361386535313336666566636464
35323434656439346262336335383366626565333765343562633236636132636532333761663535
31383565313436633438633336306430343733663539666631386532313836623166356332626664
39653762353265643861633237326662383466373539633732323833376238383963393837636466
66656631666131623166393731643537393161303636353932653062363137376334356238643064
34303666656638396263336639636135393536623037666137653132633264316431656438386432
34333632616265343435306365373039653036353337633563393739653632656163316636363336
32346638393364353634386231616639386164326531353134366639653837653236333030666139
64656334336231636337656233383834343763393738643362626665333362353335656131653165
35376330336433383262653039643131313437643265343663626363373439643932643063646439
37663630363839643263373630646430386536346132383564396463376361343661346661333636
39643961643031626462363537633263393838363262626439313838313039373035373634633462
38363938343932626131343966616638323632303636383034383536616164393539343635666166
39383434313863356434383961383139623436636230323866396366326665623863336438623335
33346634303639643131333933363838666336306438646335343931366437326462376438663837
34353938343837663930356464373332356530643231653166616331376335643832316365303164
32393062313638393936393863613731363233376537323834623164613231393133353635623866
35626337336562653265613730363961633662653331663966333430343462666535306133663835
64663539303765366331613666653632313233626231313264346332323266653230323332373836
33303564633464333064613431383230383535633362373839323334353162623433646230393838
33306162613739393338373361616634396636313765326465393332396537613263383339626666
63613162616363363138323965373966353366323463313934356530663931653565656164346363
37633862366436623030303233396639393434336438623433383530393836626164353064366432
35303532393437316162346366346636633135383938323631316563323935383561326335323438
30613266643232656138663431666162663330643133643263343237663565323231316239633037
39323732386236396136633539383335646634306139643533666636633131623566333137376236
39616134306463613864353135313636343365643437323465643862303137663937376233306261
31383862356535646563383438396363323838613237623034656561396163376433663262366137
63323562346633303162666530616534386539383238366139376263326265343138373139393432
35643335363139373139666230626363386232316536306431653964376333366235303763336135
65623231336638643034373932376263636336653561646664366138643031316438316465353363
38386539363631393433313664323135646562313537376236653635303263633230383866653039
66636534336234363438363139366531653237323137613961383831376665626365393462363834
36333965366463636233643433616431376436323535396238363933326363333661326462353161
66626435373938633832393662313161663336613862343332643766333633653866316464653735
31356135363662633961386264613836323435323836386635336338353663333137336666323531
36663731336664633763633634613136663866363530613264356431326539316530326161313362
62616539356537353261343464356334636134396664353463623163313765633432653932346136
32326239373333643461333733646264353238356134613037663836643131316664653539643839
30613235623933356565336630323939633266613164306262386666363137666661666131613962
61623930663536646462343264336535353634373833316537613839396566376466653736333830
33376663613063326230346439626237373232656665633832373364653931663361666432303166
663564323132383864336332363139393534
62353334666233376566326532636437376331316231323234643438323138316538363739343966
3637633035343637363766613038346162336437303035390a663363313565343230346363646534
39393835313839323534663430646461336536343764636463376262646666356465386234313635
3965343062616437660a613633343839303638656464616638306234363732656139653736373262
63643739313466353637613738343233353738373764653762343432643430383637313137376236
37643033323439656161333361346638643562393031363230383033363862316162353132313161
61323433643933323735376163666564666264666461666234376664323661333734313231623730
65323839383932303436306434356334396130353236323965646564303930383765376265356438
35633031623036313634333534663564653863366535643466306332386166666531343262386330
32633530313666653462326565643163616632333835643231643063393438356265313638336662
