added preseed.cfg as template

2018-12-17 15:31:05 +01:00 · 2018-12-17 15:31:05 +01:00 · 448583dd63
commit 448583dd63
parent 32ec533c3f
3 changed files with 27 additions and 106 deletions
--- a/provision.yml
+++ b/provision.yml
@ -6,70 +6,9 @@
  tasks:
    - name: "Install necessary packages"
      apt:
-        name: ['sudo', 'mailutils', 'fail2ban', 'apache2', 'python-pip']
+        name: ['apache2', 'python-pip']
        update_cache: "yes"
        state: "present"
      tags: [ "apt", "sudo" ]
    - name: "Add tanguy to sudoers"
      user:
        name: "tanguy"
        groups: "sudo"
        append: yes
      tags: [ "sudo" ]
    - name: "Upload fail2ban config"
      copy:
        src: "files/jail.local"
        dest: "/etc/fail2ban/"
        owner: "root"
        group: "root"
      tags: [ "firewall" ]
    - name: "Restart fail2ban"
      service:
        name: "fail2ban"
        state: "restarted"
      tags: [ "firewall" ]
    - name: "Upload update_script.sh"
      copy:
        src: "files/update_script.sh"
        dest: "/usr/sbin/update_script.sh"
        owner: "root"
        group: "root"
        mode: "755"
      tags: [ "scripts" ]
    - name: "Upload update_script"
      copy:
        src: "files/update_script"
        dest: "/etc/cron.d/update_script"
        owner: "root"
        group: "root"
      tags: [ "scripts" ]
    - name: "Upload check_crontab.sh"
      copy:
        src: "files/check_crontab.sh"
        dest: "/usr/sbin/check_crontab.sh"
        owner: "root"
        group: "root"
        mode: "755"
      tags: [ "scripts" ]
    - name: "Run check_crontab.sh to create save file"
      command: "bash /usr/sbin/check_crontab.sh"
      tags: [ "scripts" ]
    - name: "Upload check_crontab"
      copy:
        src: "files/check_crontab"
        dest: "/etc/cron.d/check_crontab"
        owner: "root"
        group: "root"
      tags: [ "scripts" ]
    - name: "Create .ssl directory"
      file:
        path: "/home/tanguy/.ssl"
        state: "directory"
      tags: [ "ssl" ]
    - name: "Installing pyOpenSSL python lib"
      pip:
        name: "pyOpenSSL"
      tags: [ "ssl" ]
    - name: "Generate ssl private key"
      openssl_privatekey:
        path: "/home/tanguy/.ssl/server.key"
--- a/temp.yml
+++ b/temp.yml
@ -10,4 +10,8 @@
      template:
        src: "templates/init.yml.j2"
        dest: "init.yml"
    - name: "Template preseed.cfg"
      template:
        src: "templates/preseed.cfg.j2"
        dest: "preseed.cfg"
--- a/templates/preseed.cfg.j2
+++ b/templates/preseed.cfg.j2
@ -6,7 +6,7 @@
 #    By: tmaze <tmaze@student.42.fr>                +#+  +:+       +#+         #
 #                                                 +#+#+#+#+#+   +#+            #
 #    Created: 2018/12/15 12:46:55 by tmaze             #+#    #+#              #
-#    Updated: 2018/12/16 17:04:51 by tmaze            ###   ########.fr        #
+#    Updated: 2018/12/17 15:09:33 by tmaze            ###   ########.fr        #
 #                                                                              #
 #******************************************************************************#
@ -60,46 +60,7 @@ d-i clock-setup/utc boolean true
 d-i time/zone string Europe/Paris
 d-i clock-setup/ntp boolean true
-# use lvm partitioning
+# no partitioning
 d-i partman-auto/method string regular
 d-i partman-lvm/device_remove_lvm boolean true
 d-i partman-lvm/device_remove_md boolean true
 d-i partman-lvm/confirm boolean true
 d-i partman-lvm/confirm_nooverwrite boolean true
 # use the following partition scheme on /dev/sda
 d-i partman-auto/disk string /dev/sda
