update ansible roles

ansible/roles/apt/defaults/main.yml

@@ -8,6 +8,11 @@ apt_packages:
   - nmap
   - sysstat
   - vim
+  - gnupg
+  - software-properties-common
+  - psmisc
+  - sudo
+  - mosh
 
 apt_install_packages: false
 apt_update_packages: true

ansible/roles/configure-nomad/tasks/main.yml

@@ -41,25 +41,3 @@
     enabled: yes
     state: started
   when: ansible_check_mode == false
-
-- name: Check nomad status
-  become: true
-  shell: nomad status
-  register: nomad_status
-  when: ansible_check_mode == false
-
-- name: Print nomad status
-  debug:
-    msg: '{{ nomad_status.stdout }}'
-  when: ansible_check_mode == false
-
-- name: Check nomad members
-  become: true
-  shell: nomad server members
-  register: nomad_members
-  when: ansible_check_mode == false
-
-- name: Print nomad members
-  debug:
-    msg: '{{ nomad_members.stdout }}'
-  when: ansible_check_mode == false

ansible/roles/ssh/defaults/main.yml

@@ -6,6 +6,9 @@ github_users:
   - user: mojito
     # omitting account variable won't add any github keys to the user.
     account: DistroByte 
-    groups: [sudo, docker]
+    groups: [sudo]
+  - user: slatt
+    account: cawnj
+    groups: [sudo]
 
 github_url: https://github.com

ansible/roles/ssh/tasks/main.yml

@@ -17,16 +17,39 @@
   with_items: "{{ github_users }}"
 
 - name: Ensure authorized_keys for GitHub user accounts are present
+  become: true
   authorized_key:
     user: "{{ item.user | default(item) }}"
     key: "{{ github_url }}/{{ item.account | default('') }}.keys"
     manage_dir: true
+    state: present
     exclusive: False
   with_items: "{{ github_users }}"
-  ignore_errors: yes
+  ignore_errors: true
   register: task_result
   failed_when: "'blah' in task_result"
 
 - name: Tell user to generate openVPN configuration for users
   debug:
     msg: "Please generate openVPN configuration for users: {{ task_result.results | map(attribute='item') | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/vpn/ for more information."
+
+- name: Copy configuraion to host
+  become: true
+  ansible.builtin.copy:
+    src: templates/sshd_config.j2
+    dest: /etc/ssh/sshd_config
+    force: true
+
+- name: Restart sshd
+  become: true
+  service:
+    name: sshd
+    state: restarted
+
+- name: Inform user to add password for account
+  debug:
+    msg: "Please add a password for the following accounts: {{ github_users | map(attribute='user') | list | join(', ') }}. See https://docs.redbrick.dcu.ie/aperture/ssh/ for more information."
+
+# - name: Remove user account
+#   debug:
+#     msg: 'ansible -i hosts all -m user -a "name={{ user }} state=absent remove=true" --become"'

ansible/templates/nomad-client.hcl

@@ -15,4 +15,4 @@ plugin "docker" {
       enabled = true
     }
   }
-}
+}

ansible/templates/sshd_config.j2

@@ -0,0 +1,22 @@
+Include /etc/ssh/sshd_config.d/*.conf
+
+ChallengeResponseAuthentication no
+
+UsePAM no
+
+X11Forwarding yes
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem       sftp    /usr/lib/openssh/sftp-server
+Port 22
+
+PermitRootLogin no
+PubkeyAuthentication yes
+AuthorizedKeysFile %h/.ssh/authorized_keys
+PasswordAuthentication yes
+PermitEmptyPasswords no
+GSSAPIAuthentication no
+AuthenticationMethods publickey,password
+
+Match address 10.10.0.0/24,10.8.0.0/24,10.230.0.0/16,136.206.15.0/24,136.206.16.0/24
+  AuthenticationMethods publickey password