Browse Source

A whole bunch of random playbooks I put together / used

pull/12/head
Zachary Seguin 7 years ago
parent
commit
4e08abe1e1
  1. 3
      .gitmodules
  2. 8
      disable-login.yml
  3. 16
      distribute-ssh-config.yml
  4. 8
      enable-login.yml
  5. 4
      files/nologin
  6. 25
      files/ssh_config
  7. 64
      files/sshd_config
  8. 1
      fingerprints/aspartame_rsa.pub
  9. 1
      fingerprints/auth1_ed25519.pub
  10. 1
      fingerprints/auth1_rsa.pub
  11. 1
      fingerprints/auth2_ed25519.pub
  12. 1
      fingerprints/auth2_rsa.pub
  13. 1
      fingerprints/bit-shifter_ed25519.pub
  14. 1
      fingerprints/bit-shifter_rsa.pub
  15. 1
      fingerprints/caffeine_ed25519.pub
  16. 1
      fingerprints/caffeine_rsa.pub
  17. 1
      fingerprints/cobalamin_ed25519.pub
  18. 1
      fingerprints/cobalamin_rsa.pub
  19. 1
      fingerprints/corn-syrup_ed25519.pub
  20. 1
      fingerprints/corn-syrup_rsa.pub
  21. 1
      fingerprints/dextrose_ed25519.pub
  22. 1
      fingerprints/dextrose_rsa.pub
  23. 1
      fingerprints/glomag_ed25519.pub
  24. 1
      fingerprints/glomag_rsa.pub
  25. 1
      fingerprints/gwem_ed25519.pub
  26. 1
      fingerprints/gwem_rsa.pub
  27. 1
      fingerprints/high-fructose-corn-syrup_ed25519.pub
  28. 1
      fingerprints/high-fructose-corn-syrup_rsa.pub
  29. 1
      fingerprints/mail_ed25519.pub
  30. 1
      fingerprints/mail_rsa.pub
  31. 1
      fingerprints/maltodextrin_ed25519.pub
  32. 1
      fingerprints/maltodextrin_rsa.pub
  33. 1
      fingerprints/munin_ed25519.pub
  34. 1
      fingerprints/munin_rsa.pub
  35. 1
      fingerprints/natural-flavours_ed25519.pub
  36. 1
      fingerprints/natural-flavours_rsa.pub
  37. 1
      fingerprints/nullsleep_ed25519.pub
  38. 1
      fingerprints/nullsleep_rsa.pub
  39. 1
      fingerprints/potassium-benzoate_ed25519.pub
  40. 1
      fingerprints/potassium-benzoate_rsa.pub
  41. 1
      fingerprints/rt_ed25519.pub
  42. 1
      fingerprints/rt_rsa.pub
  43. 1
      fingerprints/sodium-benzoate_ed25519.pub
  44. 1
      fingerprints/sodium-benzoate_rsa.pub
  45. 1
      fingerprints/strombola_ed25519.pub
  46. 1
      fingerprints/strombola_rsa.pub
  47. 1
      fingerprints/sucrose_ed25519.pub
  48. 1
      fingerprints/sucrose_rsa.pub
  49. 1
      fingerprints/taurine_ed25519.pub
  50. 1
      fingerprints/taurine_rsa.pub
  51. 8
      gather-ssh-fingerprints.yml
  52. 50
      generate-fingerprints
  53. 1
      generate-hosts
  54. 13
      hosts
  55. 12
      install-csc-packages.yml
  56. 8
      mount-scratch.yml
  57. 9
      mount-users.yml
  58. 12
      unmount-nfs.yml
  59. 14
      update-hosts.yml

3
.gitmodules vendored

@ -0,0 +1,3 @@
[submodule "generate-hosts"]
path = generate-hosts
url = /users/git/public/hosts.git

8
disable-login.yml

@ -0,0 +1,8 @@
---
- hosts: office general-use
remote_user: root
tasks:
- name: copy nologin
copy: src={{ item.src }} dest={{ item.dest }} backup=no
with_items:
- { src: 'files/nologin', dest: '/etc/nologin' }