 d-i partman-auto/choose_recipe select boot-root
 # /boot 500M ext4
 # swap 2G
 # /tmp 2G ext4
 # /var/log 4G ext4
 # / 8G+ ext4
 d-i partman-auto/expert_recipe string               \
 	boot-root::                                     \
 		953 953 954 linux-swap                      \
 			$primary{ }                             \
 			method{ swap } format{ }                \
 		.                                           \
 		3900 3900 4005 ext4                         \
 			$primary{ }                             \
 			method{ format } format{ }              \
 			use_filesystem{ } filesystem{ ext4 }    \
 			mountpoint{ / }                         \
 		.                                           \
 	   2670 2670 -1 ext4                            \
 			$primary{ }                             \
 			method{ format } format{ }              \
 			use_filesystem{ } filesystem{ ext4 }    \
 			mountpoint{ /home }						\
 		.                                           \
 # don't confirm anything
 d-i partman-partitioning/confirm_write_new_label boolean true
 d-i partman/choose_partition select finish
 d-i partman/confirm boolean true
 d-i partman/confirm_nooverwrite boolean true
 # setup non-free and contrib repositories
 d-i apt-setup/non-free boolean true
@ -109,7 +70,7 @@ d-i apt-setup/contrib boolean true
 tasksel tasksel/first multiselect standard, ssh-server
 # also install the htop package
-d-i pkgsel/include string emacs git sudo wget curl
+d-i pkgsel/include string emacs git sudo mailutils fail2ban wget
 # upgrade all packages
 d-i pkgsel/upgrade select full-upgrade
@ -122,8 +83,25 @@ d-i grub-installer/only_debian boolean true
 d-i grub-installer/with_other_os boolean true
 d-i grub-installer/bootdev  string /dev/sda
-d-i preseed/late_command string curl -o /target/etc/network/interfaces http://e3r5p4.42.fr:3000/files/interfaces
+d-i preseed/late_command string wget -O/target/etc/network/interfaces http://{{ ansible_default_ipv4.address }}:3000/files/interfaces;\
-d-i preseed/late_command string curl -o /target/etc/ssh/sshd_config http://e3r5p4.42.fr:3000/files/sshd_config_1
+						 		wget -O/target/etc/ssh/sshd_config http://{{ ansible_default_ipv4.address }}:3000/files/sshd_config_1;\
 								mkdir /target/etc/iptables;\
 								touch /target/etc/iptables/rules.v4;\
 								wget -O/target/etc/iptables/rules.v4 http://{{ ansible_default_ipv4.address }}:3000/files/firewall.conf;\
 								touch /target/etc/cron.d/update_script;\
 								wget -O/target/etc/cron.d/update_script http://{{ ansible_default_ipv4.address }}:3000/files/update_script;\
 								touch /target/etc/cron.d/check_crontab;\
 								wget -O/target/etc/cron.d/check_crontab http://{{ ansible_default_ipv4.address }}:3000/files/check_crontab;\
 								touch /target/usr/sbin/update_script.sh;\
 								chmod 755 /target/usr/sbin/update_script.sh;\	
 								wget -O/target/usr/sbin/update_script.sh http://{{ ansible_default_ipv4.address }}:3000/files/update_script.sh;\
 								touch /target/usr/sbin/check_crontab.sh;\
 								chmod 755 /target/usr/sbin/check_crontab.sh;\
 								wget -O/target/usr/sbin/check_crontab.sh http://{{ ansible_default_ipv4.address }}:3000/files/check_crontab.sh;\
 								touch /target/etc/fail2ban/jail.local;\
 								wget -O/target/etc/fail2ban/jail.local http://{{ ansible_default_ipv4.address }}:3000/files/jail.local;\
 								wget -O/target/etc/hosts http://{{ ansible_default_ipv4.address }}:3000/files/hosts;\
 								echo "roger-skyline-1" > /target/etc/hostname;
 # don't wait for confirm, just reboot when finished
 d-i finish-install/reboot_in_progress note