home lab init

ansible/books/tasks/keyboard.yml

@@ -0,0 +1,2 @@
+- name: Set keyboard layout
+  ansible.builtin.command: localectl set-keymap dk

ansible/books/tasks/locale.yml

@@ -0,0 +1,10 @@
+- name: Ensure locale is set
+  ansible.builtin.locale_gen:
+    name: "en_DK.UTF-8"
+    state: present
+
+- name: Set system locale
+  ansible.builtin.command: localectl set-locale LANG=en_DK.UTF-8
+
+- name: Set timezone
+  ansible.builtin.command: timedatectl set-timezone Europe/Copenhagen

ansible/books/tasks/packages.yml

@@ -0,0 +1,8 @@
+- name: Install required packages
+  ansible.builtin.apt:
+    name:
+      - python3
+      - curl
+      - git
+    state: present
+    update_cache: yes

ansible/books/tasks/ssh.yml

@@ -0,0 +1,14 @@
+- name: Ensure user plasmagoat exists
+  ansible.builtin.user:
+    name: plasmagoat
+    groups: wheel,docker,networkmanager
+    shell: /usr/bin/zsh
+    state: present
+
+- name: Set authorized SSH keys for plasmagoat
+  ansible.posix.authorized_key:
+    user: plasmagoat
+    key: "{{ item }}"
+  loop:
+    - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCeg/n/..."
+    - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICUP7m8jZJ..."

ansible/books/tasks/users.yml

@@ -0,0 +1,16 @@
+- name: Disable PasswordAuthentication in sshd_config
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^PasswordAuthentication"
+    line: "PasswordAuthentication no"
+
+- name: Disable KbdInteractiveAuthentication in sshd_config
+  ansible.builtin.lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: "^KbdInteractiveAuthentication"
+    line: "KbdInteractiveAuthentication no"
+
+- name: Restart sshd to apply changes
+  ansible.builtin.service:
+    name: ssh
+    state: restarted