Search
Automation
1 min read

Automation

dev's Picture
dev in homelab security automation

One of the most challenging aspects of keeping your homelab secure is consistency. It’s great to define a number of secure processes as we’ve done so far in other posts, but how do we ensure they are easy to apply and maintain. Personally I’ve avoided a number of tasks in the past simple due to the effort involved or forgetting to maintain a standard, and this is where automation comes in.

There are multiple automation toolsets available, but in this instance I’ll be using Ansible. Ansible allows you to define your homelab environment within a hosts file, and then execute various playbooks against all or specific hosts. You can automate practically any tasks you repeatedly perform within your homelab, from updating to creating new services. Below I’ve provided a number of playbook examples that cover some of the security processes we have put in place for our homelab.

As a first step, you will need to define your infrastructure of virtual machines within the host file - this is specific to your environment, so follow the instructions provided by Ansible.

Update all hosts

- name: Apt update
  hosts: "*"
  tasks:

    - name: Apt Update
      ansible.builtin.apt:
        update_cache: true
        upgrade: 'yes'

Install the Checkmk Monitoring Agent

- name: Checkmk Agent Install
  hosts: "*"
  become: true
  tasks:

    - name: Copy Agent
      ansible.builtin.copy:
        src: /path/to/check-mk-agent_2.3.0b1-1_all.deb
        dest: /tmp/
        mode: '0777'

    - name: Install Agent
      ansible.builtin.apt:
        deb: /tmp/check-mk-agent_2.3.0b1-1_all.deb
        update_cache: true
        # dpkg_options: 'i'

Configure SSH for certificate authentication

---
- name: SSH Setup
  hosts: "new"
  tasks:



    - name: Copy id_rsa.pub content to authorized_keys
      become: true
      ansible.builtin.copy:
        content: ""
        dest: "~/.ssh/authorized_keys"
        mode: "0600"

    - name: Disable password-based authentication in SSH
      become: true
      ansible.builtin.lineinfile:
        path: "/etc/ssh/sshd_config"
        regexp: '^(.*)PasswordAuthentication(.*)$'
        line: 'PasswordAuthentication no'

    - name: Disable root authentication in SSH
      become: true
      ansible.builtin.lineinfile:
        path: "/etc/ssh/sshd_config"
        regexp: '^(.*)PermitRootLogin(.*)$'
        line: 'PermitRootLogin no'

    - name: Enable pub key authentication in SSH
      become: true
      ansible.builtin.lineinfile:
        path: "/etc/ssh/sshd_config"
        regexp: '^(.*)PubkeyAuthentication(.*)$'
        line: 'PubkeyAuthentication yes'

    - name: Restart SSH
      become: true
      ansible.builtin.service:
        name: ssh
        state: restarted

You may also like

Network Basics
4 min read

Network Basics

How to setup your network for homelab-ing 101

dev's Picture
dev in homelab network security
Managing Services
5 min read

Managing Services

How to setup a foundation of success for your self-hosted services

dev's Picture
dev in homelab security
External Access
3 min read

External Access

How to safely enable access to your services from anywhere

dev's Picture
dev in homelab security cloudflare

Latest Posts

Network Basics
4 min read

Network Basics

dev's Picture
dev
Managing Services
5 min read

Managing Services

dev's Picture
dev

Explore Tags

automation cloudflare homelab network security