salt/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Unify some homebrew roles' become methods

Browse Source
This commit is contained in:
Salt 2020-11-08 00:05:48 -06:00
parent f893458e51
commit ddc5c881de
5 changed files with 29 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
roles/ansible-pull/tasks/main.yml
View File

@ -1,20 +1,17 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
# vim:ft=ansible: # vim:ft=ansible:
- name: configure ansible-pull - name: assure vault password file
block: copy: src=vaultpass dest="~/ansiblevaultpass" mode="0600"
- name: assure vault password file
copy: src=vaultpass dest="~/ansiblevaultpass" mode="0600"
become: yes
become_user: ansible
- name: install ansible
pip: name=ansible,ansible-base,ansible-lint state=latest
- name: configure systemd service
template: src=ansible-pull.service dest=/etc/systemd/system/ansible-pull.service
notify: restart ansiblepull timer
- name: configure systemd timer
template: src=ansible-pull.timer dest=/etc/systemd/system/ansible-pull.timer
notify: restart ansiblepull timer
- name: enable timer
systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started
notify: restart ansiblepull timer
become: yes become: yes
become_user: ansible
- name: install ansible
pip: name=ansible,ansible-base,ansible-lint state=latest
- name: configure systemd service
template: src=ansible-pull.service dest=/etc/systemd/system/ansible-pull.service
notify: restart ansiblepull timer
- name: configure systemd timer
template: src=ansible-pull.timer dest=/etc/systemd/system/ansible-pull.timer
notify: restart ansiblepull timer
- name: enable timer
systemd: daemon_reload=yes name=ansible-pull.timer enabled=yes state=started
notify: restart ansiblepull timer

19
roles/common/tasks/ansible.yml
View File

@ -1,13 +1,10 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
# vim:ft=ansible: # vim:ft=ansible:
- name: configure ansible user - name: create ansible user
block: user: name=ansible password_lock=yes
- name: create ansible user - name: configure ansible user home directory
user: name=ansible password_lock=yes file: path=/home/ansible owner=ansible group=ansible
- name: configure ansible user home directory - name: configure ansible user keys
file: path=/home/ansible owner=ansible group=ansible authorized_key: user=ansible manage_dir=yes key={{ common_ansible_pubkey }}
- name: configure ansible user keys - name: configure ansible user sudo
authorized_key: user=ansible manage_dir=yes key={{ common_ansible_pubkey }} lineinfile: path=/etc/sudoers line="ansible ALL=(ALL:ALL) NOPASSWD:ALL"
- name: configure ansible user sudo
lineinfile: path=/etc/sudoers line="ansible ALL=(ALL:ALL) NOPASSWD:ALL"
become: yes

1
roles/common/tasks/packages.yml
View File

@ -28,5 +28,4 @@
- whois - whois
- name: remove basic packages - name: remove basic packages
apt: state=absent name=unattended-upgrades apt: state=absent name=unattended-upgrades
become: yes
when: ansible_os_family == "Debian" when: ansible_os_family == "Debian"

13
roles/common/tasks/system.yml
View File

@ -1,10 +1,7 @@
#!/usr/bin/env ansible-playbook #!/usr/bin/env ansible-playbook
# vim:ft=ansible: # vim:ft=ansible:
- name: configure system - name: configure hostname
block: hostname: name={{ inventory_hostname }}
- name: configure hostname - name: configure timezone
hostname: name={{ inventory_hostname }} timezone: name=America/Chicago
- name: configure timezone notify: restart cron
timezone: name=America/Chicago
notify: restart cron
become: yes

2
site.yml
View File

@ -5,8 +5,10 @@
- hosts: all - hosts: all
roles: roles:
- role: common - role: common
become: yes
tags: [ common ] tags: [ common ]
- role: ansible-pull - role: ansible-pull
become: yes
tags: [ ansible, common ] tags: [ ansible, common ]
# Home desktops # Home desktops
- hosts: desktop - hosts: desktop