16
distribute-ssh-config.yml

@ -0,0 +1,16 @@
---
- hosts: all
gather_facts: no
remote_user: root
tasks:
- name: generate ed25519 key
shell: ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' < /dev/null
args:
creates: /etc/ssh/ssh_host_ed25519_key
- name: copy ssh config
copy: src={{ item.src }} dest={{ item.dest }} backup=yes
with_items:
- { src: 'files/ssh_config', dest: '/etc/ssh/ssh_config' }
- { src: 'files/sshd_config', dest: '/etc/ssh/sshd_config' }
- name: restart sshd
service: name=ssh state=restarted

8
enable-login.yml

@ -0,0 +1,8 @@
---
- hosts: office general-use
remote_user: root
tasks:
- name: delete nologin
file: path={{ item }} state=absent
with_items:
- '/etc/nologin'

4
files/nologin

@ -0,0 +1,4 @@
***** ATTENTION *****
This machine is temporarily unavailable for system maintence.
See https://csclub.uwaterloo.ca/newsgroup/article.php?id=12268&group=uw.csc for more information.

25
files/ssh_config

@ -0,0 +1,25 @@
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
SendEnv LANG LC_*
GSSAPITrustDns yes
GSSAPIKeyExchange yes
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
UseRoaming no

64
files/sshd_config

@ -0,0 +1,64 @@
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use only protocol version 2
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,hmac-ripemd160,umac-128@openssh.com
# Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication
UsePAM yes
StrictModes yes
PermitRootLogin yes
LoginGraceTime 120
MaxStartups 25:30:100
# password authentication via PAM (single sign-on initial case)
PasswordAuthentication yes
PermitEmptyPasswords no
# keyboard-interactive authentication (like password, works with +needchange)
ChallengeResponseAuthentication yes
# kerberos (single sign-on already authenticated case)
GSSAPIAuthentication yes
GSSAPIKeyExchange yes
GSSAPICleanupCredentials yes
# public key authentication with authorized_keys
PubkeyAuthentication yes
# no single sign-on via hosts.equiv; we use kerberos
HostbasedAuthentication no
IgnoreRhosts yes
# no builtin kerberos auth with password, we do the same via pam_krb5
KerberosAuthentication no
# allow X forwarding
X11Forwarding yes
X11DisplayOffset 10
# PAM prints these already
PrintMotd no
PrintLastLog no
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

1
fingerprints/aspartame_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4TzqMpguUFMIly6HKTHpKKJrvJmIBWrS7FZSH0JCDsUrwzlYZQSTG1d0uCqO0NG0SV6GsdxcrucLRJajkidoB1RMgaZ/PPOK2a4o94aR09p9lBoE/MX9capCuybLg0EVc1/YTdRxM1wjP9f4Mjp6t5snTZ89RTAdPOg3MjFbveHHQceg0tYbOu3VlNMoove1gh0GBftmLobPnPzUgtMCJ3I2KcXpqTMUJSC01k23DG+M6sRQ7XjuG9P5Q0ly49qtt3p/NSeR6B/kETN3QiI8FQo5VoW2OP1Mpa4sNoBoBs55Wq4XYC1m1vyH3SqU8ExcrZqjI+LbJtYQGpH5BWySv root@aspartame

1
fingerprints/auth1_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAvLvnQ6Ocf/QjojRW5fPrROrsQvSr/8pRVQCNXphs4W root@auth1

1
fingerprints/auth1_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmdYsXyf24OrBn3ZTo1rWZt55ZnE6L5DGYgmvRqwTFlrr0GyqNKSUDu+QL4NlxVRMB8IMe4inpuRb7JZuO47IRqf/KCIgWLfpsd1CMflqc2rYRVYmra2JSQ10DHJb4VGbOqABhkeB4YeTPwImr/BG4FBOm7QCqIu16RzjANXjYtGZq/s72hUhnm4yV36BHtXXaI4Ji7i4IeT2onyxfZyFcC9DcP83GUFOGtjAMumDRpJ5ftek+147gfF3dSvaYj8esFZW4geMoKXBe3B9vYAgH8z4iNbMqDc7NAVOWsvf5dSKiegrIrovNWm6rVWqYAXluJ6nkt1i5wkkM776cUUCn root@aspartame

