ansible/roles/base-user/tasks/main.yml

77 lines
3.9 KiB
YAML

#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Assure user
user:
name: "{{ user_username }}"
shell: "{{ user_shell }}"
password: "{{ user_password }}"
groups: sudo
append: yes
become: yes
- name: Bootstrap user
block:
- name: Assure .ssh directory
file:
path: $HOME/.ssh
state: directory
mode: "0700"
- name: Generate keypair
openssh_keypair:
comment: "{{ user_username }}@{{ inventory_hostname_short }}"
path: $HOME/.ssh/id_ed25519
mode: "0600"
register: keypair
- name: Register keypair with Gitea
uri:
url: "https://git.9iron.club/api/v1/user/keys"
method: POST
headers:
accept: "application/json"
Authorization: "token {{ gitea_api_token }}"
body_format: json
body:
key: "{{ keypair.public_key }}"
read_only: yes
title: "{{ inventory_hostname }}-ed25519"
status_code: 201
when: keypair is changed
- name: Configure authorized hosts
authorized_key:
user: "{{ user_username }}"
manage_dir: yes
key: "{{ item.key }}"
state: "{{ item.state }}"
loop:
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ salt@dsk-cstm-0", state: present }
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@lap-th-e560-0", state: present }
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsZVQJr3d5G9nhlAilU8SKK7AInw8bgUTbIof7LEPD16Fg21KKAIcpYqWgw53EwuwFN8KJjDHKQasfnGZ++vIdpaNKB5HAAHapHxMREpwKzDf9Z+phfi2S5rdIodeCz62DVo0DSd4NZGF1q2FGgVTIsnOVLRBiu5xBIP6BElMmAn+afsBHiuN68YVUxqTnwX+brQXcxhG/D0UuNHUgf2VZ95vNktgad03/1g9FbKI4CIVoUazHeavTFzOYewfSzOGo9T6VOxe0Tm/GYjokO+XGtn5LtITFAEjAMEyhUb3JCtmPuof153BaP11ELqURUp1Os5Spxq2nsxGpdSebzty157uf9wFPGnbsSk5ehEE9pQodzCZlrHu85oKFGtwtdYmAvQd8LvrIb+tRFV2LX3AL/H0KdAGOCBvQG0bIAWmosZSzTT0zC1ESA97ncpzP8VYJJtwvhxyJOpsA3udHScQAZllrTjh6S18RJts1GtLv2d7ogFBzRAGn+/dsekX5ghU= salt@lap-s76-lemp9-0", state: present }
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgLG6Y+R58AaS8hxrAVtpYRon1JiXG65KoHLR1hr8GtQXAaJuTIzzvD3LJbZ3OxSctZCzfu85SZ+7ex6yHAD0RfPASAGZarHOWSFuTULtIYaz0lGopfmHrVT9yV2df0zhqz3E2FEJaMe1CXkDufJrD3IkPZSTd24NY83hJGWxSM9SbiCqAf+c3DSWWhCC75WXdIfPs6d5CF/pYY6T1kD9AJC4K6JhP3LtieFBGZfpd6EamZ/Y1wvlFbkjV+rLDvYE4BF4WNYcJP1CTEgtOTAbACMqSdQ6544JUVvKNE7J9haOzTK0gYcp05zvgHvgju9TuPizlYEjPgypxNZBPXQisat3KXLenGS4+4gLloFrkZ4f2IfJidLrBd99GAina2OMHsCfQrazhuzvIoXI/5ww+k28GgF264HA8ZNkhPgZf3tbDmSHIZPvshRRvYOfURwiwl9T9xwdoJet5qdPrXk6EmX6f5TUIUdB8eeXcLecQDfvwgbDePdxz02sEw4LymK0= salt@ph-pine-0", state: present }
- name: Check for dotfile initialization
stat: path=$HOME/.dotfiles
register: p
- name: Initialize dotfiles
block:
- name: Clone bootstrap script
git:
accept_hostkey: yes
repo: git@git.9iron.club:salt/bootstrap
dest: $HOME/bootstrap
depth: 1
force: yes
- name: Execute bootstrap script
shell: "cd && ~/bootstrap/bootstrap.sh > bootstrap.log 2>&1"
- name: Disable untracked files on dotfiles
git_config:
name: status.showUntrackedFiles
value: "no"
scope: local
repo: ~/.dotfiles
- name: Remove bootstrap script directory
file:
path: ~/bootstrap
state: absent
when: not p.stat.exists
become: yes
become_user: "{{ user_username }}"