diff --git a/README.md b/README.md index 99555b9..b09d14b 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,8 @@ The Goal is to evenually be able to be a turnkey solution to spin up a "real" ne * Provision a Samba Active Directory Domain Controller * Provision a Samba Active Directory Domain Controller (secondary) - not tested * Provision Samba memeber servers +* Fail2Ban + * Add Fail2Ban to block ssh attempts ## Getting Started * Boot NOOBS and select the Raspbian Lite option: @@ -85,13 +87,14 @@ The Goal is to evenually be able to be a turnkey solution to spin up a "real" ne * execute _**sudo apt install -y ansible sshpass git**_ * get a copy of repo (requies github account, comcast VPN access, and configured git credentials) * execute _**cd dsfin-ansible**_ + * execute _**cp hosts ..**_ copy hosts file outide of git to prevent it from being overwritten on update * execute _**ansible-galaxy collection install -r requirements.yml**_ - * execute _**nano hosts**_ and follow the instructions in that file to add all of your Pi devices + * execute _**nano ../hosts**_ and follow the instructions in that file to add all of your Pi devices * execute _**ssh-keygen -t rsa**_ you will need to press enter three times to accept the defaults - * execute _**PUBKEY="'$(<~/.ssh/id_rsa.pub)'" && ansible-playbook -i hosts deploy_authorized_keys.yml --ask-pass --extra-vars="pubkey=$PUBKEY"**_ it will prompt for the password which is still 'raspberry - * execute _**ansible-playbook -i hosts main.yaml --ask-become-pass**_ it will ask for the password which is still 'raspberry' + * execute _**PUBKEY="'$(<~/.ssh/id_rsa.pub)'" && ansible-playbook -i ../hosts deploy_authorized_keys.yml --ask-pass --extra-vars="pubkey=$PUBKEY"**_ it will prompt for the password which is still 'raspberry + * execute _**ansible-playbook -i ../hosts main.yaml --ask-become-pass**_ it will ask for the password which is still 'raspberry' * after it completes without errors - * execute _**ansible-playbook -i hosts reboot.yaml**_ and wait for it to complete + * execute _**ansible-playbook -i ../hosts reboot.yaml**_ and wait for it to complete * execute _**sudo reboot**_ At this point, the configuration of all of the Raspberry Pi devices will be completed and they will start generating traffic as configured while editing the hosts file.