salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Modularize user role, fix indentation with ansible vault secrets

Browse Source
This commit is contained in:
Salt 2020-06-01 04:54:38 -05:00
parent 4074c6340f
commit c7d674a9b0
5 changed files with 76 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
9iron.yml
View File

@ -6,6 +6,20 @@
- common - common
- user - user
- influxdb - influxdb
- role: user
vars:
user_username: salt
user_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
37666131343936663962386535343939373161343337383436613961303637376136633736353533
3366623536646563383563373265313134663464396231370a303033353661336436386561366139
30393536393634653566646636366436656435623534626266343632313336336336346131383361
3366343932383930350a383637646261373135376138633533306530306339316235353262356135
34626466363266616265653064333365663663306330666632343864373335626265323230633331
33623431633665353964623437636231623366383733626266353162633762373035376638663936
62383065653836366431316461663862393130653761643937376565366435646665313961663534
64303363653631653433343361616635373966326433663466636164613062343561333036613937
35616666633737356331653632323639373330396433366639326466373639313630
- hosts: 9iron.club - hosts: 9iron.club
roles: roles:
- role: backups - role: backups

17
desktop.yml
View File

@ -4,8 +4,23 @@
- hosts: localhost - hosts: localhost
roles: roles:
- common - common
- user
- desktop - desktop
- role: user
vars:
user_username: salt
user_password: !vault |
$ANSIBLE_VAULT;1.1;AES256
37666131343936663962386535343939373161343337383436613961303637376136633736353533
3366623536646563383563373265313134663464396231370a303033353661336436386561366139
30393536393634653566646636366436656435623534626266343632313336336336346131383361
3366343932383930350a383637646261373135376138633533306530306339316235353262356135
34626466363266616265653064333365663663306330666632343864373335626265323230633331
33623431633665353964623437636231623366383733626266353162633762373035376638663936
62383065653836366431316461663862393130653761643937376565366435646665313961663534
64303363653631653433343361616635373966326433663466636164613062343561333036613937
35616666633737356331653632323639373330396433366639326466373639313630
tags: [ user ]
- role: ansiblehost - role: ansiblehost
vars: vars:
pullplaybook: "desktop.yml" pullplaybook: "desktop.yml"
tags: [ ansiblehost ]