1
fingerprints/auth2_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJcYRda4/NglHpJDn9CadzN6gkO4ziUI1CZ4KZ6T76G root@auth2

1
fingerprints/auth2_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyXarBOhnkPR2cpeXPrSzBBFY5Wth7SRTuPtY0DLRsIVqAfJ/92pY79AWcvpM0DtoguMscc3iOWKhLpz5gxA3zPUOjloNMvGMHjUzC8Mwi0URJB9nbfpuE5+sHSLIcl26PbvHTTgL4WbsSypAxHNEe3Cc2uZ7JmGgccicXm6r7rQBICWmwQHjkB7rlXYNuY8Kni0lRDWNV45QUpab553wbBw0PZWmnjA1/ft8gN7ppXzBfvdPZy/OBal+7dUsCdBSsiCUu4Fowkqa5wzQP5JrfExmO3fp5mTTKWA1+ige2FJQoLhTtT6WuZ1MiMig2h/5itguxADP9X9/EFxVUsj05 root@auth2

1
fingerprints/bit-shifter_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODyyKCLjh71NswLcYdjjHkGgvUXnru5wvoojQYR2kwH root@bit-shifter

1
fingerprints/bit-shifter_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDzH2lcDDp7S3b42mbpdcO1FySgY0dZQjxn9+90RN9x7HPKIhmuppJ1dkbmUFiDix1NzhO8ea3q2/b7XTjtN19zQP4+sV7eNpLw6O4UjTGAhTc7rWFrDrcQ7i7UAh9iM+DfnQa4BkQHr9j2cjgbvemDaRKSvzJvZXAMYLCu4kIEc+K6Qeer/pj4fcv5bvPuq+/kSsrLLEN/QfShFeKhfpO7e8dGicMuOnvruXUs0pqUXQtmQ2Wyjzouo+al0LnEWkA+7Atm1pg/VHnYIyAtYO615oSd3ExeOrLhZc68klWx3SXzkgywNItOENsq32gVgExyl0yTfVLd3CKwn+3D8Vf root@bit-shifter

1
fingerprints/caffeine_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEl/7srK3RCWen+dBNiO1WfWQQqx4yVs+X6M/XRYPjml root@caffeine

1
fingerprints/caffeine_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzLf726SMtgFQODIFN0G2WhwMPW6A6zDvd+hLUZWsx5in1rdCAVgtBAnqSlIZQzG+VV6b7VF/vUFg0g8Iku4txwQzE2o0Edln6RWFcEgYgczCY/QdtQ358NyZQ75M/fzM3HyX62cTzkX/nXOLIxGs8O8lmCSRs0D2I5JW4XciFvH4tarlstCflfkiTitqOicpaU+bEKfnXlfbR6tWsm5dp0gFcowtabJnWkuMNxyFSURWfglTrIn/XsEbA9rMdPzSHkpbuibrP9TaRQt+hwph+0fOtb2TlQlH1wu4O8Xi0R/XqlWASjRrXHrU6bMSOqq9Ym4a6oBUDrZMdKdlH48xsQ== root@caffeine

1
fingerprints/cobalamin_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJT/8C2QZ5eRyIA6Q9ZdDS6naCf9raqEo7hZUhTm+Sm root@cobalamin

1
fingerprints/cobalamin_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDo5+jPDT0ak6Ox4vk+EPmxNsVgQuLK82IyKvvuPHZ2qJ27ZJ6a1YxE+WiwpmKkF4BfLC0bwMIY5PZ3IUZ+gfVxiA19kddEWa97kmntsOB2oirpv/Ewvv83KflVWwjIiMCS9BlbVwtzhfzaOUec0f7jsqQ1x/J2mvAEt81vgjFeWOqmxGhLQs8sZZzeqQBZyOHral5GvcIfvBbBMAhV8E7KuyjqQsGWqOdrEThEM7a/sNmmawI130PGlOIz6FKcnBZJWxpo0L26cGIEI92lvWRs/NWPaPDtyWuaamkP3PFedAc6kX6pnU+MqZldsbH6bDsPq1iOryU3y8WebdTBGVh9 root@cobalamin

1
fingerprints/corn-syrup_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJQYiN9/mUUBcJx4lOCnm9W9n91iKvAY5cfcnoRzNqKU root@corn-syrup