36376132353931613835343030633464633561613361376264613535383830376337303539316133
64666164306235333663303564656364303762326262313835343233303465653934623965653933
62336130653938643966656665306134376237376537663533306261623132653838363034626131
39346339666566633037663730313732393464306438623630326533333866636465353631373435
61623833393039393961633664383939623930633562383936373036616431333664376364663930
36326666653431326332316361336439303163643061343435643363376665616135653036663466
65613563356631633238303731366330303265396661303735616534653731616439613531353939
35386562626432616239643665663432373536623064383963306537386338636437663439313066
64373336373830633163633433666334393035336539363261336364376139373434316433643364
35353035326134626661663730383132323466343938373562336332663964393164663731633231
37386330363531616566663965613164663463303762363635323438366130336334323134393332
37313638346162633561393562666334616464303330376230633264623262336335613063653665
32393332396631363562643961336166666339326233366364333061303766616632323732666338
39363864336634356535333063343730663231303839393061366238353032643965353939656135
39316539333338333431383635323537653761356665343136303231633265643735623962346133
66313132313765643231373435653266633564316331633563623138303835616133303061333239
39333362323162303466383865343031663663613266643932653862623137663766343665366263
66303962353330653162356333343231393137613763316134663135613738666231373835616563
33656564343864333263646437656435363338376663636435353432643931303032306330353831
37623634353735373635303934653034356431346330376637656435356530656131343736636463
63376565333730623335386231333838353763633031663238346438643664373130343632313462
39343033623939653865383965653331366539643934363236663631313537323338643266313030
65363736653237336633343333393665333666386336666630366664313336393136383734613635
62366365356262643632306430626166346636343837653730626665646631373966396535666336
36396464626437393433656361386263613330333561643563643232333064333565626534353736
32653239353531343265353631623430363537396233363666393335356261323532633432376139
33663266303631383936623332313833616262616635356139336165323662656131643334633563
39396538383661306564333239383131623039303835323636326532653331346135343065363533
32616533643662643365383132666438383237396362653465666264346333383133653738643166
61393561396535343230343665363235326561666565376165323262396638626631363032643865
66656439626339653837353133626133326234333036386563353532383764613261326130363361
39663233656538356334326530366132346339666161386433393431663262646433353430366532
31336661316562323534356632616633363862366163346532613433393434323639313733656562
37633962613630336661623733626237613365623436346662376135646563353735623030303064
34303064323635306465326638633665333639306564343034646262326466323539643437646239
65343865646137336564356438623739323639336437626564393337343232313563353762333561
65633265386132666635303831653236346165623537343638326639383436326633323163643765
63336439643465313039653362373538333834666432383533376233643031323665303161336630
34643462376262363530633933393631343662393631356338316538333366303966623936633163
31643663616536626538323033396564656432373938383637373831306432353034383630323133
66646339636335623835636638653533323365323132383134636264396465393463353234363839
62323236386235303830393930346632366331653632306633376335643232633432386536663630
35393035303162666563653137613639636561396666623665323832636364336232333165336135
36626465393762373064353561333939626638613335323066666366326539316438363736373331
64303538663863613135303531326465666636386364356635316265373533366434323330323266
39613464343138616235663035316538636137396532373365393866376666343631626333306436
66383734303032343131356466333264393739663834393836376236656634373832356363343639
61306436366665616438636539386363616166633536316533386332383632366265313161643965
31386463323438336165383764396166393530623537666662353735646535653938383031333331
32646431366166373264326564326630313634333639646662376165643861616139336231373432
30666165373861343965333264303632623766633763376339353366313839336537616131616436
6236303866623939313466633635633136383232363034376236

