scip/bsdnix
1
0
Fork 0
Code Issues Pull Requests Activity

more work, get rid of jail stuff, using vps directly

Browse Source
This commit is contained in:
Thomas von Dein 2024-11-16 11:16:54 +01:00
parent 9c2c43730a
commit 5a0e645bed
9 changed files with 64 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Makefile
View File

@ -14,6 +14,8 @@ DEBUG_COMMAND = ansible-playbook debug.yaml -i inventory
ENV = HCLOUD_TOKEN="$(TOKEN)" SNAPSHOT="$(SNAPSHOT)" ANSIBLE_VERBOSITY=$(verbose) ENV = HCLOUD_TOKEN="$(TOKEN)" SNAPSHOT="$(SNAPSHOT)" ANSIBLE_VERBOSITY=$(verbose)
all: create deploy
debug: debug:
$(ENV) $(DEBUG_COMMAND) $(ENV) $(DEBUG_COMMAND)
@ -23,9 +25,6 @@ create:
hosts: hosts:
$(ENV) $(HOSTS_COMMAND) $(ENV) $(HOSTS_COMMAND)
all: create
$(ENV) $(DEPLOY_COMMAND)
deploy: deploy:
$(ENV) $(DEPLOY_COMMAND) $(ENV) $(DEPLOY_COMMAND)

2
TODO.md
View File

@ -1,5 +1,7 @@
## Install tarball ## Install tarball
### clean known_host doesnt work
### install from tarball example: ### install from tarball example:
```yaml ```yaml

19
create.yaml
View File

@ -1,3 +1,19 @@
- name: Create the home volume
hosts: localhost
connection: local
# FIXME: create volume role
tasks:
- name: Create the home volume
hetzner.hcloud.volume:
# FIXME: put to vars
# FIXME: add mount to server
# FIXME: gpart create -s GPT da1 && gpart add -t freebsd-zfs -l storage -a 1M da1 && zpool create -f home da1
name: home
location: fsn1
format: ext4
size: 100
state: present
- name: Create BSDNIX Servers - name: Create BSDNIX Servers
hosts: vps hosts: vps
connection: local connection: local
@ -8,6 +24,7 @@
# during testing the ip addresses change all the time, so tune the # during testing the ip addresses change all the time, so tune the
# known_hosts file accordingly after setup # known_hosts file accordingly after setup
# FIXME: doesn't work correctly yet
- name: Add/cleanup public keys of all vps' to known_hosts file - name: Add/cleanup public keys of all vps' to known_hosts file
hosts: localhost hosts: localhost
connection: local connection: local
@ -23,3 +40,5 @@
state: present state: present
loop: "{{ ssh_known_hosts | map('extract', hostvars, ['ipv6']) | list }}" loop: "{{ ssh_known_hosts | map('extract', hostvars, ['ipv6']) | list }}"
become: no become: no

5
deploy.yaml
View File

@ -7,5 +7,6 @@
- role: server - role: server
- role: network - role: network
- role: firewall - role: firewall
- role: jails - role: ssh
- role: pubnix #- role: jails
#- role: pubnix

2
roles/pubnix/tasks/main.yaml
View File

@ -33,7 +33,7 @@
register: jailip register: jailip
- name: create jail - name: create jail
shell: "bastille create -V {{ role_name }} {{ release }} {{ jailip.stdout }}/64 vtnet0" shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
args: args:
creates: /usr/local/bastille/jails/{{ role_name }} creates: /usr/local/bastille/jails/{{ role_name }}

6
roles/remove/tasks/main.yaml
View File

@ -1,4 +1,9 @@
--- ---
- name: Remove volume
hetzner.hcloud.volume:
name: home
state: absent
- name: Remove server - name: Remove server
hcloud_server: hcloud_server:
name: "{{ hostname }}" name: "{{ hostname }}"
@ -9,4 +14,3 @@
state: absent state: absent
ssh_keys: "{{ ssh_keys }}" ssh_keys: "{{ ssh_keys }}"
register: server register: server

14
roles/ssh/files/sshd_config Normal file
View File

@ -0,0 +1,14 @@
LogLevel INFO
LoginGraceTime 1m
PermitRootLogin no
StrictModes yes
MaxAuthTries 3
MaxSessions 2
PubkeyAuthentication yes
PasswordAuthentication no
KbdInteractiveAuthentication no
AllowAgentForwarding no
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no

7
roles/ssh/handlers/main.yaml Normal file
View File

@ -0,0 +1,7 @@
---
- name: start sshd
service:
name: sshd
state: restarted
async: 45
poll: 5

11
roles/ssh/tasks/main.yaml Normal file
View File

@ -0,0 +1,11 @@
---
- name: copy config file
copy:
src: sshd_config
dest: "/etc/ssh/"
- name: restart sshd
community.general.sysrc:
name: sshd_enable
value: "YES"
notify: restart sshd