diff --git a/README.md b/README.md index f09196f..75aca5f 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,42 @@ # Ansible playbook to set up VPSs -An Ansible playbook to set up VPSs (for Opnxng). It applies to Debian-based servers in any arch. +An Ansible playbook to set up VPSs (for Opnxng). It applies to Debian-based servers in any architecture. -## Oracle Cloud +## Before running -To install Debian on Oracle Cloud, refer to [this documentation](ORACLECLOUD.md) +To install Debian on Oracle Cloud, refer to [this documentation](ORACLECLOUD.md). + +On a fresh Debian system, replace the default `debian` user: + +``` +# Give root account a password +sudo passwd root + +# Configurate SSHD to temporarily allow root login with password +sudo nano /etc/ssh/sshd_config.d/sshd.conf + +# Login as root, add new user and delete debian user +su root +sudo groupmod -n [user] debian +sudo usermod -l [user] debian +sudo usermod -d /home/[user] -m [user] +sudo passwd [user] +sudo userdel debian +sudo rm -r /home/debian + +# Switched [user] +su [user] +sudo passwd -dl root + +# Configurate SSHD again to allow [user] login and to set a custom port +sudo nano /etc/ssh/sshd_config.d/sshd.conf +``` ## Configurations You can modify the [packages to be installed](set-up.yml) and the [UFW rules](roles/ufw/tasks/main.yml). -Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](/opnxng/opnxng-set-up-playbook). +Passwords and other sensitive data are kept locally as encrypted variables in [secrets.yml](vars/secrets.example.yml). ## Contact Please contact us via [email](mailto:opnxng@tuta.io) if you discover any vulnerability or area for improvement in our infrastructure. We would truly appreciate it. \ No newline at end of file diff --git a/production b/staging similarity index 62% rename from production rename to staging index 18d6ea3..9e16310 100644 --- a/production +++ b/staging @@ -2,47 +2,28 @@ oracle: hosts: oracle1: ansible_host: [REDACTED] - wireguard_ip: 10.123.0.1 oracle2: ansible_host: [REDACTED] - wireguard_ip: 10.123.0.2 oracle3: ansible_host: [REDACTED] - wireguard_ip: 10.123.0.3 oracle4: ansible_host: [REDACTED] - wireguard_ip: 10.123.0.4 vars: ansible_ssh_private_key_file: [REDACTED] ansible_user: [REDACTED] ansible_ssh_port: [REDACTED] - - pipelining: true ansible_ssh_common_args: "-o StrictHostKeyChecking=no" - ansible_python_interpreter: /usr/bin/python3 - TZ: Asia/Singapore - wireguard_mask_bits: 24 - wireguard_port: [REDACTED] - # ---------------------------------------------------------------------------------------------------- cloudcompute: hosts: vultr: ansible_host: [REDACTED] - wireguard_ip: 10.123.0.5 vars: ansible_ssh_private_key_file: [REDACTED] ansible_user: [REDACTED] ansible_ssh_port: [REDACTED] - - pipelining: true ansible_ssh_common_args: "-o StrictHostKeyChecking=no" - ansible_python_interpreter: /usr/bin/python3 - - TZ: Asia/Singapore - - wireguard_mask_bits: 24 - wireguard_port: [REDACTED] + TZ: Asia/Singapore \ No newline at end of file diff --git a/vars/secrets.example.yml b/vars/secrets.example.yml new file mode 100644 index 0000000..65f5ca8 --- /dev/null +++ b/vars/secrets.example.yml @@ -0,0 +1,9 @@ +user: +ssh_port: +docker_dir: + +oracle_ipv4_cidr_block: + +wireguard_mesh_subnet: +wireguard_mesh_control_host: +wireguard_port: \ No newline at end of file