6
group_vars/docker/vars.yml
View File

@@ -111,7 +111,7 @@ services:
- VERSION=docker
- name: jellyfin
vm:
- docker-host02
- docker-host01
container_name: jellyfin
image: jellyfin/jellyfin
restart: "unless-stopped"
@@ -142,7 +142,7 @@ services:
environment:
- name: hass
vm:
- docker-host02
- docker-host01
container_name: homeassistant
image: "ghcr.io/home-assistant/home-assistant:stable"
restart: unless-stopped
@@ -319,7 +319,7 @@ services:
external: 8080
- name: git
vm:
- docker-host02
- docker-host01
container_name: gitea
image: gitea/gitea:1.23.1-rootless
restart: unless-stopped

13
group_vars/proxmox/vars.yml Normal file
View File

@@ -0,0 +1,13 @@
proxmox_api_user: root
proxmox_api_host: 192.168.20.12
proxmox_api_password: "{{ vault.pve.aya01.root.sudo }}"
proxmox_vms:
- name: "test-vm-00"
hostname: "test-vm-00"
node:
- "aya01"
ostemplate: ""
proxmox_lxcs:
- name: "test-lxc-00"

11
host_vars/docker-host00.yml
View File

@@ -1,10 +1,11 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.34
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
# Configure this in ~/.ssh/config*
# ansible_user: "{{ user }}"
# ansible_host: 192.168.20.34
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.docker.host00.sudo }}"
host:
hostname: "docker-host00"
ip: "{{ ansible_host }}"
ip: "192.168.20.34"

11
host_vars/docker-host01.yml
View File

@@ -1,10 +1,11 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.35
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
# Configure this in ~/.ssh/config*
# ansible_user: "{{ user }}"
# ansible_host: 192.168.20.35
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.docker.host01.sudo }}"
host:
hostname: "docker-host01"
ip: "{{ ansible_host }}"
ip: "192.168.20.35"

11
host_vars/docker-host02.yml
View File

@@ -1,10 +1,11 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.36
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
# Configure this in ~/.ssh/config*
# ansible_user: "{{ user }}"
# ansible_host: 192.168.20.36
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.docker.host02.sudo }}"
host:
hostname: "docker-host02"
ip: "{{ ansible_host }}"
ip: "192.168.20.36"

10
host_vars/docker-lb.yml
View File

@@ -1,10 +1,10 @@
---
ansible_user: "{{ user }}"
ansible_host: 192.168.20.37
ansible_port: 22
ansible_ssh_private_key_file: "{{ pk_path }}"
# ansible_user: "{{ user }}"
# ansible_host: 192.168.20.37
# ansible_port: 22
# ansible_ssh_private_key_file: "{{ pk_path }}"
ansible_become_pass: "{{ vault.docker.lb.sudo }}"
host:
hostname: "docker-lb"
ip: "{{ ansible_host }}"
ip: "192.168.20.37"

2
playbooks/docker-host.yml
View File

@@ -1,7 +1,7 @@
---
- name: Set up Servers
hosts: docker_host
gather_facts: yes
gather_facts: true
vars_files:
- secrets.yml
roles:

2
playbooks/docker-lb.yml
View File

@@ -1,7 +1,7 @@
---
- name: Set up reverse proxy for docker
hosts: docker_lb
gather_facts: yes
gather_facts: true
vars_files:
- secrets.yml
roles:

5
playbooks/docker.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Setup Docker Hosts
ansible.builtin.import_playbook: docker-host.yml
- name: Setup Docker load balancer
ansible.builtin.import_playbook: docker-lb.yml

10
playbooks/proxmox.yml Normal file
View File

@@ -0,0 +1,10 @@
---
- name: Run proxmox vm playbook
hosts: proxmox
gather_facts: true
vars_files:
- secrets.yml
roles:
- role: proxmox_vm
tags:
- proxmox_vm

3
inventory/production → production.ini
View File

@@ -1,4 +1,7 @@
[proxmox]
127.0.0.1 ansible_connection=local
[proxmox:children]
aya01
lulu
inko

6
requirements.txt Normal file
View File

@@ -0,0 +1,6 @@
certifi==2025.1.31
charset-normalizer==3.4.1
idna==3.10
proxmoxer==2.2.0
requests==2.32.3
urllib3==2.3.0

