mikepell/dsfin-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

update readme

Browse Source 
Add info about fail2ban
Add instructions to copy hosts file up one level
This commit is contained in:
mikepell
2022-01-19 18:38:21 +00:00
parent 2c33ac7adb
commit 5b4528b2bb
1 changed files with 7 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
README.md
View File

@@ -71,6 +71,8 @@ The Goal is to evenually be able to be a turnkey solution to spin up a "real" ne
* Provision a Samba Active Directory Domain Controller * Provision a Samba Active Directory Domain Controller
* Provision a Samba Active Directory Domain Controller (secondary) - not tested * Provision a Samba Active Directory Domain Controller (secondary) - not tested
* Provision Samba memeber servers * Provision Samba memeber servers
* Fail2Ban
* Add Fail2Ban to block ssh attempts
## Getting Started ## Getting Started
* Boot NOOBS and select the Raspbian Lite option: * Boot NOOBS and select the Raspbian Lite option:
@@ -85,13 +87,14 @@ The Goal is to evenually be able to be a turnkey solution to spin up a "real" ne
* execute _**sudo apt install -y ansible sshpass git**_ * execute _**sudo apt install -y ansible sshpass git**_
* get a copy of repo (requies github account, comcast VPN access, and configured git credentials) * get a copy of repo (requies github account, comcast VPN access, and configured git credentials)
* execute _**cd dsfin-ansible**_ * execute _**cd dsfin-ansible**_
* execute _**cp hosts ..**_ copy hosts file outide of git to prevent it from being overwritten on update
* execute _**ansible-galaxy collection install -r requirements.yml**_ * execute _**ansible-galaxy collection install -r requirements.yml**_
* execute _**nano hosts**_ and follow the instructions in that file to add all of your Pi devices * execute _**nano ../hosts**_ and follow the instructions in that file to add all of your Pi devices
* execute _**ssh-keygen -t rsa**_ you will need to press enter three times to accept the defaults * execute _**ssh-keygen -t rsa**_ you will need to press enter three times to accept the defaults
* execute _**PUBKEY="'$(<~/.ssh/id_rsa.pub)'" && ansible-playbook -i hosts deploy_authorized_keys.yml --ask-pass --extra-vars="pubkey=$PUBKEY"**_ it will prompt for the password which is still 'raspberry * execute _**PUBKEY="'$(<~/.ssh/id_rsa.pub)'" && ansible-playbook -i ../hosts deploy_authorized_keys.yml --ask-pass --extra-vars="pubkey=$PUBKEY"**_ it will prompt for the password which is still 'raspberry
* execute _**ansible-playbook -i hosts main.yaml --ask-become-pass**_ it will ask for the password which is still 'raspberry' * execute _**ansible-playbook -i ../hosts main.yaml --ask-become-pass**_ it will ask for the password which is still 'raspberry'
* after it completes without errors * after it completes without errors
* execute _**ansible-playbook -i hosts reboot.yaml**_ and wait for it to complete * execute _**ansible-playbook -i ../hosts reboot.yaml**_ and wait for it to complete
* execute _**sudo reboot**_ * execute _**sudo reboot**_
At this point, the configuration of all of the Raspberry Pi devices will be completed and they will start generating traffic as configured while editing the hosts file. At this point, the configuration of all of the Raspberry Pi devices will be completed and they will start generating traffic as configured while editing the hosts file.