This repository has been archived by the owner on Apr 20, 2022. It is now read-only.
Permalink
Show file tree
Hide file tree
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Add digitalocean as a provider for vagrant
I've got a slow-ass laptop, so deploying to digitalocean is faster, and cheap enough that I don't care. This sets some default passwords, which makes the box vulnerable, but the machine is short-lived and has no sensitive information so it shouldn't matter. Long-term, this should be fixed somehow.
- Loading branch information
Showing
9 changed files
with
51 additions
and
11 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| empress.ssh | ||
| =========== | ||
|
|
||
| Disables ssh `root` login. This improves security, but may get in the way if you | ||
| aren't using a `deploy` user. | ||
|
|
||
| Eventually, this should provide a number of common configurable tweaks for ssh, | ||
| like disabling password auth. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| --- | ||
| - name: restart ssh | ||
| service: name=ssh state=restarted |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| --- | ||
| - name: Update sshd config to disallow root logins | ||
| lineinfile: dest=/etc/ssh/sshd_config regexp=^PermitRootLogin line="PermitRootLogin no" state=present | ||
| notify: restart ssh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| --- | ||
| # Installs all the stuff that makes sense to use together for testing purposes | ||
| # eventually we may want to have multiple implementations of this to test common | ||
| # setups, eg. different vagrant configs for different sql backends. | ||
|
|
||
| - hosts: all | ||
| # user should be defined by vagrant | ||
| sudo: True | ||
| gather_facts: True | ||
| vars_files: | ||
| - vars/defaults.yml | ||
| - vars/testing.yml | ||
|
|
||
| roles: | ||
| - common | ||
| - mailserver | ||
| - tarsnap | ||
| # - mailpile # fix this |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters