Skip to content

straysheep-dev/ansible-configs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

223 Commits
.github/workflows
.github/workflows
 
 
aide
aide
 
 
build_atomic_node
build_atomic_node
 
 
build_kali_desktop @ 55311b7
build_kali_desktop @ 55311b7
 
 
build_tailscale_node
build_tailscale_node
 
 
build_ubuntu_desktop
build_ubuntu_desktop
 
 
build_wireguard_server
build_wireguard_server
 
 
configure_gnupg
configure_gnupg
 
 
configure_hashicorp_repos
configure_hashicorp_repos
 
 
configure_microsoft_repos
configure_microsoft_repos
 
 
configure_ssh @ 7659493
configure_ssh @ 7659493
 
 
configure_systemd_resolved
configure_systemd_resolved
 
 
deploy_pcap_service
deploy_pcap_service
 
 
deploy_uac @ 9d9811e
deploy_uac @ 9d9811e
 
 
hyperv_guest_tools
hyperv_guest_tools
 
 
install_ansible
install_ansible
 
 
install_auditd
install_auditd
 
 
install_chrome
install_chrome
 
 
install_dropbox
install_dropbox
 
 
install_mongodb @ ee667c1
install_mongodb @ ee667c1
 
 
install_openmediavault
install_openmediavault
 
 
install_packer
install_packer
 
 
install_pip @ 861bda7
install_pip @ 861bda7
 
 
install_pipx @ 5491455
install_pipx @ 5491455
 
 
install_powershell
install_powershell
 
 
install_sysmon
install_sysmon
 
 
install_unbound
install_unbound
 
 
install_vscode
install_vscode
 
 
install_ykman
install_ykman
 
 
inventory
inventory
 
 
inventory_openscap_utils
inventory_openscap_utils
 
 
manage_accounts
manage_accounts
 
 
manage_keys
manage_keys
 
 
rootkit_detection
rootkit_detection
 
 
unauthorized_keys
unauthorized_keys
 
 
unifi_network_server @ 4d3b430
unifi_network_server @ 4d3b430
 
 
update_packages @ 555e0c3
update_packages @ 555e0c3
 
 
.ansible-lint
.ansible-lint
 
 
.ansible-lint-ignore
.ansible-lint-ignore
 
 
.gitmodules
.gitmodules
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
auth.yml
auth.yml
 
 
debug.yml
debug.yml
 
 
playbook.yml
playbook.yml
 
 

Repository files navigation

ansible-configs

ansible-lint workflow shellcheck workflow

A collection of ansible roles.

Note

This repo started after seeing IppSec's parrot-build and wanting to make my own bash scripts more reliable and scalable.

The notes that were previously below are now maintained on my blog entry focused on Ansible usage in general, while this README will cover interacting with this repo specifically. That post will be updated regularly with new notes.

Cloning

Each role is being split off into its own repo (submodule) for easier maintenance and CI with molecule.

To clone everything, recursively:

# Clone this monorepo
git clone git@github.com:straysheep-dev/ansible-configs.git

# Pull in the latest pinned commits from all submodules
git submodule update --init --recursive

Modifying

In most cases all you need to change are the roles, groups, and vault information you're using. You can (and should) have multiple playbooks, inventories, and to a lesser extent, vaults, as a way to maintain states of various groups of machines.

Tip

Example Files

  • playbook.yml is an example playbook with comments documenting usage
  • debug.yml is for debugging and developing individual tasks in isolation
  • auth.yml is a plaintext sample of a vault file
  • inventory/ has .ini and .yml examples and documentation for building inventories

OpenSCAP Utils

The inventory_openscap_utils folder has it's own README.

It's effectively a set of scripts that provide a way to download and customize the existing Ansible playbooks related to STIG, CIS benchmarks, PCI-DSS, (and more) for system hardening without reinventing or needing to maintain forks of them. The reason here is, applying them without any modification will completely break a system in most cases. They're meant to be modified on a case-by-case basis for the system and environment. Custom forks were tried originally, but these playbooks are complex enough that this was necessary and has been a much easier way to maintain ready-to-use custom playbooks.

This is only possible due to Ansible tags, as the OpenSCAP playbooks tag all of their tasks. This makes it easy to tune and customize the existing playbooks available in the ComplianceAsCode/content project.

License

MIT

About

A collection of ansible roles.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages