Digial Ocean Ansible Base

Creates a Digital Ocean droplet image with basic configuration and common dependencies using Ansible

Resulting Image Configuration

Installed packages and services

  • apt-transport-https
  • ca-certificates
  • ntp
  • iptables-persistent
  • dnsmasq
  • dopy
  • python-digitalocean
  • supervisor
  • unzip
  • dopy (fork that supports getting droplets by tag)

Created user, "droplet-user"

  • member of sudo users
  • specified key added to authorized keys

Other System Configurations

  • Configure supervsiord to start on boot
  • Add iptables rules to only allow SSH, established, and loopback connections
  • Configure dnsmasq for contional forwarding for a private domain (see Private DNS Zone on Github README for details)
  • Disable remote root login
  • Add the API token to /etc/do/api_token.yml

0 Comments