1
fingerprints/corn-syrup_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA1Y3qdNiwgOQzHXoDnRozSJ31eGoVYldmG3R2Rwa2rXNUwKVeVx612GxANjPaWrMyJ7bYEI1x7xtfdxKRcz94uumeqnR8cBTNKhxd1vtx0J64TcmezZqZdTAJZ11NVLRp+cuYPNDY62PNRtfjlkXMZ1BX1QFgNQdpARkXkLlDqAkkhaDVMhtXg2/3Z+xe5cizcwAjyeVjWlEpYrg+g2CKnpL6/hF9WZT3OLYsUDqVGZS0tDrS9nOuPuNQFdHZPUdaaNx7Lv+k8D4Yxeauc8EGGD2qEJ3xTh2P7FmaYbDc7s8GIYHa1lKh87ZULNyD6G5ieLYjSCjyHjVrmFVJM8woyw== root@corn-syrup

1
fingerprints/dextrose_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJakT99tON1ug7OGL8nAoelggn5kVIkU5ZJcgcYYQeDf root@dextrose

1
fingerprints/dextrose_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDkn3oIB0ubCLlriCIYFNR7z7i5wOm/GmPnt94eOjVk21RKzo4jJeczYX/OjvqNPTqeYgsOknoSjNPZ9EwkARe9XmhjIhRYsSrQeQH2i59WQTzg9EqnrdwuxHfEkO2X3CBBp6clftjONK8Wm7IwlfrUHssbTNczCuxyNrVP8hapXJuv69GQCqi4DTHEnswynjrh47iEgp0m/q7Q8leb98vfJd6a1fQrTqP7/+XJ6/h4cT5+tnwIC3BlnzzJYqzvK0FePYNZEf1TGFTZ2f5PzHAQo8IQQOLH2/Qiv43FgUSWanm3DO94C2IOO7vvHyZFXtktfmxoAGnm8E5ppEP6UR/3 root@dextrose

1
fingerprints/glomag_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxpuwKe9wYy992ulrBbTS8Ag0Y9YsBuFItwipix3mAA root@glomag

1
fingerprints/glomag_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdFFZ8VdVK0rtWAfTZdM5MoI6P+Lqpo8FPqeXK9crwxutbaTgyj8JHBayCCEVrPciuddJ181ysvEae1d/0kNykhvJBUPwWIi66s1yCU93TNYvjfpxYrMLuDrQa0dh6cjavdjRbbzoi96I1DCt90X7TbDQHKGglf1Kg3a+3QyDk9b1T4+goC5uiHHJaI7wpdSZp5v7a9F9cnMPAdHSeoKtzKf4M0umzEd+XEXJQQT/ZlxGaL0SGPBN/7Lz+7ddpI8r2ApOgSaiBLZD+64wJHks/BtXD3nzfn4V8a+JnMIJ0pNc4vPMJU4/kdIrW00jAHv5UG+q7Ke6p03EETtIUaHab root@glomag

1
fingerprints/gwem_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBDzFSHEDNnprhxJ9IvjtHvud65CEP28tTObEGMewGhg root@gwem

1
fingerprints/gwem_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEMf5K0/8T88rXxBZeTh1qkdR/QxpShJsSHeh2KbEyHLyhJn26tudtzZojD93xt+LeZvL+Hi0bEkWgfVEX3WWbmetrePjd9Mcz+E7ND38n2oGYl/ddcNlUcVm1J4R+YI6G9pPfOa66yHeYeWFXGZEJRsJbZjI1r64GOjsm2cLP0+V7xlwPPe7lQFOcCRbfyKBEVaeipn4MUzXS0bRra1hxxB745FrvauJtM6HUQcaey+NKOczt+9ZiXGuklj3/qrGsiMg5K3rmRYbQWAbA2OELPwthgX3uP4FzH6XWjo6qYSRZBhytQcgRS8vqdlux1kcL19QCiv5aP/FlwDl4qqf9 root@gwem

1
fingerprints/high-fructose-corn-syrup_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINx6o3+z5wJxIs9zYSvf/bwzsWI5Nm27Sf/F3kvp0aYs root@high-fructose-corn-syrup

