From 86562b3ccc1329f463a1b857fc58b691ab30bd69 Mon Sep 17 00:00:00 2001
From: Salt <rehashedsalt@cock.li>
Date: Fri, 11 Oct 2019 14:08:22 -0500
Subject: [PATCH] Reorganize, add cockpit role

---
 ansible.cfg                    |  3 +--
 provision.yml => ec2.yml       |  5 ++---
 ec2.ini => inventory/ec2.ini   |  0
 ec2.py => inventory/ec2.py     |  0
 roles/cockpit/files/ansiblekey |  1 +
 roles/cockpit/meta/main.yml    |  2 ++
 roles/cockpit/tasks/main.yml   | 23 +++++++++++++++++++++++
 roles/common/tasks/main.yml    | 15 +++++++++++++++
 roles/user/tasks/main.yml      | 16 ++++++++++++++--
 9 files changed, 58 insertions(+), 7 deletions(-)
 rename provision.yml => ec2.yml (65%)
 rename ec2.ini => inventory/ec2.ini (100%)
 rename ec2.py => inventory/ec2.py (100%)
 create mode 120000 roles/cockpit/files/ansiblekey
 create mode 100644 roles/cockpit/meta/main.yml
 create mode 100644 roles/cockpit/tasks/main.yml

diff --git a/ansible.cfg b/ansible.cfg
index c0c368e..2a2f293 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -1,6 +1,5 @@
 [defaults]
-#inventory = hosts
-inventory = ec2.py
+inventory = inventory
 remote_user = ubuntu
 private_key_file = ~/.ssh/ansible
 ssh_extra_args =-o ForwardAgent=yes -o StrictHostKeyChecking=no
diff --git a/provision.yml b/ec2.yml
similarity index 65%
rename from provision.yml
rename to ec2.yml
index 28b59c6..27659d5 100755
--- a/provision.yml
+++ b/ec2.yml
@@ -4,9 +4,8 @@
 - hosts: ec2
   roles:
     - common
-- hosts: tag_userlogon_true
+- hosts: tag_role_cockpit
   roles:
     - user
-- hosts: tag_ansiblehost_true
-  roles:
     - ansiblehost
+    - cockpit
diff --git a/ec2.ini b/inventory/ec2.ini
similarity index 100%
rename from ec2.ini
rename to inventory/ec2.ini
diff --git a/ec2.py b/inventory/ec2.py
similarity index 100%
rename from ec2.py
rename to inventory/ec2.py
diff --git a/roles/cockpit/files/ansiblekey b/roles/cockpit/files/ansiblekey
new file mode 120000
index 0000000..b82551f
--- /dev/null
+++ b/roles/cockpit/files/ansiblekey
@@ -0,0 +1 @@
+../../ansiblehost/files/ansiblekey
\ No newline at end of file
diff --git a/roles/cockpit/meta/main.yml b/roles/cockpit/meta/main.yml
new file mode 100644
index 0000000..d098f75
--- /dev/null
+++ b/roles/cockpit/meta/main.yml
@@ -0,0 +1,2 @@
+---
+allow_duplicates: no
diff --git a/roles/cockpit/tasks/main.yml b/roles/cockpit/tasks/main.yml
new file mode 100644
index 0000000..e2ab99a
--- /dev/null
+++ b/roles/cockpit/tasks/main.yml
@@ -0,0 +1,23 @@
+#!/usr/bin/ansible-playbook
+# vim:ft=ansible:
+---
+- name: Install Cockpit-required packages via apt
+  apt:
+    name: "{{ packages }}"
+  vars:
+    packages:
+    - cockpit
+  become: true
+- name: Copy Ansible private key
+  copy:
+    src: "{{ role_path }}/files/ansiblekey"
+    dest: ~/.ssh/id_rsa
+    mode: 0600
+  become: true
+  become_user: cockpit
+- name: Add configs for all EC2 instances
+  # TODO: https://docs.ansible.com/ansible/latest/modules/template_module.html
+  debug:
+    msg: "{{ item }}"
+  with_inventory_hostnames:
+    - ec2
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index 8a1ab01..1cdf570 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -15,3 +15,18 @@
     packages:
     - vim
   become: true
+- name: Assure Cockpit user
+  user:
+    name: cockpit
+    shell: /bin/bash
+    groups: sudo
+    append: yes
+  become: yes
+- name: Authorize key for Cockpit user
+  authorized_key:
+    user: cockpit
+    state: present
+    manage_dir: yes
+    key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC8pjK7Z6V9IjxRtLB9Xwt5Rujj0iMQqOVExRkmkIzjEcblV/cqtwx4fOijoN9eQlmrjQg05rBWoHJoUiLH5LimU2HPQt9vSDSt/tTXNafhvi3St3nz+GA9yCwAkJfvz2QL/vnU7sfveYC2xmWZC0xjcG4bl8pL2GJgfyh4OnfS9vNRTpn1kAJ/Fl4vRLtRaFx1WzF3/RJUOkesYLegawSRJsaIamJFI5YxHe5VeTnFefVtssgbGrOj19uRDIZkBW/5uWsnNPVwbGUT089qioS11QFJaVOQCgU/E+4lxCHlRfLQ+gnXvaQV3j0JFk/I1bZNlCcNLHc0ZasXIqV+BUaR4au35QkDBjh38DCxesZ775tudXUp7KP6OHCC9i9ncIkum3mE+4K+0KAlS0oevUQdfguXkRQ6q3vydxEgWbBOx3jHi7i5AwvOnJqZRmUnfFp0qfhGfcS2pLEZhUcd0bOM6qAyK1XD5XRzXoVLS9bdHNUwCaIWie0tOYMLLmNooTU= salt@dsk-cstm-0"
+  become: yes
+  become_user: cockpit
diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml
index 9db33d6..1c0f755 100644
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@@ -1,11 +1,23 @@
 #!/usr/bin/ansible-playbook
 # vim:ft=ansible:
 ---
-- name: Initialize user salt
+- name: Assure user salt
+  vars:
+    salt_pass: !vault |
+        $ANSIBLE_VAULT;1.1;AES256
+        37666131343936663962386535343939373161343337383436613961303637376136633736353533
+        3366623536646563383563373265313134663464396231370a303033353661336436386561366139
+        30393536393634653566646636366436656435623534626266343632313336336336346131383361
+        3366343932383930350a383637646261373135376138633533306530306339316235353262356135
+        34626466363266616265653064333365663663306330666632343864373335626265323230633331
+        33623431633665353964623437636231623366383733626266353162633762373035376638663936
+        62383065653836366431316461663862393130653761643937376565366435646665313961663534
+        64303363653631653433343361616635373966326433663466636164613062343561333036613937
+        35616666633737356331653632323639373330396433366639326466373639313630
   user:
     name: salt
     shell: /bin/bash
-    password: "***REMOVED***"
+    password: "{{ salt_pass }}"
     groups: sudo
     append: yes
   become: yes