Taking a dump

2020-10-17 01:00:06 -05:00 · 2020-10-17 01:00:06 -05:00 · d11deec1d8
commit d11deec1d8
parent 8b7ad3b450
12 changed files with 99 additions and 0 deletions
--- a/inventory/group_vars/all.yml
+++ b/inventory/group_vars/all.yml
@ -0,0 +1,4 @@
+# vim:ft=ansible:
+ansible_pull_repo: "https://git.9iron.club/salt/ansible"
+ansible_pull_commit: rewrite
+common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible"
--- a/roles/ansible-pull/defaults/main.yml
+++ b/roles/ansible-pull/defaults/main.yml
@ -0,0 +1,5 @@
+# vim:ft=ansible:
+ansible_pull_boot_delay: 15min
+ansible_pull_commit: master
+ansible_pull_time: "*-*-* 01:00:00"
+ansible_pull_playbook: site.yml
--- a/roles/ansible-pull/files/vaultpass
+++ b/roles/ansible-pull/files/vaultpass
@ -0,0 +1,6 @@
+$ANSIBLE_VAULT;1.1;AES256
+31383561303637303735386663306631333063623336643030643634333262336664363461613239
+6230623439393465656161663432393732633662383833640a373433343236353835363130653937
+31346233663237383666306536633962613534623735366531666561656335393964316230633161
+3930636537313364380a376432363431346636363565383734613638316161643036623636656532
+66333038393738663464343534633766643734393165626538633962376161376262
--- a/roles/ansible-pull/handlers/main.yml
+++ b/roles/ansible-pull/handlers/main.yml
@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+- name: restart ansiblepull timer
+  systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started
+  become: yes
--- a/roles/ansible-pull/tasks/main.yml
+++ b/roles/ansible-pull/tasks/main.yml
@ -0,0 +1,18 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+- name: configure ansible-pull
+  block:
+    - name: assure vault password file
+      copy: src=vaultpass dest="~/ansiblevaultpass" mode="0600"
+      become: yes
+      become_user: ansible
+    - name: configure systemd service
+      template: src=ansible-pull.service dest=/etc/systemd/system/ansible-pull.service
+      notify: restart ansiblepull timer
+    - name: configure systemd timer
+      template: src=ansible-pull.timer dest=/etc/systemd/system/ansible-pull.timer
+      notify: restart ansiblepull timer
+    - name: enable timer
+      systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started
+      notify: restart ansiblepull timer
+  become: yes
--- a/roles/ansible-pull/templates/ansible-pull.service
+++ b/roles/ansible-pull/templates/ansible-pull.service
@ -0,0 +1,16 @@
+# vim:ft=dosini:
+[Unit]
+Description=Ansible pull service
+StartLimitIntervalSec=3600
+StartLimitBurst=5
+
+[Service]
+User=ansible
+Group=ansible
+Environment=ANSIBLE_CONFIG=~/ansible-pull-repo/ansible-pull.cfg
+ExecStart=/usr/local/bin/ansible-pull --accept-host-key -U "{{ ansible_pull_repo }}" -d "~/ansible-pull-repo" --vault-password-file "~/ansiblevaultpass" "{{ ansible_pull_playbook }}"
+Restart=on-failure
+RestartSec=90
+
+[Install]
+WantedBy=multi-user.target
--- a/roles/ansible-pull/templates/ansible-pull.timer
+++ b/roles/ansible-pull/templates/ansible-pull.timer
@ -0,0 +1,11 @@
+# vim:ft=dosini:
+[Unit]
+Description=Ansible pull timer
+
+[Timer]
+Persistent=true
+OnBootSec={{ ansible_pull_boot_delay }}
+OnCalendar={{ ansible_pull_time }}
+
+[Install]
+WantedBy=timers.target
--- a/roles/common/handlers/main.yml
+++ b/roles/common/handlers/main.yml
@ -0,0 +1,5 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+- name: restart cron
+  service: name=cron state=restarted
+  become: yes
--- a/roles/common/tasks/ansible.yml
+++ b/roles/common/tasks/ansible.yml
@ -0,0 +1,11 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+- name: configure ansible user
+  block:
+    - name: create ansible user
+      user: name=ansible password_lock=yes
+    - name: configure ansible user keys
+      authorized_key: user=ansible manage_dir=yes key={{ common_ansible_pubkey }}
+    - name: configure ansible user sudo
+      lineinfile: path=/etc/sudoers line="ansible ALL=(ALL:ALL) NOPASSWD:ALL"
+  become: yes
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@ -2,3 +2,7 @@
 # vim:ft=ansible:
 - name: configure basic packages
  include_tasks: packages.yml
+- name: configure system
+  include_tasks: system.yml
+- name: configure ansible user
+  include_tasks: ansible.yml
--- a/roles/common/tasks/system.yml
+++ b/roles/common/tasks/system.yml
@ -0,0 +1,10 @@
+#!/usr/bin/env ansible-playbook
+# vim:ft=ansible:
+- name: configure system
+  block:
+    - name: configure hostname
+      hostname: name={{ inventory_hostname }}
+    - name: configure timezone
+      timezone: name=America/Chicago
+      notify: restart cron
+  become: yes
--- a/site.yml
+++ b/site.yml
@ -1,5 +1,9 @@
 #!/usr/bin/env ansible-playbook
 # vim:ft=ansible:
+---
 - hosts: all
  roles:
    - role: common
+      tags: [ common ]
+    - role: ansible-pull
+      tags: [ ansible, common ]