1
fingerprints/high-fructose-corn-syrup_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/XkcWvw/JAagtCFymBySJpnPjx0Uk0KTDDtdwNqeHH4/GvN0R8KWQNLg/2eJpGNIt8geTyake7Hg879rrHEh4RZrDkz9Zu8yTrV8nGGf2tZ58NmEo0CQn7I3wziNcJHpl1MQUXmtua8buvUNL+l7F+yag3u+ElPeQd7KAUparF2n9pz06kK4U3XEvimgOnTqbJaqP39ki/EjmUhi0I6LvzpoOdA6/06IM+EkVi58l5mu1vBffUpzKQXIOSJf3j4y/zEYqEkO7rHWdZJn0CVMG+cfYxry+GC3CRonw5MdemzU3wd+e4KI/zsdvfXBJwqnhAIN6Jq1hbtodLZYODp/v root@high-fructose-corn-syrup

1
fingerprints/mail_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICyt77ru/ViAIvaw9Nca9zL8Gqv5VwNGZnW7LCQu+9WP root@mail

1
fingerprints/mail_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTas45BY/7HZjNUgwJtBSOMNVK+/eMM3r3EJyXMaNbnsSa0SrZgXmu0oA39uYHZD++ejn8tYsGqTtTHgIIcCAgrFWJykzGS35lq/t4YcqWqJLbTO2UiNwbi+VBEHWSRF5+vmYgO8ApuksULLsTy2PwfV6OoAqWtLiKcS2nmTRYuRqJlBNPkEVDjgREseRS+uFPK42cEhL3NNvHaHOxd5s9iamWFPVyH4s55MIASNMFzy3O3FD0Ewg60sTqBt1i4bqZcEC+ONYkm8/QFEJNcldIyn2XPN2FhfQ6QhCHnC/X1Z7ok2LFDsYo4rNd0eQrwIiK4KhwlwQg5/eJhTgbcig/ root@glomag

1
fingerprints/maltodextrin_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINpo9EqfEkFPRj6AVsk2XwGT9eM6OtnSRxfOrV/cdrOJ root@maltodextrin

1
fingerprints/maltodextrin_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDINydeWNmqn3PAtvR4mJwI1equy5a5QYmWLqbbU4g2BxMt/t231bP0/MSgjk2hDslu96aYUREZjx0bgx0M9dlcaiy7UqXESXL1wROPAGqH35F4ZLH1HRkxI6b2vfysh3F2bfh+6A30ItstyFh3N5BsJufE+S1iSyTVxdJ9SLLi/0mC7pOymV3HEVG/B4EgSqk4MDBYVPO+jI5iKwDbcitvnXq7MxGQT/Svr9QHfK5o8Drl3gD46ZhF7JtKQ0ewivcfPnulhQkraVo6CaqnXerUPXGZn2JSURh8IRL/xLj8mHuZ75/rpQZnsUdOXIGYMqEOIthL5j3HGXR6pg3lHKlf root@maltodextrin

1
fingerprints/munin_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIc2OFHM1FI9SLnd94+H8eExdmwRnQQO5axNZBdPR0Xk root@munin

1
fingerprints/munin_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGasfjpaAvGwIFaDUd7MVs+hlnXKbFuzz07lUkAH7LvtqQdfNi6ytBLar+xy52O2e8Dx1Id+zQIgy+69+mDY3ewJZ528CIlKTOutJIDQq9gr9NngZwVnz1Jhn5otFgRMcGRDjVcvU7Y+/krP1Tlty12Udi9Bxe0d3gbysMsQTmLqo/JgfjQ1TlfQqJbUQNFUESTX9lgxvRN+IZpI+924EphJ5dz5Yt9IP9D60BnLOPgG0Lo0QEUom6S32gE9aKSFp6Zd6bSTgMYM+zGRaLX36uwFF+SW36QxvhJOjoOXsTRJd0ASwcresqj1fIPhohYkwhpeBgR6O1uLSuhfklFY/z root@glomag

1
fingerprints/natural-flavours_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8aYjlkPSts9u/HHwG3MPWPqvYx1eQ8EyfsHdQZvQmH root@natural-flavours

