77 lines
3.9 KiB
YAML
77 lines
3.9 KiB
YAML
#!/usr/bin/ansible-playbook
|
|
# vim:ft=ansible:
|
|
---
|
|
- name: Assure user
|
|
user:
|
|
name: "{{ user_username }}"
|
|
shell: "{{ user_shell }}"
|
|
password: "{{ user_password }}"
|
|
groups: sudo
|
|
append: yes
|
|
become: yes
|
|
- name: Bootstrap user
|
|
block:
|
|
- name: Assure .ssh directory
|
|
file:
|
|
path: $HOME/.ssh
|
|
state: directory
|
|
mode: "0700"
|
|
- name: Generate keypair
|
|
openssh_keypair:
|
|
comment: "{{ user_username }}@{{ inventory_hostname_short }}"
|
|
path: $HOME/.ssh/id_ed25519
|
|
mode: "0600"
|
|
register: keypair
|
|
- name: Register keypair with Gitea
|
|
uri:
|
|
url: "https://git.9iron.club/api/v1/user/keys"
|
|
method: POST
|
|
headers:
|
|
accept: "application/json"
|
|
Authorization: "token {{ gitea_api_token }}"
|
|
body_format: json
|
|
body:
|
|
key: "{{ keypair.public_key }}"
|
|
read_only: yes
|
|
title: "{{ inventory_hostname }}-ed25519"
|
|
status_code: 201
|
|
when: keypair is changed
|
|
- name: Configure authorized hosts
|
|
authorized_key:
|
|
user: "{{ user_username }}"
|
|
manage_dir: yes
|
|
key: "{{ item.key }}"
|
|
state: "{{ item.state }}"
|
|
loop:
|
|
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ salt@dsk-cstm-0", state: present }
|
|
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@lap-th-e560-0", state: present }
|
|
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsZVQJr3d5G9nhlAilU8SKK7AInw8bgUTbIof7LEPD16Fg21KKAIcpYqWgw53EwuwFN8KJjDHKQasfnGZ++vIdpaNKB5HAAHapHxMREpwKzDf9Z+phfi2S5rdIodeCz62DVo0DSd4NZGF1q2FGgVTIsnOVLRBiu5xBIP6BElMmAn+afsBHiuN68YVUxqTnwX+brQXcxhG/D0UuNHUgf2VZ95vNktgad03/1g9FbKI4CIVoUazHeavTFzOYewfSzOGo9T6VOxe0Tm/GYjokO+XGtn5LtITFAEjAMEyhUb3JCtmPuof153BaP11ELqURUp1Os5Spxq2nsxGpdSebzty157uf9wFPGnbsSk5ehEE9pQodzCZlrHu85oKFGtwtdYmAvQd8LvrIb+tRFV2LX3AL/H0KdAGOCBvQG0bIAWmosZSzTT0zC1ESA97ncpzP8VYJJtwvhxyJOpsA3udHScQAZllrTjh6S18RJts1GtLv2d7ogFBzRAGn+/dsekX5ghU= salt@lap-s76-lemp9-0", state: present }
|
|
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgLG6Y+R58AaS8hxrAVtpYRon1JiXG65KoHLR1hr8GtQXAaJuTIzzvD3LJbZ3OxSctZCzfu85SZ+7ex6yHAD0RfPASAGZarHOWSFuTULtIYaz0lGopfmHrVT9yV2df0zhqz3E2FEJaMe1CXkDufJrD3IkPZSTd24NY83hJGWxSM9SbiCqAf+c3DSWWhCC75WXdIfPs6d5CF/pYY6T1kD9AJC4K6JhP3LtieFBGZfpd6EamZ/Y1wvlFbkjV+rLDvYE4BF4WNYcJP1CTEgtOTAbACMqSdQ6544JUVvKNE7J9haOzTK0gYcp05zvgHvgju9TuPizlYEjPgypxNZBPXQisat3KXLenGS4+4gLloFrkZ4f2IfJidLrBd99GAina2OMHsCfQrazhuzvIoXI/5ww+k28GgF264HA8ZNkhPgZf3tbDmSHIZPvshRRvYOfURwiwl9T9xwdoJet5qdPrXk6EmX6f5TUIUdB8eeXcLecQDfvwgbDePdxz02sEw4LymK0= salt@ph-pine-0", state: present }
|
|
- name: Check for dotfile initialization
|
|
stat: path=$HOME/.dotfiles
|
|
register: p
|
|
- name: Initialize dotfiles
|
|
block:
|
|
- name: Clone bootstrap script
|
|
git:
|
|
accept_hostkey: yes
|
|
repo: git@git.9iron.club:salt/bootstrap
|
|
dest: $HOME/bootstrap
|
|
depth: 1
|
|
force: yes
|
|
- name: Execute bootstrap script
|
|
shell: "cd && ~/bootstrap/bootstrap.sh > bootstrap.log 2>&1"
|
|
- name: Disable untracked files on dotfiles
|
|
git_config:
|
|
name: status.showUntrackedFiles
|
|
value: "no"
|
|
scope: local
|
|
repo: ~/.dotfiles
|
|
- name: Remove bootstrap script directory
|
|
file:
|
|
path: ~/bootstrap
|
|
state: absent
|
|
when: not p.stat.exists
|
|
become: yes
|
|
become_user: "{{ user_username }}"
|