generated from acch/ansible-boilerplate
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbootstrap-workstation.sh
executable file
·35 lines (26 loc) · 1.09 KB
/
bootstrap-workstation.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/bin/sh
# This script bootstraps a workstation by creating an Ansible user.
bootstrap_workstation() {
# wrap this script in a function, so that it doesn't fail due to network issues during curl
set -e # fail on first error
set -o xtrace # print executed commands
if [ "$EUID" -ne 0 ]; then
echo "Must be run as root."
exit 1
fi
# This will undo the changes that this script makes.
# rm -rf ~ansible && userdel ansible
echo "Installing an SSH server..."
dnf install -y openssh-server
firewall-cmd --add-service=ssh --zone=public --permanent
echo "Creating Ansible user..."
useradd ansible -mr -G wheel -c "Ansible Admin"
echo "Allowing ansible to use sudo without a password..."
echo '%ansible ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/ansible-can-sudo-without-password
echo "Installing Ansible's SSH key..."
install -d 700 ~ansible/.ssh
echo 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ94eDys1WjAJXC5FU/iZsDApHwRIqNmO2Ptuh/hOJGc ansible' >> ~ansible/.ssh/authorized_keys
chmod 600 ~ansible/.ssh/authorized_keys
chown -R ansible ~ansible/.ssh
}
bootstrap_workstation