1
fingerprints/natural-flavours_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxB8N1u+o/74IImggUHbW3l5TL6DhU2woDXxBS5h1e/tNlWpPWiAZUym8WQEARfPFwgKuz/lpGEPXHB4RjxBUO3XD06MqIltqAok231GB5JkjUxIV+0+prqNYn+69ddWGigNMHngy2x2K/hyb4nk2TmvqtYFPJAZvhv8YcVwQ6KZytWlOT0RtkLWr4NG+JpcUqFRbaAfD9Bb5xUTBmeEPTV2tE/XDOttA6unSl2bwZUhy6E5A5znk0/FashGCr/tpDeq2Sm7Fg4TGf/LX3TQU8myXL7aJxjOZlQ09LF/r4k8Vx7lQjZ6OF3UxIs52yrv5RaiIkCOb+FW6AlPSJZL9Jw==

1
fingerprints/nullsleep_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGEBbBWfDxURsUChomUCxt0cTXGt0tfLzcVDJrg50oK6 root@nullsleep

1
fingerprints/nullsleep_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzJXI0yFebeqYl1tZICq8+B4WVyO9d9BvegKFxHaABeITyRfGpx/fO9gO7RgVKlpvOPI3fPWM7OiMwi471QNZcsEUxXshYgNfdiNCaMHcEBFYOx12moKhE1mo/KKyCdfhxel6Lt2Nq2sE2HpMo59vfM768RUCBlAIQWvfMUusnD47TO+sH5fE+MycKxDRg55kjGBB/K3+y+EO8mJ1ZV5CISlMCh8EL5HeOf8zh/ZX5B7v5PYlbKcyGBef0YjOulAoEal3XuqVnEF99bdgFCMdd/rOa/Cgq/44lubMBgwux770K/pgPz5OktOTFreH19P1lVmnOLQi2nGVue3Ljw8A4w== root@nullsleep

1
fingerprints/potassium-benzoate_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQTR2Zui8kaLLiQeBFDkkvdVEJ6+rL9Ez2QIMWJgu0Z root@potassium-benzoate

1
fingerprints/potassium-benzoate_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO4ZqQ8XG7fmM1o6v6g3Ac+ljP6j4HnyrPA9dNjVWMxjM0KhxOtKWQZufAFcLBvmh/myK13cJnnrHYjq+ZIc4SH2LRTW/nu9Tdsj/BPbCiNQrAk8JLv4fJJVhysT3XWRlvJaN7xTwUdQ+EEPSHFj0KB5OevONwlNqQ+2GKGrkDRnslxY1Twgj+6WxGvY+mFBpid+v2K8ypb96zNOI2azwUvRMrFpgntRrqCiWbvsy4KZEikhSv/VumTb9YlyyjqMhqJgv7zKAbYf/VrlSHvO1pb9lbEGZmaS1P27m7sr5dfHMy5YeAG4NCwtsXXz8vz9zl9LzS08/Eb93rk7NiX17r root@potassium-benzoate

1
fingerprints/rt_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhh51yhgdLUI9bq69aqtw1rrPo/y8O5339gaBFEH2am root@rt

1
fingerprints/rt_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvHWacOC003Qkp9hzBOBeH52MvYJkvSSbRgKdmaUVR5HB/MlqPNnp3tfw1kF3gdtM0PUU1NbZ94c7rRWRWYIOavkNr6hXzDFHACX7VGub8Hg6024IuoVRnmvgDcm6rnRxedvhN4OLpXlePXcmbtXQ302861cyKXTAzup0O5hAbuEqGvUhtR8bt3ATW5ucYmU+JinlV6gMcCz6UH69X3dj037mu5IxLJoSaknT6v9Zm5tsK2EfFe6/CqLN6tKyBuBWegdcXTJ1hNVCAIL5Ayz3wqcuPcRV25hTFddcNXUYGSnwUUk2rO1sSb0X9/RQ/OiH5bdVtSel0gi28Ap5+d0jd root@rt

1
fingerprints/sodium-benzoate_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqTJmG62zeZGMmHOD+caw0XvGznpfhPaAJEJnWrMdRr root@sodium-benzoate

