Initial commit - Security operations and hardening tools

- Added Ansible playbooks for security hardening (UFW, Fail2Ban) - Implemented SSH key management and host synchronization tools - Created UFW hardening scripts and network security configurations - Added Cockpit-Traefik reverse proxy setup documentation 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-27 09:35:58 +10:00
commit 97be5c8a54
11 changed files with 435 additions and 0 deletions
--- a/copy_ssh_keys.sh
+++ b/copy_ssh_keys.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+INVENTORY="inventory.ini"
+KEY_PATH="$HOME/.ssh/id_rsa.pub"
+
+if [ ! -f "$KEY_PATH" ]; then
+  echo "❌ SSH public key not found at $KEY_PATH"
+  exit 1
+fi
+
+# Start ssh-agent if not already running
+eval "$(ssh-agent -s)" >/dev/null
+ssh-add
+
+# Extract IPs from [popos] group
+HOSTS=$(awk '/^\[popos\]/ {flag=1; next} /^\[.*\]/ {flag=0} flag && NF' "$INVENTORY" | awk '{print $1}')
+
+echo "📡 Distributing SSH key to:"
+echo "$HOSTS"
+echo
+
+for HOST in $HOSTS; do
+  echo "🔑 Copying key to $HOST..."
+  ssh-copy-id -i "$KEY_PATH" "tony@$HOST"
+done
+
+echo "✅ SSH key copied to all hosts in [popos]"