Merge branch 'dev-user-ssh-config'

2022-02-20 13:59:25 +01:00
parent 9924a90d27 d94707d0f4
commit 88c68d844f
10 changed files with 376 additions and 8 deletions
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
@@ -24,8 +24,8 @@
  - import_tasks: system_setup/scripts.yml

  # Make sure users exist on the system
-  - import_tasks: users/rene.yml
  - import_tasks: users/root.yml
+  - import_tasks: users/rene.yml
  - import_tasks: users/ansible.yml

  # Set up the ansible environment
--- a/roles/base/tasks/users/rene.yml
+++ b/roles/base/tasks/users/rene.yml
@@ -1,8 +1,7 @@
-# - name: users | rene | ensure account is locked
-#   user:
-#     name: rene
-#     password_lock: yes
-#     shell: "/usr/bin/zsh"
+- name: users | rene | ensure account is locked
+  user:
+    name: rene
+    shell: "/usr/bin/zsh"

 - name: users | rene | install public ssh keys
  authorized_key:
@@ -15,12 +14,39 @@
    - public_keys/rene_id_rsa.pub
    - public_keys/yubikey.pub

+- name: users | rene | install private ssh keys
+  copy:
+    dest: "/home/rene/.ssh/"
+    src: "{{ item }}"
+    owner: rene
+    group: rene
+    mode: '0600'
+  loop:
+    - "private_keys/gitlab_read_ed25519"
+    - "private_keys/id_dsa"
+    - "private_keys/id_ed25519"
+    - "private_keys/id_rsa"
+    - "private_keys/identity_for_kashyyyk"
+    - "private_keys/yubikey"
+
+- name: users | rene | install known_hosts
+  copy:
+    dest: "/home/rene/.ssh/known_hosts"
+    src: "users/known_hosts"
+    backup: True
+    mode: '0600'
+    owner: 'rene'
+    group: 'rene'
+
 - name: users | rene | clone remote repos
+  become: yes
+  become_user: rene
  git:
    repo: '{{ item.repo }}'
    dest: '/home/rene/{{ item.dir }}'
+    key_file: '/home/rene/.ssh/gitlab_read_ed25519'
  with_items:
-    - {repo: 'https://gitlab.social.my-wan.de/rene/dotfiles.git', dir: 'dotfiles'}
+    - {repo: 'ssh://git@gitlab.social.my-wan.de:22422/rene/dotfiles.git', dir: 'dotfiles'}
    - {repo: 'https://github.com/romkatv/powerlevel10k.git', dir: 'powerlevel10k'}

 ########################################################
--- a/roles/base/tasks/users/root.yml
+++ b/roles/base/tasks/users/root.yml
@@ -24,6 +24,25 @@
  with_file:
    - public_keys/backup_ed25519.pub

+- name: users | root | install private ssh keys
+  copy:
+    dest: "/root/.ssh/"
+    src: "{{ item }}"
+    owner: root
+    group: root
+    mode: '0600'
+  loop:
+    - "private_keys/gitlab_read_ed25519"
+
+- name: users | root | install known_hosts
+  copy:
+    dest: "/root/.ssh/known_hosts"
+    src: "users/known_hosts"
+    backup: True
+    mode: '0600'
+    owner: 'root'
+    group: 'root'
+
 - name: users | root | create script directories
  file:
    path: "{{ root_home }}/scripts"
@@ -32,8 +51,9 @@

 - name: users | root | clone root_bins
  git:
-    repo: 'https://gitlab.social.my-wan.de/rene/root-bin.git'
+    repo: 'ssh://git@gitlab.social.my-wan.de:22422/rene/root-bin.git'
    dest: "{{ root_home }}/bin"
+    key_file: '/root/.ssh/gitlab_read_ed25519'

 ######################################################
 # Learn Linux TV example