Atomic commit

.gitignore

+.idea
+.vs
+.code
+.template
+.venv
\ No newline at end of file

ansible.cfg

+[defaults]
+inventory = inventory.yml
+forks = 30
+host_key_checking = False
+#strategy = free
+nocows=1
+cow_selection=stegosaurus
+[ssh_connection]
+retries=4
\ No newline at end of file

bootstrap.sh

+#!/usr/bin/env bash
+
+AUTH="bootstrapper:6cDoVsyYzzDE6fLi5MTB"
+
+git clone \
+  https://${AUTH}@git.sch.bme.hu/kszk/sysadmin/ansible/ansci.git \
+  .template \
+  || (cd .template && git pull)
+
+exec .template/playbook-template/bootstrap.sh
+

bootstrap.yml

+---
+- hosts: vms
+  tags: bootstrap
+  tasks:
+    - name: Create users
+      import_tasks: tasks/users.yml
+    - name: Setup motd
+      import_tasks: tasks/motd.yml
+    - name: install stuff
+      import_tasks: tasks/install.yml
+
+- hosts: vsalgo-router
+  gather_facts: no
+  connection: network_cli
+  tags: nat
+  tasks:
+    - name: Vyos nat generator
+      import_tasks: tasks/vyos.yml
\ No newline at end of file

files/ascii-art.txt

+
+     
+     
+                                    ,,╓╖æææφφæææ╖╖,,
+                              ,φΦ▓╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫▓Φæ┐
+                          ╓Φ▓╫╫╫╫╫╫╫╫▓╣╝╝╝╜╜╜╜╜╝╝╣▓╫╫╫╫╫╫╫╫╫Φ╖
+                      ,╖▓╫╫╫╫╫╫▌╜"`                  `"╜╣╫╫╫╫╫╫▓╗,
+                    ╓╣╫╫╫╫╫▌╜`                            `╙╣╫╫╫╫╫▓╖
+                  ╔▓╫╫╫╫▌┘                                    ╙╣╫╫╫╫╫╗
+                ╓▓╫╫╫╫Å`                                        `╝╫╫╫╫╫φ
+              ,╣╫╫╫╫▀                                              ╝╫╫╫╫▓
+             ╓╫╫╫╫▓^                                                `╣╫╫╫╫w
+            ╓╫╫╫╫▌                                                    ║╫╫╫╫N
+           ╓╫╫╫╫▌           ╓╫╫▌                             Φ▓Φ       ║╫╫╫╫φ
+          .╫╫╫╫▌            ╫╫▓                             ╣╫╫M        ║╫╫╫╫∩
+          ╣╫╫╫╫            ╢╫╫                             ╓╫╫▌          ╫╫╫╫▓
+         .╫╫╫╫▀           ╓╫╫╛                            .╫╫▓           ║╫╫╫╫L
+         ║╫╫╫╫            ▓╫▌        ║╫╫╫@          ,,,   ╣╫╫             ╫╫╫╫▌
+         ╣╫╫╫╫           ╢╫╫   ,╖æ  .╫╫╫▌    ,╗╣▓╫╫╫╫╫╫╫╡║╫╫Ñ   ,ææ       ╫╫╫╫╫
+         ╣╫╫╫╫          ┌╫╫Γ,æ▓╫╝   ╣╫╫▓     '╝╝╝╜╢╫╫╫╫M,╫╫╫ ,φ▓╫▓┘       ╫╫╫╫╫
+         ║╫╫╫╫          ▓╫╫▓╫╣╜    ╓╫╫╫╡        ╓╣╫╫╫▀  ▓╫╫▌╣╫╫▓┘         ╫╫╫╫▌
+         ╘╫╫╫╫L        ║╫╫╫╫╜     ,╫╫╫╫▓      ╓▓╫╫╫Å   ║╫╫╫╫╫▌`          ╣╫╫╫╫
+          ╫╫╫╫▓       .╫╫╫╫╫φ    ,▓╫▀╫╫╫φ   ╗▓╫╫╫╝    ┌╫╫╫╫╫╫┐         ╓▓╫╫╫╫┘
+          ╘╫╫╫╫φ      ╣╫╫╛╚╫╫W,╓╬╫╫▓ ║╫╫╫ ╓▓╫╫╫▓╖╗╖┐  ▓╫╫▌║╫╫╫µ ,,,╖╗╣╫╫╫╫╫▌
+           ╢╫╫╫╫┐    ┌╫╫M   ╚▓╫╫╫▓╫╫╫╣╫╫▓ ╫╫╫╫╫╫╫╫╫▓┘║╫╫▌  ╣╫╫╫╫╫╫╫╫╫╫╫╫▓╜
+            ╣╫╫╫╫┐   '╝`           ╙╝╣╣╝  `╙╜╙"^`    ╣╫▌    ╙╣╫╫╫╫▓▀╝╜`
+             ╣╫╫╫╫W
+              ╚╫╫╫╫▓,
+               `╣╫╫╫╫Φ,
+                 ╙▓╫╫╫╫▓w                                      ┌╣▓╖
+                   ╙╣╫╫╫╫╫Φ,                                ,#▓╫╫╫╫▓
+                     `╝╫╫╫╫╫╫▓╗,                        ,╖╣╫╫╫╫╫╫Å`
+                        `╝▓╫╫╫╫╫╫╫▓φ╗╖,,        ,,╓╖φ╣╫╫╫╫╫╫╫▓╝`
+                            "╜╣╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫╫▓╝"
+                                 `╙╜╝╣▓╫╫╫╫╫╫╫╫╫╫▓╣╝╜╙`
+     
+     
+    
+

