more work, get rid of jail stuff, using vps directly

2024-11-16 11:16:54 +01:00 · 2024-11-16 11:16:54 +01:00 · 5a0e645bed
commit 5a0e645bed
parent 9c2c43730a
9 changed files with 64 additions and 7 deletions
--- a/5
+++ b/5
@ -14,6 +14,8 @@ DEBUG_COMMAND = ansible-playbook debug.yaml -i inventory

 ENV = HCLOUD_TOKEN="$(TOKEN)" SNAPSHOT="$(SNAPSHOT)" ANSIBLE_VERBOSITY=$(verbose)

+all: create deploy
+
 debug:
 	$(ENV) $(DEBUG_COMMAND)

@ -23,9 +25,6 @@ create:
 hosts:
 	$(ENV) $(HOSTS_COMMAND)

-all: create
-	$(ENV) $(DEPLOY_COMMAND)
-
 deploy:
 	$(ENV) $(DEPLOY_COMMAND)

--- a/TODO.md
+++ b/TODO.md
@ -1,5 +1,7 @@
 ## Install tarball

+### clean known_host doesnt work
+
 ### install from tarball example:

 ```yaml
--- a/create.yaml
+++ b/create.yaml
@ -1,3 +1,19 @@
+- name: Create the home volume
+  hosts: localhost
+  connection: local
+  # FIXME: create volume role
+  tasks:
+    - name: Create the home volume
+      hetzner.hcloud.volume:
+        # FIXME: put to vars
+        # FIXME: add mount to server
+        # FIXME: gpart create -s GPT da1 && gpart add -t freebsd-zfs -l storage -a 1M da1 && zpool create -f home da1
+        name: home
+        location: fsn1
+        format: ext4
+        size: 100
+        state: present
+
 - name: Create BSDNIX Servers
  hosts: vps
  connection: local
@ -8,6 +24,7 @@

 # during testing  the ip addresses  change all  the time, so  tune the
 # known_hosts file accordingly after setup
+# FIXME: doesn't work correctly yet
 - name: Add/cleanup public keys of all vps' to known_hosts file
  hosts: localhost
  connection: local
@ -23,3 +40,5 @@
        state: present
      loop: "{{ ssh_known_hosts | map('extract', hostvars, ['ipv6']) | list }}"
      become: no
+
+
--- a/deploy.yaml
+++ b/deploy.yaml
@ -7,5 +7,6 @@
    - role: server
    - role: network
    - role: firewall
-    - role: jails
-    - role: pubnix
+    - role: ssh
+    #- role: jails
+    #- role: pubnix
--- a/roles/pubnix/tasks/main.yaml
+++ b/roles/pubnix/tasks/main.yaml
@ -33,7 +33,7 @@
  register: jailip
      
 - name: create jail
-  shell: "bastille create -V {{ role_name }} {{ release }} {{ jailip.stdout }}/64 vtnet0"
+  shell: "bastille create -B {{ role_name }} {{ release }} {{ jailip.stdout }}/64 bridge0"
  args:
    creates: /usr/local/bastille/jails/{{ role_name }}

--- a/roles/remove/tasks/main.yaml
+++ b/roles/remove/tasks/main.yaml
@ -1,4 +1,9 @@
 ---
+- name: Remove volume
+  hetzner.hcloud.volume:
+    name: home
+    state: absent
+
 - name: Remove server
  hcloud_server:
    name: "{{ hostname }}"
@ -9,4 +14,3 @@
    state: absent
    ssh_keys: "{{ ssh_keys }}"
  register: server
-
--- a/roles/ssh/files/sshd_config
+++ b/roles/ssh/files/sshd_config
@ -0,0 +1,14 @@
+LogLevel INFO
+LoginGraceTime 1m
+PermitRootLogin no
+StrictModes yes
+MaxAuthTries 3
+MaxSessions 2
+PubkeyAuthentication yes
+PasswordAuthentication no
+KbdInteractiveAuthentication no
+AllowAgentForwarding no
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+
--- a/roles/ssh/handlers/main.yaml
+++ b/roles/ssh/handlers/main.yaml
@ -0,0 +1,7 @@
+---
+- name: start sshd
+  service:
+    name: sshd
+    state: restarted
+  async: 45
+  poll: 5
--- a/roles/ssh/tasks/main.yaml
+++ b/roles/ssh/tasks/main.yaml
@ -0,0 +1,11 @@
+---
+- name: copy config file
+  copy:
+    src: sshd_config
+    dest: "/etc/ssh/"
+
+- name: restart sshd
+  community.general.sysrc:
+    name: sshd_enable
+    value: "YES"
+  notify: restart sshd