backlog

Dinth · Jul 23, 2024 · 2ae02b3 · 2ae02b3
1 parent 397aa6e
commit 2ae02b3
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 12 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,5 @@
 /.master_passwd
+/.cert
+/roles/files/certs/id_ed25519_ansible
 /inventory/group_vars/all.yaml
-/ansible.log
+/ansible.log
diff --git a/ansible.cfg b/ansible.cfg
@@ -3,6 +3,7 @@ inventory = ./inventory/all.yaml
 log_path = ./ansible.log
 retry_files_enabled = False
 vault_password_file = ./.master_passwd
+private_key_file = ./.cert
 
 [connection]
 pipelining = True

diff --git a/inventory/all.yaml b/inventory/all.yaml
@@ -19,6 +19,9 @@ all:
               - michal
               - paulina
               - macadmin
+            ssh_users:
+              - michal
+              - macadmin
         linux:
           hosts:
             dinth-mint:
@@ -30,29 +33,33 @@ all:
             users:
               - dinth
               - root
+            ssh_users:
+              - dinth
+              - root
 
     servers:
       hosts:
         r720-omv:
           ansible_host: 10.10.1.13
           ansible_user: root
-          ansible_password: "{{ r720_omv_pass }}"
+#          ansible_password: "{{ r720_omv_pass }}"
         rpi-streamdeck:
           ansible_host: 10.10.25.41
           ansible_user: dinth
-          ansible_password: "{{ rpi_streamdeck_pass }}"
+#          ansible_password: "{{ rpi_streamdeck_pass }}"
           ansible_become_pass: "{{ rpi_streamdeck_pass }}"
         raspberrypi-hyperion:
           ansible_host: 10.10.25.20
           ansible_user: dinth
-          ansible_password: "{{ raspberrypi_hyperion_pass }}"
+#          ansible_password: "{{ raspberrypi_hyperion_pass }}"
           ansible_become_pass: "{{ raspberrypi_hyperion_pass }}"
         r230-proxmox:
           ansible_host: 10.10.1.16
           ansible_user: dinth
-          ansible_password: "{{ r230_proxmox_pass }}"
+#          ansible_password: "{{ r230_proxmox_pass }}"
           ansible_become_pass: "{{ r230_proxmox_pass }}"
       vars:
         users:
           - root
-          - dinth
+        ssh_users:
+          - root
diff --git a/roles/configure_ansible.yaml b/roles/configure_ansible.yaml
diff --git a/roles/configure_ssh.yaml b/roles/configure_ssh.yaml
@@ -1,7 +1,17 @@
 - name: Configure SSH on endpoints
   hosts: all
-  vars:
-    users:
-      - dinth
-      - root
-  tasks:
+  tasks:
+    - name: "Deploy public certificates | authorized_keys"
+      ansible.posix.authorized_key:
+        user: "{{ item }}"
+        state: present
+        key: https://github.com/dinth.keys
+        exclusive: true
+      loop: "{{ ssh_users}}"
+    - name: "Deploy private certificates | copy"
+      ansible.builtin.copy:
+        src:
+        dest: "/{% if ansible_distrubtion == 'MacOSX' %}Users{% else %}home{% endif %}/"
+        decrypt: yes
+        mode: 0600
+#      when: inventory_hostname in groups['workstations']
diff --git a/roles/configure_vim.yaml b/roles/configure_vim.yaml
@@ -26,4 +26,4 @@
     - editor
     - vi
     - vim
-    when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Linux Mint'
+    when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Linux Mint'
diff --git a/roles/configure_zsh.yaml b/roles/configure_zsh.yaml
@@ -31,6 +31,12 @@
       path: "~/.oh-my-zsh"
     register: oh_my_zsh_stat
     loop: "{{ users }}"
+  - name: Sets ZSH as default shell | user
+    become: true
+    ansible.builtin.user:
+      name: "{{ item }}"
+      shell: /bin/zsh
+    loop: "{{ users }}"
   - name: Installs Oh My ZSH | shell
     become: true
     become_user: "{{ item }}"