Skip to content
This repository has been archived by the owner on Apr 20, 2022. It is now read-only.
Permalink
Browse files Browse the repository at this point in the history
Add digitalocean as a provider for vagrant
I've got a slow-ass laptop, so deploying to digitalocean is faster, and
cheap enough that I don't care.

This sets some default passwords, which makes the box vulnerable, but
the machine is short-lived and has no sensitive information so it
shouldn't matter. Long-term, this should be fixed somehow.
  • Loading branch information
bgw committed Dec 3, 2014
1 parent 5ece50d commit 557e177
Show file tree
Hide file tree
Showing 9 changed files with 51 additions and 11 deletions.
18 changes: 15 additions & 3 deletions Vagrantfile
Expand Up @@ -9,13 +9,13 @@ Vagrant.configure("2") do |config|
config.vm.network "private_network", ip: "172.16.100.2"

config.vm.provision :ansible do |ansible|
ansible.playbook = "site.yml"
ansible.playbook = "test.yml"
ansible.host_key_checking = false
ansible.extra_vars = { ansible_ssh_user: "vagrant", testing: true }
ansible.extra_vars = { testing: true }

# ansible.tags = ["blog"]
# ansible.skip_tags = ["openvpn"]
# ansible.verbose = "vvvv"
ansible.verbose = "vvvv"
end

config.vm.provider :virtualbox do |v|
Expand All @@ -26,6 +26,18 @@ Vagrant.configure("2") do |config|
v.vmx["memsize"] = "256"
end

config.vm.provider :digital_ocean do |provider, override|
override.ssh.private_key_path = "~/.ssh/id_rsa"
override.vm.box = "digital_ocean"
override.vm.box_url = "https://github.com/smdahlen/vagrant-digitalocean/raw/master/box/digital_ocean.box"

provider.ssh_key_name = "TODO"
provider.token = "TODO"
provider.image = "debian-7-0-x64"
provider.region = "nyc3"
provider.size = "512mb"
end

#
# vagrant-cachier
#
Expand Down
3 changes: 0 additions & 3 deletions roles/common/handlers/main.yml
Expand Up @@ -6,6 +6,3 @@

- name: restart fail2ban
service: name=fail2ban state=restarted

- name: restart ssh
service: name=ssh state=restarted
4 changes: 0 additions & 4 deletions roles/common/tasks/security.yml
Expand Up @@ -15,7 +15,3 @@

- name: Ensure fail2ban is started
service: name=fail2ban state=started

- name: Update sshd config to disallow root logins
lineinfile: dest=/etc/ssh/sshd_config regexp=^PermitRootLogin line="PermitRootLogin no" state=present
notify: restart ssh
8 changes: 8 additions & 0 deletions roles/ssh/README.md
@@ -0,0 +1,8 @@
empress.ssh
===========

Disables ssh `root` login. This improves security, but may get in the way if you
aren't using a `deploy` user.

Eventually, this should provide a number of common configurable tweaks for ssh,
like disabling password auth.
3 changes: 3 additions & 0 deletions roles/ssh/handlers/main.yml
@@ -0,0 +1,3 @@
---
- name: restart ssh
service: name=ssh state=restarted
4 changes: 4 additions & 0 deletions roles/ssh/tasks/main.yml
@@ -0,0 +1,4 @@
---
- name: Update sshd config to disallow root logins
lineinfile: dest=/etc/ssh/sshd_config regexp=^PermitRootLogin line="PermitRootLogin no" state=present
notify: restart ssh
3 changes: 2 additions & 1 deletion site.yml
Expand Up @@ -7,10 +7,11 @@
gather_facts: True
vars_files:
- vars/defaults.yml
- vars/{{ 'testing' if testing is defined else 'user' }}.yml
- vars/user.yml

roles:
- common
- mailserver
- ssh
- tarsnap
# - mailpile # fix this
18 changes: 18 additions & 0 deletions test.yml
@@ -0,0 +1,18 @@
---
# Installs all the stuff that makes sense to use together for testing purposes
# eventually we may want to have multiple implementations of this to test common
# setups, eg. different vagrant configs for different sql backends.

- hosts: all
# user should be defined by vagrant
sudo: True
gather_facts: True
vars_files:
- vars/defaults.yml
- vars/testing.yml

roles:
- common
- mailserver
- tarsnap
# - mailpile # fix this
1 change: 1 addition & 0 deletions vars/testing.yml
Expand Up @@ -5,6 +5,7 @@
###############################################################################

# common
testing: true
domain: empress.local
main_user_name: empress
timezone: America/Los_Angeles
Expand Down

0 comments on commit 557e177

Please sign in to comment.