62
inventory/group_vars/all.yml
View File

@ -12,12 +12,12 @@ acme_webroot: "/var/www/acme"
# MySQL # MySQL
mysql_root_password: !vault | mysql_root_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
62316565376333396465333931356163343363663063636233653536373033396230626639613964 62316565376333396465333931356163343363663063636233653536373033396230626639613964
3037613839373833646234626236643430393364643131610a333539373533663434373935376130 3037613839373833646234626236643430393364643131610a333539373533663434373935376130
65323365313465316635646465376665616132653832316362363535366563363863636530313666 65323365313465316635646465376665616132653832316362363535366563363863636530313666
3036393134386131310a643734363261633166636263343538313533393738323934303137343163 3036393134386131310a643734363261633166636263343538313533393738323934303137343163
39636637643035616236663364663562366133613233313139623937313531343564 39636637643035616236663364663562366133613233313139623937313531343564
## WEBAPPS ## WEBAPPS
# Dokuwiki # Dokuwiki
@ -27,13 +27,13 @@ dokuwiki_webroot: "/var/www/dokuwiki"
# Gitea # Gitea
gitea_mysql_password: !vault | gitea_mysql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
62353264353465316661353738666161313036373761666163663733656461316536636334386335 62353264353465316661353738666161313036373761666163663733656461316536636334386335
6161386630663739363439383237343065333239613134610a383036373735326536386464343164 6161386630663739363439383237343065333239613134610a383036373735326536386464343164
31346337636665356630336234306534646362386663633734353166373761316139313734306630 31346337636665356630336234306534646362386663633734353166373761316139313734306630
3364306566323666310a323034303434613237643665643637633430353437316339356463646331 3364306566323666310a323034303434613237643665643637633430353437316339356463646331
33353062343164396465326365653561626363343961326363633231303736316436643935646161 33353062343164396465326365653561626363343961326363633231303736316436643935646161
3933353234613430373930663832643934613233383635613433 3933353234613430373930663832643934613233383635613433
gitea_app_name: "9iron Gitea" gitea_app_name: "9iron Gitea"
gitea_disable_registration: "false" gitea_disable_registration: "false"
gitea_root_directory: "/cold/gitea-repositories/" gitea_root_directory: "/cold/gitea-repositories/"
@ -42,32 +42,32 @@ gitea_webroot: "/var/www/gitea"
gitea_admin_username: "salt" gitea_admin_username: "salt"
gitea_admin_email: "rehashedsalt@cock.li" gitea_admin_email: "rehashedsalt@cock.li"
gitea_admin_password: !vault | gitea_admin_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
35613039646236306236363930353231303331633765303039373736626666666530323433356466 35613039646236306236363930353231303331633765303039373736626666666530323433356466
3062633166313332643039613561303431613735396339650a376664373137643439303465376365 3062633166313332643039613561303431613735396339650a376664373137643439303465376365
35313266376539366134343562626164616666306338343538663361393964626565303331383234 35313266376539366134343562626164616666306338343538663361393964626565303331383234
3565646664333966650a323530356664366262653763363439613534303764366436376634373639 3565646664333966650a323530356664366262653763363439613534303764366436376634373639
62303264653836656162366362316461656363353539343632616462626231643632 62303264653836656162366362316461656363353539343632616462626231643632
# Grafana # Grafana
grafana_mysql_password: !vault | grafana_mysql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
65376335363732633132326630323161393861323833323631613630343262383137656138356262 65376335363732633132326630323161393861323833323631613630343262383137656138356262
3730386139393739373738626535376636666135646463350a623331333032346434343465666234 3730386139393739373738626535376636666135646463350a623331333032346434343465666234
38393539623437376133363063633238383031326431653737346564323837343265653431633962 38393539623437376133363063633238383031326431653737346564323837343265653431633962
6665346237666165330a643635653863356633623535383063366632336437313730626233346664 6665346237666165330a643635653863356633623535383063366632336437313730626233346664
33303465616532313339393634386166363162393661393037323835323035386663 33303465616532313339393634386166363162393661393037323835323035386663
grafana_url: "monitor.9iron.club" grafana_url: "monitor.9iron.club"
grafana_webroot: "/var/www/grafana" grafana_webroot: "/var/www/grafana"
# Nextcloud # Nextcloud
nextcloud_mysql_password: !vault | nextcloud_mysql_password: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
37633035633563646266346264333636393931323664313166633133653461646333643731636661 37633035633563646266346264333636393931323664313166633133653461646333643731636661
3966666665396239346662613764353333393038663762340a313236396331623061376462356437 3966666665396239346662613764353333393038663762340a313236396331623061376462356437
66373234633939393034353439393465663131303661393164303335336435653734613064663964 66373234633939393034353439393465663131303661393164303335336435653734613064663964
3332313764623133630a393731613236373837316437653265636663666261383135636662373566 3332313764623133630a393731613236373837316437653265636663666261383135636662373566
61373135303632336237333836353764646639633735323566346366623766646266 61373135303632336237333836353764646639633735323566346366623766646266
nextcloud_tarbz2: "https://download.nextcloud.com/server/releases/nextcloud-18.0.0.tar.bz2" nextcloud_tarbz2: "https://download.nextcloud.com/server/releases/nextcloud-18.0.0.tar.bz2"
nextcloud_url: "nc.9iron.club" nextcloud_url: "nc.9iron.club"
nextcloud_webroot: "/var/www/nextcloud" nextcloud_webroot: "/var/www/nextcloud"

4
roles/user/defaults/main.yml Normal file
View File

@ -0,0 +1,4 @@
# vim:ft=ansible:
user_username: salt
user_shell: /bin/bash
user_password: "!"

37
roles/user/tasks/main.yml
View File

@ -2,39 +2,24 @@
# vim:ft=ansible: # vim:ft=ansible:
--- ---
- name: Assure user salt - name: Assure user salt
vars:
salt_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
37666131343936663962386535343939373161343337383436613961303637376136633736353533
3366623536646563383563373265313134663464396231370a303033353661336436386561366139
30393536393634653566646636366436656435623534626266343632313336336336346131383361
3366343932383930350a383637646261373135376138633533306530306339316235353262356135
34626466363266616265653064333365663663306330666632343864373335626265323230633331
33623431633665353964623437636231623366383733626266353162633762373035376638663936
62383065653836366431316461663862393130653761643937376565366435646665313961663534
64303363653631653433343361616635373966326433663466636164613062343561333036613937
35616666633737356331653632323639373330396433366639326466373639313630
user: user:
name: salt name: "{{ user_username }}"
shell: /bin/bash shell: "{{ user_shell }}"
password: "{{ salt_pass }}" password: "{{ user_password }}"
groups: sudo groups: sudo
append: yes append: yes
become: yes become: yes
- name: Bootstrap user - name: Bootstrap user
block: block:
- name: Authorize dsk-cstm-0 for user salt - name: Configure SSH keys
authorized_key: authorized_key:
user: salt user: "{{ user_username }}"
state: present
manage_dir: yes manage_dir: yes
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ Salt@tungsten-qemu" key: "{{ item.key }}"
- name: Authorize lap-th-e560-0 for user salt state: "{{ item.state }}"
authorized_key: loop:
user: salt - { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ salt@dsk-cstm-0", state: present }
state: present - { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@lap-th-e560-0", state: present }
manage_dir: yes
key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@iridium"
- name: Check for dotfile initialization - name: Check for dotfile initialization
stat: path=$HOME/.dotfiles stat: path=$HOME/.dotfiles
register: p register: p
@ -76,4 +61,4 @@
state: absent state: absent
when: not p.stat.exists when: not p.stat.exists
become: yes become: yes
become_user: salt become_user: "{{ user_username }}"