[WIP] Add ansible playbook to automate service provider setup #10
@ -43,3 +43,4 @@
|
||||
- [nitro-node-setup](./nitro-nodes-setup/README.md)
|
||||
- [nitro-bridge-setup](./nitro-bridge-setup/README.md)
|
||||
- [nitro-contracts-setup](./nitro-contracts-setup/README.md)
|
||||
- [service-provider-setup](./service-provider-setup/README.md)
|
||||
|
||||
@ -1,5 +1,9 @@
|
||||
# service-provider-setup
|
||||
|
||||
## Setup Ansible
|
||||
|
||||
To get started, follow the [installation](../README.md#installation) guide to setup ansible on your machine
|
||||
|
||||
## Configure DNS
|
||||
|
||||
### Prerequisites
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
- name: Configure DNS records
|
||||
hosts: localhost
|
||||
gather_facts: no
|
||||
|
||||
vars_files:
|
||||
- dns-vars.yml
|
||||
|
||||
|
||||
100
service-provider-setup/setup-user.yml
Normal file
100
service-provider-setup/setup-user.yml
Normal file
@ -0,0 +1,100 @@
|
||||
- name: Configure system
|
||||
hosts: deployment_host
|
||||
become: yes
|
||||
|
||||
tasks:
|
||||
- name: Set unique hostname
|
||||
hostname:
|
||||
name: "{{ inventory_hostname }}"
|
||||
when: ansible_hostname != inventory_hostname
|
||||
|
||||
- name: Install additional packages
|
||||
apt:
|
||||
name:
|
||||
- doas
|
||||
- zsh
|
||||
- tmux
|
||||
- git
|
||||
- jq
|
||||
- acl
|
||||
- curl
|
||||
- wget
|
||||
- netcat-traditional
|
||||
- fping
|
||||
- rsync
|
||||
- htop
|
||||
- iotop
|
||||
- iftop
|
||||
- tar
|
||||
- less
|
||||
- firewalld
|
||||
- sshguard
|
||||
- wireguard
|
||||
- iproute2
|
||||
- iperf3
|
||||
- zfsutils-linux
|
||||
- net-tools
|
||||
- ca-certificates
|
||||
- gnupg
|
||||
- sshpass
|
||||
state: latest
|
||||
update_cache: true
|
||||
|
||||
- name: Verify status of firewalld and enable sshguard
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
enabled: yes
|
||||
state: started
|
||||
loop:
|
||||
- firewalld
|
||||
- sshguard
|
||||
|
||||
- name: Disable and remove snapd
|
||||
block:
|
||||
- name: Disable snapd services
|
||||
systemd:
|
||||
name: "{{ item }}"
|
||||
enabled: no
|
||||
state: stopped
|
||||
loop:
|
||||
- snapd.service
|
||||
- snapd.socket
|
||||
- snapd.seeded
|
||||
- snapd.snap-repair.timer
|
||||
|
||||
- name: Purge snapd
|
||||
apt:
|
||||
name: snapd
|
||||
state: absent
|
||||
|
||||
- name: Remove snap directories
|
||||
file:
|
||||
path: "{{ item }}"
|
||||
state: absent
|
||||
loop:
|
||||
- "{{ ansible_env.HOME }}/snap"
|
||||
- /snap
|
||||
- /var/snap
|
||||
- /var/lib/snapd
|
||||
become: yes
|
||||
|
||||
- name: Create a user named 'so'
|
||||
user:
|
||||
name: so
|
||||
password: "{{ 'so-service-provider' | password_hash('sha512') }}"
|
||||
shell: /bin/bash
|
||||
state: present
|
||||
|
||||
- name: Add 'so' user to sudoers group
|
||||
user:
|
||||
name: so
|
||||
groups: sudo
|
||||
append: yes
|
||||
|
||||
- name: Ensure .ssh directory exists for 'so' user
|
||||
file:
|
||||
path: /home/so/.ssh
|
||||
state: directory
|
||||
owner: so
|
||||
group: so
|
||||
mode: '0700'
|
||||
Loading…
Reference in New Issue
Block a user