diff --git a/.gitignore b/.gitignore index 428ae7f..4009f9b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ /.master_passwd +/.cert +/roles/files/certs/id_ed25519_ansible /inventory/group_vars/all.yaml -/ansible.log \ No newline at end of file +/ansible.log diff --git a/ansible.cfg b/ansible.cfg index dc1ada8..f6c0f5b 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -3,6 +3,7 @@ inventory = ./inventory/all.yaml log_path = ./ansible.log retry_files_enabled = False vault_password_file = ./.master_passwd +private_key_file = ./.cert [connection] pipelining = True diff --git a/inventory/all.yaml b/inventory/all.yaml index 2509d81..86f17cf 100644 --- a/inventory/all.yaml +++ b/inventory/all.yaml @@ -19,6 +19,9 @@ all: - michal - paulina - macadmin + ssh_users: + - michal + - macadmin linux: hosts: dinth-mint: @@ -30,29 +33,33 @@ all: users: - dinth - root + ssh_users: + - dinth + - root servers: hosts: r720-omv: ansible_host: 10.10.1.13 ansible_user: root - ansible_password: "{{ r720_omv_pass }}" +# ansible_password: "{{ r720_omv_pass }}" rpi-streamdeck: ansible_host: 10.10.25.41 ansible_user: dinth - ansible_password: "{{ rpi_streamdeck_pass }}" +# ansible_password: "{{ rpi_streamdeck_pass }}" ansible_become_pass: "{{ rpi_streamdeck_pass }}" raspberrypi-hyperion: ansible_host: 10.10.25.20 ansible_user: dinth - ansible_password: "{{ raspberrypi_hyperion_pass }}" +# ansible_password: "{{ raspberrypi_hyperion_pass }}" ansible_become_pass: "{{ raspberrypi_hyperion_pass }}" r230-proxmox: ansible_host: 10.10.1.16 ansible_user: dinth - ansible_password: "{{ r230_proxmox_pass }}" +# ansible_password: "{{ r230_proxmox_pass }}" ansible_become_pass: "{{ r230_proxmox_pass }}" vars: users: - root - - dinth + ssh_users: + - root diff --git a/roles/configure_ansible.yaml b/roles/configure_ansible.yaml new file mode 100644 index 0000000..e69de29 diff --git a/roles/configure_ssh.yaml b/roles/configure_ssh.yaml index 178c72b..b4d959d 100644 --- a/roles/configure_ssh.yaml +++ b/roles/configure_ssh.yaml @@ -1,7 +1,17 @@ - name: Configure SSH on endpoints hosts: all - vars: - users: - - dinth - - root - tasks: \ No newline at end of file + tasks: + - name: "Deploy public certificates | authorized_keys" + ansible.posix.authorized_key: + user: "{{ item }}" + state: present + key: https://github.com/dinth.keys + exclusive: true + loop: "{{ ssh_users}}" + - name: "Deploy private certificates | copy" + ansible.builtin.copy: + src: + dest: "/{% if ansible_distrubtion == 'MacOSX' %}Users{% else %}home{% endif %}/" + decrypt: yes + mode: 0600 +# when: inventory_hostname in groups['workstations'] \ No newline at end of file diff --git a/roles/configure_vim.yaml b/roles/configure_vim.yaml index d14d0b0..edcc008 100644 --- a/roles/configure_vim.yaml +++ b/roles/configure_vim.yaml @@ -26,4 +26,4 @@ - editor - vi - vim - when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Linux Mint' + when: ansible_distribution == 'Ubuntu' or ansible_distribution == 'Debian' or ansible_distribution == 'Linux Mint' \ No newline at end of file diff --git a/roles/configure_zsh.yaml b/roles/configure_zsh.yaml index 6520da5..93ad4d9 100644 --- a/roles/configure_zsh.yaml +++ b/roles/configure_zsh.yaml @@ -31,6 +31,12 @@ path: "~/.oh-my-zsh" register: oh_my_zsh_stat loop: "{{ users }}" + - name: Sets ZSH as default shell | user + become: true + ansible.builtin.user: + name: "{{ item }}" + shell: /bin/zsh + loop: "{{ users }}" - name: Installs Oh My ZSH | shell become: true become_user: "{{ item }}"