1
fingerprints/sodium-benzoate_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6rKVV1vf0TEM+80e2uCcsoTvoLQMNJHBvRnBIlrSBTZRctVFAydGLa4UhPdNIE/n/83DuVytZ4c0VS3ASi+7O+AA+NlW+KayKYnD6afzqxRrbMQPdOhFu4GN0q0MXJs3xIl1g0+OmI7RUdesvbZYJBY0uCsjH2Y6u/paqmTkMyr11Tk12iVEBvwnaH1HBdsN4ZnHGQWA58mUYZHBz1TxoGCp4o7vMStoOlJb5a2xS39RhPHp67lA5H0/51uwG6Lj5NHxr8w2OBst6722cxF2/fxl03LmEQM17uy9muiAi7igggO0Iu2IHMpNlanMRnkzypuGqKN1LHWJ1rJNr1MZlQ== root@sodium-benzoate

1
fingerprints/strombola_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINio3ZVd5liEjRwoKZLG5vJ71U1lxhNp+9ef1UOZU1mk root@strombola

1
fingerprints/strombola_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdMCT4oBL0p+ddF9oj0USvFfB7a5K05mFtJTGolw/UjlwjT3fPXkRSSiEGIDJ2JeIz6hJ8Zwx9lR08hsYKjL9PyTP28lq3x3xAGua5NUtPdabP2uilqp19w+j3soO8yayl7CYVg3WQ25y5yOMzthiIdsusoW7RK85FL91vbWhuMjThiYJ4m4kWJh4jr1k5bzPUISj860ZoNC93+jpABAH5eT+PV+Hp/1+AhifXAtaqKO+HrajeH70WdQehXr6KYrTmEMikOLeg8mjXhr63g7MlAH9mFhQfuOfTlGJIWyH5tMukBx+YX8RiCVCMizJcjcUYvxhuWh//MIwNtq3vFVFd root@strombola

1
fingerprints/sucrose_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxM7kOFiqijhaYQyXADyXk0ktjp4OvZTk/auOSuYltw root@sucrose

1
fingerprints/sucrose_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPDNlOisklAHEpwXuw+HhHK8WzNRX+unks07c5JPOwDHKdwNj/q0H3Jp1avsfGwwVM3P+mALxi0gk2GBCT4MvOuv0GLiNoKJWz4mwADZcCb7FEdKqlRdpckVcHRNJSIA5lRrkb6IlegF0o8f+y5c+zTZE/4Pa61bIIUvU0hS4rtdvIaCd9x066Rutgl3taQ2tW8btmK7F+pWoTKiaz9KTt0hUcr/SGSrMtI9VNdD1Dt7sAyTqYz6v2OLRlTTF1Q5u2eYlNy9s7dlwHrHrwNgGildU2S/WvIZ0hLBLfU5yCuOocJUGoQdjCA/IbHVnl5jFhDiEJ6eD6jo23nVFWwnNL root@sucrose

1
fingerprints/taurine_ed25519.pub

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFu35kh6YDpTfwmtFpdB8ZUl5hAy4l3q9QGCYL50JFD root@taurine

1
fingerprints/taurine_rsa.pub

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAx69z3QCtSccheSYSqpMHeJUuoco3rfNZfCNuopQDc87RRO9vhqMg1K8cE0RiViY8/ksQ0VDT3LC2WyBCa2p1NJ+TU+ZB4bKpcR0SAH1/pagZvaI+wXq4jYeGzZSHnh2Uh0n5Tt2AycU8sOGs2OyPP3/uYuXOa3DW52ooZsvV61pSJwB7Kne3P/MpXTsOC6zcENVnXypv5dWeWY/0jOYO2WMBkjIsYdqj/4sPx0IIIqR9OKGuxaDVbcXhkC7Uqz5NOQ8r/lfueojWePo2ExuJUsyzv5FFD9Lls3U+gjekTQvNZtyqcx1hCfEFn3Hz87wZvhV6F9394zEU9A0z8X8nMQ== root@taurine

8
gather-ssh-fingerprints.yml

@ -0,0 +1,8 @@
---
- hosts: all
tasks:
- name: get fingerprints
fetch: src={{ item.src }} dest={{ item.dest }} flat=yes
with_items:
- { src: '/etc/ssh/ssh_host_rsa_key.pub', dest: 'fingerprints/{{ ansible_hostname }}_rsa.pub' }
- { src: '/etc/ssh/ssh_host_ed25519_key.pub', dest: 'fingerprints/{{ ansible_hostname }}_ed25519.pub' }

