67 lines
1.7 KiB
Text
67 lines
1.7 KiB
Text
---
|
|
### oefenweb.ufw
|
|
ufw_rules:
|
|
- rule: allow
|
|
to_port: 22
|
|
protocol: tcp
|
|
comment: 'ssh'
|
|
from_ip: 192.168.2.0/24
|
|
ufw_default_incoming_policy: deny
|
|
ufw_default_outgoing_policy: allow
|
|
|
|
### apt_install_packages
|
|
apt_packages_extra:
|
|
- qemu
|
|
- virt-manager
|
|
- tmux
|
|
- keychain
|
|
- jq
|
|
- vim
|
|
- cifs-utils
|
|
- nextcloud-desktop
|
|
- keepassxc
|
|
- openssh-server
|
|
- sshpass
|
|
- ansible
|
|
- linux-oem-22.04c
|
|
- vlc
|
|
- rofi
|
|
- wireguard
|
|
- wine
|
|
|
|
### mgrote_user
|
|
users:
|
|
- username: mg
|
|
password: "{{ lookup('keepass', 'mg_irantu_hash', 'password') }}"
|
|
update_password: always
|
|
groups: ssh, sudo
|
|
state: present
|
|
public_ssh_key: "{{ ssh_public_key_mg }}"
|
|
allow_sudo: true
|
|
allow_passwordless_sudo: true
|
|
- username: ansible-user
|
|
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
|
update_password: always
|
|
groups: ssh, sudo
|
|
state: present
|
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
|
allow_sudo: true
|
|
allow_passwordless_sudo: true
|
|
|
|
### mgrote.wireguard
|
|
wireguard_profiles:
|
|
- name: wg0
|
|
privatekey: "{{ lookup('keepass', 'wireguard_irantu_private_key', 'password') }}"
|
|
address: 10.25.25.4/24
|
|
dns: 192.168.2.37
|
|
publickey: yUDu0ReEz6CjFW6Ecoh2oN/eAGRtVQP38Bu5hJnv1w0=
|
|
allowedips: 192.168.2.0/24, 192.168.3.0/24
|
|
endpoint: mgrote.net:13231
|
|
- name: wg1
|
|
privatekey: "{{ lookup('keepass', 'wireguard_irantu_private_key', 'password') }}"
|
|
address: 10.25.25.4/24
|
|
dns: 192.168.2.37
|
|
publickey: yUDu0ReEz6CjFW6Ecoh2oN/eAGRtVQP38Bu5hJnv1w0=
|
|
allowedips: 0.0.0.0/0
|
|
endpoint: mgrote.net:13231
|
|
...
|