This project is used to maintain my personal webserver
It is fully configured from scratch using a default ubuntu server installation with ssh-server. It is assumed there is a user 'superman' that can use sudo without a password.
> cd ~/virtualenvs/
> virtualenv ansible
> source ansible/bin/activate
> pip install --upgrade pip
> pip install --upgrade setuptools
> pip install ansible
> ansible-galaxy install dev-sec.ssh-hardening
> ansible-galaxy install angstwad.docker_ubuntu
> ssh-keygen -t rsa -b 4096 -C "rik" -f id_rsa_rik
> ssh-keygen -t rsa -b 4096 -C "superman" -f id_rsa_superman
Assume a default ubuntu server 16.04 installed with only ssh-server and a user 'superman' that can sudo and has a known password.
> ansible-playbook site.yml --ask-pass --ask-sudo-pass
The initial run sets up the users, sudo (without password), hardens the os and ssh setup
> ssh -i .ssh/id_rsa_superman_asible superman@<hostname>
> ssh -i .ssh/id_rsa_rik rik@<hostname>
You can now ssh to the machine with ssh keys. So use this when installing
> ansible-playbook site.yml --ask-sudo --private-key .ssh/id_rsa_superman