ansible/roles/user/tasks/main.yml
Salt 863623e3b0 Factor extended hostnames into existing roles
Ow, really feeling that maintainability hit
2020-07-28 06:44:33 -05:00

75 lines
2.7 KiB
YAML

#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Assure user
user:
name: "{{ user_username }}"
shell: "{{ user_shell }}"
password: "{{ user_password }}"
groups: sudo
append: yes
become: yes
- name: Bootstrap user
block:
- name: Assure .ssh directory
file:
path: $HOME/.ssh
state: directory
mode: "0700"
- name: Generate keypair
openssh_keypair:
comment: "{{ user_username }}@{{ inventory_hostname_short }}"
path: $HOME/.ssh/id_ed25519
mode: "0600"
register: keypair
- name: Register keypair with Gitea
uri:
url: "https://git.9iron.club/api/v1/user/keys"
method: POST
headers:
accept: "application/json"
Authorization: "token {{ gitea_api_token }}"
body_format: json
body:
key: "{{ keypair.public_key }}"
read_only: yes
title: "{{ inventory_hostname_short }}-ed25519"
status_code: 201
when: keypair is changed
- name: Configure authorized hosts
authorized_key:
user: "{{ user_username }}"
manage_dir: yes
key: "{{ item.key }}"
state: "{{ item.state }}"
loop:
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ salt@dsk-cstm-0", state: present }
- { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@lap-th-e560-0", state: present }
- name: Check for dotfile initialization
stat: path=$HOME/.dotfiles
register: p
- name: Initialize dotfiles
block:
- name: Clone bootstrap script
git:
accept_hostkey: yes
repo: git@git.9iron.club:salt/bootstrap
dest: $HOME/bootstrap
depth: 1
force: yes
- name: Execute bootstrap script
shell: cd && ~/bootstrap/build-home.sh
- name: Disable untracked files on dotfiles
git_config:
name: status.showUntrackedFiles
value: "no"
scope: local
repo: ~/.dotfiles
- name: Remove bootstrap script directory
file:
path: ~/bootstrap
state: absent
when: not p.stat.exists
become: yes
become_user: "{{ user_username }}"