mikepell/dsfin-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update readme

Browse Source 
Add info about fail2ban
Add instructions to copy hosts file up one level
This commit is contained in:
mikepell
2022-01-19 18:38:21 +00:00
parent 2c33ac7adb
commit 5b4528b2bb
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@@ -71,6 +71,8 @@ The Goal is to evenually be able to be a turnkey solution to spin up a "real" ne
* Provision a Samba Active Directory Domain Controller
* Provision a Samba Active Directory Domain Controller (secondary) - not tested
* Provision Samba memeber servers
* Fail2Ban
* Add Fail2Ban to block ssh attempts
## Getting Started
* Boot NOOBS and select the Raspbian Lite option:
@@ -85,13 +87,14 @@ The Goal is to evenually be able to be a turnkey solution to spin up a "real" ne
* execute _**sudo apt install -y ansible sshpass git**_
* get a copy of repo (requies github account, comcast VPN access, and configured git credentials)
* execute _**cd dsfin-ansible**_
* execute _**cp hosts ..**_ copy hosts file outide of git to prevent it from being overwritten on update
* execute _**ansible-galaxy collection install -r requirements.yml**_
* execute _**nano hosts**_ and follow the instructions in that file to add all of your Pi devices
* execute _**nano ../hosts**_ and follow the instructions in that file to add all of your Pi devices
* execute _**ssh-keygen -t rsa**_ you will need to press enter three times to accept the defaults
* execute _**PUBKEY="'$(<~/.ssh/id_rsa.pub)'" && ansible-playbook -i hosts deploy_authorized_keys.yml --ask-pass --extra-vars="pubkey=$PUBKEY"**_ it will prompt for the password which is still 'raspberry
* execute _**ansible-playbook -i hosts main.yaml --ask-become-pass**_ it will ask for the password which is still 'raspberry'
* execute _**PUBKEY="'$(<~/.ssh/id_rsa.pub)'" && ansible-playbook -i ../hosts deploy_authorized_keys.yml --ask-pass --extra-vars="pubkey=$PUBKEY"**_ it will prompt for the password which is still 'raspberry
* execute _**ansible-playbook -i ../hosts main.yaml --ask-become-pass**_ it will ask for the password which is still 'raspberry'
* after it completes without errors
* execute _**ansible-playbook -i hosts reboot.yaml**_ and wait for it to complete
* execute _**ansible-playbook -i ../hosts reboot.yaml**_ and wait for it to complete
* execute _**sudo reboot**_
At this point, the configuration of all of the Raspberry Pi devices will be completed and they will start generating traffic as configured while editing the hosts file.