1
roles/common/files/ssh/vault-ca.pub Normal file
View File

@@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDxIbkko72kVSfYDjJpiMH9SjHUGqBn3MbBvmotsPQhybFgnnkBpX/3fM9olP+Z6PGsmbOEs0fOjPS6uY5hjKcKsyHdZfS6cA4wjY/DL8fwATAW5FCDBtMpdg2/sb8j9jutHHs4sQeRBolVwKcv+ZAaJNnOzNHwxVUfT9bNwShthnAFjkY7oZo657FRomlkDJjmGQuratP0veKA8jYzqqPWwWidTGQerLYTyJ3Z8pbQa5eN7svrvabjjDLbVTDESE8st9WEmwvAwoj7Kz+WovCy0Uz7LRFVmaRiapM8SXtPPUC0xfyzAB3NxwBtxizdUMlShvLcL6cujcUBMulVMpsqEaOESTpmVTrMJhnJPZG/3j9ziGoYIa6hMj1J9/qLQ5dDNVVXMxw99G31x0LJoy12IE90P4Cahux8iN0Cp4oB4+B6/qledxs1fcRzsnQY/ickjKhqcJwgHzsnwjDkeYRaYte5x4f/gJ77kA20nPto7mxr2mhWot/i9B1KlMURVXOH/q4nrzhJ0hPJpM0UtzQ58TmzE4Osf/B5yoe8V//6XnelbmG/nKCIzg12d7PvaLjbFMn8IgOwDMRlip+vpyadRr/+pCawrfo4vLF7BsnJ84aoByIpbwaysgaYHtjfZWImorMVkgviC4O6Hn9/ZiLNze2A9DaNUnLVJ0nYNbmv9Q==

7
roles/common/tasks/sshd.yml
View File

@@ -10,8 +10,7 @@
- name: Copy pubkey
ansible.builtin.copy:
content: "{{ pubkey }}"
dest: "/home/{{ user }}/.ssh/authorized_keys"
owner: "{{ user }}"
group: "{{ user }}"
src: files/ssh/vault-ca.pub
dest: "/etc/ssh/vault-ca.pub"
mode: "644"
become: true

2
roles/common/templates/ssh/sshd_config
View File

@@ -1,4 +1,3 @@
Include /etc/ssh/sshd_config.d/*.conf
Protocol 2
PermitRootLogin no
MaxAuthTries 3
@@ -13,6 +12,7 @@ X11Forwarding no
PrintMotd no
TCPKeepAlive no
ClientAliveCountMax 2
TrustedUserCAKeys /etc/ssh/vault-ca.pub
UseDNS yes
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

7
roles/proxmox_vm/tasks/create_vm.yml Normal file
View File

@@ -0,0 +1,7 @@
---
# - name: Create VM
# community.general.proxmox:
# api_host: "{{ api_host }}"
# api_user: "{{ api_user }}"
# api_password: "{{ vault.proxmox.api_password }}"
# node: "{{ }}"

11
roles/proxmox_vm/tasks/get_info.yml Normal file
View File

@@ -0,0 +1,11 @@
---
- name: List existing nodes
community.general.proxmox_node_info:
api_host: "{{ proxmox_api_host }}"
api_user: "{{ proxmox_api_user }}@pam"
api_password: "{{ proxmox_api_password }}"
register: proxmox_nodes
- name: Print info
ansible.builtin.debug:
msg: "{{ proxmox_nodes }}"

5
roles/proxmox_vm/tasks/main.yml Normal file
View File

@@ -0,0 +1,5 @@
---
- name: Get info
ansible.builtin.include_tasks: get_info.yml
# - name: Create vm
# ansible.builtin.include_tasks: create_vm.yml

2
roles/reverse_proxy/templates/Caddyfile.j2
View File

@@ -10,7 +10,7 @@
{% if http_port %}
{{ service.name }}.{{ domain }} {
{% for vm in service.vm %}
reverse_proxy {{ hostvars[vm].ansible_host }}:{{ http_port[0] }}
reverse_proxy {{ hostvars[vm].host.ip }}:{{ http_port[0] }}
{% endfor %}
log {
output file /var/log/caddy/{{ service.name }}.log