https://github.com/deadswitch404/ghost-automation

Ansible project for the orchestration of DeadSwitch Debian machines.
https://github.com/deadswitch404/ghost-automation

Last synced: 8 months ago
JSON representation

Ansible project for the orchestration of DeadSwitch Debian machines.

• Host: GitHub
• URL: https://github.com/deadswitch404/ghost-automation
• Owner: DeadSwitch404
• Created: 2025-09-15T09:11:42.000Z (9 months ago)
• Default Branch: main
• Last Pushed: 2025-09-26T07:32:53.000Z (9 months ago)
• Last Synced: 2025-09-26T09:27:37.593Z (9 months ago)
• Language: Jinja
• Size: 22.5 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.org

Awesome Lists containing this project

README

          
#+TITLE: Ghost Automation

#+AUTHOR: DeadSwitch | The Silent Architect

#+OPTIONS: toc:t num:t \n:nil

* Overview

Ghost Automation is the DeadSwitch infrastructure automation framework.

It's a self-contained Ghost Automation project.

It provides hardened, reproducible machine configurations using Ansible.

Every role is designed for security, minimalism, and validation.

The goal: any bare machine can be turned into the part of the

Ghost Infrastructure with one playbook.

* Structure

#+begin_example

playbooks/       → Entry point playbooks

roles/           → Modular roles (ds-*)

scripts/         → Scripts handling automation steps

ansible.cfg      → Ansible configuration

#+end_example

* Roles

| Role          | Purpose                                                              |

|---------------+----------------------------------------------------------------------|

| =ds-users=    | Create users, groups, and deploy SSH keys. Set the initial password. |

| =ds-sudo=     | Manage sudoers safely with validation.                               |

| =ds-ssh=      | Configure SSH access for users.                                      |

| =ds-firewall= | Manage firewall rules (default deny, explicit allow).                |

Each role ships with its own =README.org= describing variables, structure, and usage.

* Playbooks

- =play-configure-machine.yml= :: Base playbook to provision a host with all DeadSwitch roles.

Example usage:

#+begin_src shell

ansible-playbook -i inventories/hosts.yml playbooks/play-configure-machine.yml --ask-vault-pass

#+end_src

This playbook runs the baseline:

#+begin_example

- ds-users

- ds-sudo

- ds-ssh

- ds-firewall

#+end_example

* Inventories

Inventories must be organized as:

- =hosts.yml=    → main inventory of target machines

- =group_vars/=  → group-level variables

- =host_vars/=   → host-specific variables

Example =hosts.yml=:

#+begin_src yaml

ghost_infrastructure:

  ansible_host: 192.168.122.100

  ansible_user: switch

  ansible_ssh_private_key_file: /usr/share/keys/ghost_automation

#+end_src

* Development

- Use Python virtual environment (=.venv=) for isolation.

- Run =ansible-lint= and =yamllint= before commits.

- Future: Molecule scenarios for each role (test each role in isolation).

* Safety

- Sudo configurations validated with =visudo=.

- Groups are created before being assigned to users.

- SSH hardening applied cautiously to prevent lockouts.

- Firewall is deny-first, require explicit allow.

- Principle: *secure by default, flexible by variable*.

* License

MIT.

=[Fear the silence. Fear the switch.]=