testnet-ops/service-provider-setup/setup-user.yml

- name: Configure system
  hosts: "{{ target_host }}"
  become: yes

  vars_files:
    - vars/user-vars.yml

  tasks:
    - name: Set unique hostname
      hostname:
        name: "{{ inventory_hostname }}"
      when: ansible_hostname != inventory_hostname

    # TODO: Move installation to k8s playbook
    - name: Install additional packages
      apt:
        name:
          - doas
          - zsh
          - tmux
          - git
          - jq
          - acl
          - curl
          - wget
          - netcat-traditional
          - fping
          - rsync
          - htop
          - iotop
          - iftop
          - tar
          - less
          - firewalld
          - sshguard
          - wireguard
          - iproute2
          - iperf3
          - zfsutils-linux
          - net-tools
          - ca-certificates
          - gnupg
          - sshpass
        state: latest
        update_cache: true

    - name: Verify status of firewalld and enable sshguard
      systemd:
        name: "{{ item }}"
        enabled: yes
        state: started
      loop:
        - firewalld
        - sshguard

    - name: Disable and remove snapd
      block:
        - name: Disable snapd services
          systemd:
            name: "{{ item }}"
            enabled: no
            state: stopped
          loop:
            - snapd.service
            - snapd.socket
            - snapd.seeded
            - snapd.snap-repair.timer

        - name: Purge snapd
          apt:
            name: snapd
            state: absent

        - name: Remove snap directories
          file:
            path: "{{ item }}"
            state: absent
          loop:
            - "{{ ansible_env.HOME }}/snap"
            - /snap
            - /var/snap
            - /var/lib/snapd
          become: yes

    - name: Create a user
      user:
        name: "{{ username }}"
        password: "{{ '{{ password }}' | password_hash('sha512') }}"
        shell: /bin/bash
        state: present

    - name: Add user to sudoers group
      user:
        name: "{{ username }}"
        groups: sudo
        append: yes

    - name: Ensure .ssh directory exists for user
      file:
        path: /home/"{{ username }}"/.ssh
        state: directory
        owner: "{{ username }}"
        group: "{{ username }}"
        mode: '0700'

    - name: Copy SSH public key to authorized_keys
      copy:
        src: "{{ path_to_ssh_key }}"
        dest: /home/{{ username }}/.ssh/authorized_keys
        owner: "{{ username }}"
        group: "{{ username }}"
        mode: '0600'

    - name: Add user to sudoers for passwordless sudo
      lineinfile:
        path: /etc/sudoers
        state: present
        regexp: '^{{ username }} ALL=\(ALL\) NOPASSWD:ALL'
        line: '{{ username }} ALL=(ALL) NOPASSWD:ALL'
        validate: 'visudo -cf %s'
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`- name: Configure system`
Add tasks to install laconic-so, python, pip and ansible on remote host 2024-09-18 12:10:57 +00:00			`hosts: "{{ target_host }}"`
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`become: yes`

Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`vars_files:`
			`- vars/user-vars.yml`

Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`tasks:`
			`- name: Set unique hostname`
			`hostname:`
			`name: "{{ inventory_hostname }}"`
			`when: ansible_hostname != inventory_hostname`

Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`# TODO: Move installation to k8s playbook`
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`- name: Install additional packages`
			`apt:`
			`name:`
			`- doas`
			`- zsh`
			`- tmux`
			`- git`
			`- jq`
			`- acl`
			`- curl`
			`- wget`
			`- netcat-traditional`
			`- fping`
			`- rsync`
			`- htop`
			`- iotop`
			`- iftop`
			`- tar`
			`- less`
			`- firewalld`
			`- sshguard`
			`- wireguard`
			`- iproute2`
			`- iperf3`
			`- zfsutils-linux`
			`- net-tools`
			`- ca-certificates`
			`- gnupg`
			`- sshpass`
			`state: latest`
			`update_cache: true`

			`- name: Verify status of firewalld and enable sshguard`
			`systemd:`
			`name: "{{ item }}"`
			`enabled: yes`
			`state: started`
			`loop:`
			`- firewalld`
			`- sshguard`

			`- name: Disable and remove snapd`
			`block:`
			`- name: Disable snapd services`
			`systemd:`
			`name: "{{ item }}"`
			`enabled: no`
			`state: stopped`
			`loop:`
			`- snapd.service`
			`- snapd.socket`
			`- snapd.seeded`
			`- snapd.snap-repair.timer`

			`- name: Purge snapd`
			`apt:`
			`name: snapd`
			`state: absent`

			`- name: Remove snap directories`
			`file:`
			`path: "{{ item }}"`
			`state: absent`
			`loop:`
			`- "{{ ansible_env.HOME }}/snap"`
			`- /snap`
			`- /var/snap`
			`- /var/lib/snapd`
			`become: yes`

Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`- name: Create a user`
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`user:`
Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`name: "{{ username }}"`
			`password: "{{ '{{ password }}' \| password_hash('sha512') }}"`
			`shell: /bin/bash`
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`state: present`

Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`- name: Add user to sudoers group`
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`user:`
Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`name: "{{ username }}"`
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`groups: sudo`
			`append: yes`

Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`- name: Ensure .ssh directory exists for user`
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`file:`
Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`path: /home/"{{ username }}"/.ssh`
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`state: directory`
Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`owner: "{{ username }}"`
			`group: "{{ username }}"`
Add playbook to setup so user 2024-09-18 10:08:38 +00:00			`mode: '0700'`
Update README 2024-09-23 13:29:16 +00:00
Add task to setup passwordless sudo for user 2024-09-26 04:46:47 +00:00			`- name: Copy SSH public key to authorized_keys`
			`copy:`
			`src: "{{ path_to_ssh_key }}"`
			`dest: /home/{{ username }}/.ssh/authorized_keys`
			`owner: "{{ username }}"`
			`group: "{{ username }}"`
			`mode: '0600'`

			`- name: Add user to sudoers for passwordless sudo`
			`lineinfile:`
			`path: /etc/sudoers`
			`state: present`
			`regexp: '^{{ username }} ALL=\(ALL\) NOPASSWD:ALL'`
			`line: '{{ username }} ALL=(ALL) NOPASSWD:ALL'`
			`validate: 'visudo -cf %s'`