Digial Ocean Ansible Base

Creates a Digital Ocean droplet image with basic configuration and common dependencies using Ansible

Resulting Image Configuration

  • Installed packages and services

    • apt-transport-https
    • ca-certificates
    • ntp
    • iptables-persistent
    • dnsmasq
    • dopy
    • python-digitalocean
    • supervisor
    • unzip
    • dopy (fork that supports getting droplets by tag)
  • A generic user, "droplet-user"

    • member of sudo users
    • specified key added to authorized keys
  • Configure supervsiord to start on boot

  • Add iptables rules to only allow SSH, established, and loopback connections

  • Configure dnsmasq for contional forwarding for a private domain (see Private DNS Zone for details)

  • Disable remote root login

  • Add the API token to /etc/do/api_token.yml