files/motd.sh

+#!/bin/sh
+
+# !!!
+# {{ ansible_managed }}
+# !!!
+
+# source: http://patorjk.com/software/taag/#p=display&f=Standard&t=KSZK%20server
+cat /etc/kszk-logo

inventory.yml

+all:
+  hosts:
+    "[1:30].kepzes23":
+      ansible_user: terraform
+      ansible_become: yes
+    vsalgo-router:
+      ansible_user: norbey
+      ansible_python_interpreter: /usr/bin/python3
+      ansible_network_os: vyos.vyos.vyos
+      ansible_connection: network_cli
+      ansible_ssh_host: 152.66.209.61
+      ansible_ssh_private_key_file: /home/norbey/.ssh/keys.d/kszk-vsalgo.key
+    vms:
+      hosts:
+        "[1:30].kepzes23": {}
+    router:
+      hosts:
+        vsalgo-router: {}
+
+
+

requirements.galaxy.yml

+---
+roles:
+  - mariancraciun1983.corosync_pacemaker
+  - jmcvetta.passwordless-sudo
+  - src: git@git.sch.bme.hu:kszk/ansible/roles/kszk_host.git
+    scm: git
+    ref: 0.1.0
+    name: kszk.host
+

tasks/install.yml

+---
+- name: update shits
+  apt:
+    update_cache: yes
+    upgrade: yes
+- name: Install mike's shits
+  apt:
+    name:
+      - neovim
+      - mc
+      - nano
+      - git
+      - net-tools
+      - python3
+      - iproute2
+      - mtr
+      - tmux
+      - htop
+      - dnsutils
+      - tcpdump
+      - rsync
+      - tree
+      - curl
+      - wget
+      - jq
+      - unzip
+    state: present
\ No newline at end of file

tasks/motd.yml

+- name: setup motd
+  copy:
+    src: ascii-art.txt
+    dest: /etc/kszk-logo
+    mode: 0755
+
+- name: setup motd
+  copy:
+    src: motd.sh
+    dest: /etc/update-motd.d/01-banner
+    mode: 0755
\ No newline at end of file

tasks/users.yml

+- name: create user
+  user:
+    name: "{{ item }}"
+    state: present
+    groups: [ sudo ]
+    create_home: yes
+    shell: /bin/bash
+  with_items:
+    - norbey
+    - mike
+
+- name: add key
+  authorized_key:
+    user: "{{ item.name }}"
+    key: "{{ item.key }}"
+  with_items:
+    - name: norbey
+      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEeaa9d1+v//m+n5FxHgq57I+oPAjLhXIG4WtZejLq2v norbey@lego
+    - name: mike
+      key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVHRlgZ+UTSBCChrpYTzOhLek9r9CcoNPoE2EcFXvz0 mike@curiosity
+
+- name: create user
+  user:
+    name: "{{ item }}"
+    state: present
+    groups: [ sudo ]
+    create_home: yes
+    shell: /bin/bash
+    password: "$6$gbrioghz8hgegnwe$W6hvaazHFUDwHLOE501ml7FD5vuKPgwlvuG3v2ZJcgYOwj1ohw2T3bBCUL96N1aiKlqE9Wg//Z4na.RqgCGYk1"
+  with_items:
+    - kepzodo

tasks/vyos.yml

+- name: vyos-config
+  vyos_config:
+    lines:
+      - set nat destination rule {{ 100+item|int }} translation address 192.168.69.{{ item|int  }}
+      - set nat destination rule {{ 100+item|int }} destination address 152.66.209.61
+      - set nat destination rule {{ 100+item|int  }} translation port 22
+      - set nat destination rule {{ 100+item|int  }} inbound-interface eth0
+      - set nat destination rule {{ 100+item|int  }} protocol tcp
+      - set nat destination rule {{ 100+item|int  }} destination port {{ 10000 + (item|int)  }}
+  with_sequence: 1-30
+
+- name: vyos-confifg
+  vyos_config:
+    lines:
+      - set firewall name FR-W-FWD rule 100 destination port 22
+      - set firewall name FR-W-FWD rule 100 destination address 192.168.69.0/24
+      - set firewall name FR-W-FWD rule 100 protocol tcp
+      - set firewall name FR-W-FWD rule 100 action accept
+    save: yes
\ No newline at end of file