[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [metrics-cloud/master] Initial metrics-common role
commit b47f39094f05a2c9dc2d6298bb46698bb661d3f3
Author: Iain R. Learmonth <irl@xxxxxxxx>
Date: Thu Mar 26 15:48:18 2020 +0000
Initial metrics-common role
---
ansible/files/ssh_user_keys/acute | 1 +
ansible/files/ssh_user_keys/irl | 1 +
ansible/files/ssh_user_keys/karsten | 1 +
ansible/group_vars/all.yml | 2 +
ansible/group_vars/exit_scanners.yml | 15 ++++++
ansible/roles/metrics-common/files/vimrc.local | 2 +
ansible/roles/metrics-common/handlers/main.yml | 5 ++
ansible/roles/metrics-common/tasks/main.yml | 68 ++++++++++++++++++++++++++
8 files changed, 95 insertions(+)
diff --git a/ansible/files/ssh_user_keys/acute b/ansible/files/ssh_user_keys/acute
new file mode 100644
index 0000000..67462bd
--- /dev/null
+++ b/ansible/files/ssh_user_keys/acute
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChdcj+GLhTme17lt8hKRSx5T5jrJlPlWsNSSK+Dnh594jLea0i/soYT+GimvGqrlZOOknSLDWHlnePa8K9nYm5hElDodmXbTCq2X4YyZ7OgMBKORSmuu5PD9d7MECDPhprPi1p6v6vk2BCjjL2QjOsxYeu5Dj89qcX009oIx+6lVlBD4SRfMyDYPOLf8UYx1ALLYdZ8Ruzl63ERJEG4mZrleZT8ZnrsN706xKVth01oacXTpvGxEtlakDAAoZoeWtucJj3vgVY+Edga54pRUb+0HGzTSPi6qJ/pgn2H1hZCklJLOP1saJemsOHi26IDyB3JNr2JbDGNOMhCNWcK3Kw3DOL9VkHJSbK+70SU7s/vFntL62D2blX/mzUFa1vf/4kh6390WKW535RmPs//bcKmWPQ4zCgpqMi3qn9Bm3ZJfgLYE2aMfMW5rjgGYRhft3tLuHRnGSUHVJwtBEMzD1PLIrIAFU32VRBqTX+v+xwVTKHujtdXP5gCSJwY6WKyTeFOfvz/HfS8DD8pZwciGfObI3hlprVbGQv6gUokaYH9/X9wj98hwfDWctJbMTmG6B/X7xiukzxnzUhA7Ijo7jpQKS3zfps0TD2GpyGnBnFZ5PzYqh1/vYtR/4+zS+56GNCgR3yAKMwwm3wixeF7ATmEG40eVdf6BtlxFCoZVFKvQ== cardno:00060490456
diff --git a/ansible/files/ssh_user_keys/irl b/ansible/files/ssh_user_keys/irl
new file mode 100644
index 0000000..8aebcf5
--- /dev/null
+++ b/ansible/files/ssh_user_keys/irl
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAnbNRJMRawMMgT8GJ9qOl5aIFGEwsdVeMTQxlpkYFsRMWERDxQLsU4X1pF9MP3U70qeeHTu1E+hVHFUWxFsMOm/f/1BaWzh9ODHx8DkLnP1OUdC8veQqVpPVUOmw4v68z0dotxiNE4g1h4+HBHJNt+hTcns6AdjuVKSV614EQPvmKn0DJJQc5CZY5r4fy8fz2W+7cmI5F3U6kF4snLSO0IwOb26PQCa6+Cw20aBihcsGks8mT6tMX70vr/XEtDSTOSKftTS6jjZ1ifnimR5sQ5JZpFnRL8HhxuhrnwgwLT+chkc7C/luv9H4+FXhRi/B6Me0XODXVtyhyWMhaUwN2AUv7Hr319kyKtwALvU/zTJXoqtFpYN7k3OHjYA15ZKwxGf+Pukl+10zZtT0V372UjVOxT5fuYPt6FykkKtIxbyiRHP0yXIMuIsfHtTqLiwKgDChiNb2oPI3NwxTFuuj0eO5eXYDDeuXXEDLIPg/2YCvpxaXf/PC+K3A4GgTb1l39KTMJxmh8/4HgVWZmi+gDJvVU3/SfujhSzRhlWBMeK2nACRwdCI7OFsCsh9GYEkCz/5w53M5/pBZnJeub1GnmnRso6cD+oP2v15yVWSMQVWj9YwifmQbSj8SyyL29wCgSyC28MfKvKWOfyulw3JjZicDTvaVAh1i6HteUB62E5Q== cardno:000606634751
diff --git a/ansible/files/ssh_user_keys/karsten b/ansible/files/ssh_user_keys/karsten
new file mode 100644
index 0000000..8aebcf5
--- /dev/null
+++ b/ansible/files/ssh_user_keys/karsten
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDAnbNRJMRawMMgT8GJ9qOl5aIFGEwsdVeMTQxlpkYFsRMWERDxQLsU4X1pF9MP3U70qeeHTu1E+hVHFUWxFsMOm/f/1BaWzh9ODHx8DkLnP1OUdC8veQqVpPVUOmw4v68z0dotxiNE4g1h4+HBHJNt+hTcns6AdjuVKSV614EQPvmKn0DJJQc5CZY5r4fy8fz2W+7cmI5F3U6kF4snLSO0IwOb26PQCa6+Cw20aBihcsGks8mT6tMX70vr/XEtDSTOSKftTS6jjZ1ifnimR5sQ5JZpFnRL8HhxuhrnwgwLT+chkc7C/luv9H4+FXhRi/B6Me0XODXVtyhyWMhaUwN2AUv7Hr319kyKtwALvU/zTJXoqtFpYN7k3OHjYA15ZKwxGf+Pukl+10zZtT0V372UjVOxT5fuYPt6FykkKtIxbyiRHP0yXIMuIsfHtTqLiwKgDChiNb2oPI3NwxTFuuj0eO5eXYDDeuXXEDLIPg/2YCvpxaXf/PC+K3A4GgTb1l39KTMJxmh8/4HgVWZmi+gDJvVU3/SfujhSzRhlWBMeK2nACRwdCI7OFsCsh9GYEkCz/5w53M5/pBZnJeub1GnmnRso6cD+oP2v15yVWSMQVWj9YwifmQbSj8SyyL29wCgSyC28MfKvKWOfyulw3JjZicDTvaVAh1i6HteUB62E5Q== cardno:000606634751