50
generate-fingerprints

@ -0,0 +1,50 @@
#!/bin/bash
echo '<?xml version="1.0"?>'
echo '<!DOCTYPE cscpage SYSTEM "../csc.dtd">'
echo '<cscpage title="SSH Key Fingerprints">'
echo '<header />'
echo '<section title="Machine SSH Key Fingerprints">'
echo '<table>'
echo '<tr>'
echo '<th>Machine Name</th>'
echo '<th>Key Type</th>'
echo '<th>Fingerprint</th>'
echo '</tr>'
for host in $(ls fingerprints | egrep -oh '[^_]+' | egrep -v '.pub' | sort -u )
do
for ktype in rsa ed25519
do
none=0
sha256=$(ssh-keygen -lE sha256 -f fingerprints/${host}_${ktype}.pub)
md5=$(ssh-keygen -lE md5 -f fingerprints/${host}_${ktype}.pub)
if [ ! $? -eq 0 ]
then
none=1
fi
echo '<tr>'
echo '<td>' ${host} '</td>'
echo '<td>' ${ktype} '</td>'
if [ ${none} -eq 0 ]
then
echo '<td><pre>'
echo $(echo ${sha256} | awk '{print $2}')
echo $(echo ${md5} | awk '{print $2}')
echo '</pre></td>'
else
echo '<td><pre>(none)</pre></td>'
fi
echo '</tr>'
done
done
echo '</table>'
echo '</section>'
echo '<footer />'
echo '</cscpage>'

1
generate-hosts

@ -0,0 +1 @@
Subproject commit a0615c328ce0e82ee6f775edda45f1ffe30514cd

13
hosts

@ -12,3 +12,16 @@ maltodextrin.csclub.uwaterloo.ca
natural-flavours.csclub.uwaterloo.ca
nullsleep.csclub.uwaterloo.ca
strombola.csclub.uwaterloo.ca
[syscom]
aspartame.csclub.uwaterloo.ca
dextrose.csclub.uwaterloo.ca
auth1.csclub.uwaterloo.ca
auth2.csclub.uwaterloo.ca
cobalamin.csclub.uwaterloo.ca
glomag.csclub.uwaterloo.ca
mail.csclub.uwaterloo.ca
sodium-benzoate.csclub.uwaterloo.ca
potassium-benzoate.csclub.uwaterloo.ca
munin.csclub.uwaterloo.ca
rt.csclub.uwaterloo.ca

12
install-csc-packages.yml

@ -0,0 +1,12 @@
---
- hosts: office general-use
remote_user: root
gather_facts: no
tasks:
- name: Update apt cache
apt: update_cache=yes
- name: Install CSC packages
apt: name={{ item }} state=latest
with_items:
- ceo-python
- library

8
mount-scratch.yml

@ -0,0 +1,8 @@
---
- hosts: all
remote_user: root
tasks:
- name: mount NFS
command: mount {{ item }}
with_items:
- /scratch

9
mount-users.yml

@ -0,0 +1,9 @@
---
- hosts: all
remote_user: root
tasks:
- name: mount NFS
command: mount {{ item }}
with_items:
- /users
- /music

12
unmount-nfs.yml

@ -0,0 +1,12 @@
---
- hosts: all
remote_user: root
tasks:
- name: unmount NFS
command: umount -f {{ item }}
with_items:
- /scratch
- /users
- /music
- /video
- /backup

14
update-hosts.yml

@ -0,0 +1,14 @@
---
#- hosts: high-fructose-corn-syrup.csclub.uwaterloo.ca
- hosts: all
remote_user: root
gather_facts: no
tasks:
#- name: update hosts
# connection: local
# git: repo=~git/public/hosts.git dest=generate-hosts
#- name: generate hosts file
# connection: local
# shell: generate-hosts/generate-hosts.py < generate-hosts/hosts.in > generate-hosts/hosts
- name: copy hosts file
copy: src=generate-hosts/hosts dest=/etc/hosts backup=yes
Loading…
Cancel
Save