diff --git a/ansible/group_vars/all.yml b/ansible/group_vars/all.yml
new file mode 100644
index 0000000..bbdb0bf
--- /dev/null
+++ b/ansible/group_vars/all.yml
@@ -0,0 +1,2 @@
+---
+metrics_users: ['irl', 'karsten', 'acute']
diff --git a/ansible/group_vars/exit_scanners.yml b/ansible/group_vars/exit_scanners.yml
new file mode 100644
index 0000000..e2e69b5
--- /dev/null
+++ b/ansible/group_vars/exit_scanners.yml
@@ -0,0 +1,15 @@
+---
+metrics_dependency_pkgs:
+ - git
+ - python-dnspython
+ - curl
+ - gettext
+ - golang-go
+ - build-essential
+ - python-dateutil
+metrics_backport_pkgs:
+ - python-stem
+ - python3-stem
+metrics_service_users:
+ - {name: tordnsel, uid: 1532, home: "/home/tordnsel", linger: yes}
+ - {name: check, uid: 1507, home: "/home/check", linger: yes}
diff --git a/ansible/roles/metrics-common/files/vimrc.local b/ansible/roles/metrics-common/files/vimrc.local
new file mode 100644
index 0000000..afd5ae0
--- /dev/null
+++ b/ansible/roles/metrics-common/files/vimrc.local
@@ -0,0 +1,2 @@
+let g:skip_defaults_vim = 1
+set mouse=
diff --git a/ansible/roles/metrics-common/handlers/main.yml b/ansible/roles/metrics-common/handlers/main.yml
new file mode 100644
index 0000000..5e8c155
--- /dev/null
+++ b/ansible/roles/metrics-common/handlers/main.yml
@@ -0,0 +1,5 @@
+---
+- name: "reload sshd"
+ service:
+ name: sshd
+ state: reloaded
diff --git a/ansible/roles/metrics-common/tasks/main.yml b/ansible/roles/metrics-common/tasks/main.yml
new file mode 100644
index 0000000..aa1d962
--- /dev/null
+++ b/ansible/roles/metrics-common/tasks/main.yml
@@ -0,0 +1,68 @@
+---
+- name: set timezone to UTC
+ timezone:
+ name: UTC
+- name: enable password-less sudo for sudo group
+ lineinfile:
+ path: /etc/sudoers
+ regexp: '^%sudo'
+ line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+ validate: 'visudo -cf %s'
+- name: create metrics users
+ user:
+ name: "{{ item }}"
+ password: "*"
+ with_items: "{{ metrics_users }}"
+- name: ensure users are in correct primary group and sudo group
+ user:
+ name: "{{ item }}"
+ group: "{{ item }}"
+ append: yes
+ groups: "sudo"
+ with_items: "{{ metrics_users }}"
+- name: disable root password
+ user:
+ name: root
+ password: '*'
+- name: set up authorized keys
+ authorized_key:
+ user: "{{ item }}"
+ state: present
+ exclusive: yes
+ key: "{{ lookup('file', 'ssh_user_keys/' + item) }}"
+ with_items: "{{ metrics_users }}"
+- name: sshd PermitRootLogin=no
+ lineinfile:
+ dest: "/etc/ssh/sshd_config"
+ regexp: "^#?PermitRootLogin"
+ line: "PermitRootLogin prohibit-password"
+ state: present
+ notify: "reload sshd"
+- name: sshd PasswordAuthentication=no
+ lineinfile:
+ dest: "/etc/ssh/sshd_config"
+ regexp: "^#?PasswordAuthentication"
+ line: "PasswordAuthentication no"
+ state: present
+ notify: "reload sshd"
+- name: install vim defaults
+ become: true
+ when: ansible_distribution == 'Debian' or ansible_distribution == 'Ubuntu'
+ copy:
+ src: vimrc.local
+ dest: /etc/vim/vimrc.local
+- name: add backports repository
+ apt_repository:
+ repo: 'deb http://http.debian.net/debian {{ ansible_distribution_release }}-backports main contrib non-free'
+ state: present
+- name: install dependency packages
+ apt:
+ pkg: "{{ metrics_dependency_pkgs }}"
+ state: latest
+ update_cache: yes
+- name: install dependency (backport) packages
+ apt:
+ pkg: "{{ metrics_backport_pkgs }}"
+ state: latest
+ update_cache: yes
+ default_release: "{{ ansible_distribution_release }}-backports"
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits