127 lines
3.3 KiB
YAML
127 lines
3.3 KiB
YAML
# - name: users | root | ensure account is locked
|
|
# user:
|
|
# name: root
|
|
# password_lock: yes
|
|
|
|
# - name: users | root | install public ssh keys
|
|
# authorized_key:
|
|
# user: root
|
|
# state: present
|
|
# key: '{{ item }}'
|
|
# with_file:
|
|
# - public_keys/id_dsa.pub
|
|
# - public_keys/id_ed25519.pub
|
|
# - public_keys/rene_id_rsa.pub
|
|
# - public_keys/root_id_rsa.pub
|
|
# - public_keys/yubikey.pub
|
|
|
|
- name: users | root | install public key for backups
|
|
authorized_key:
|
|
user: root
|
|
state: present
|
|
key: '{{ item }}'
|
|
key_options: 'from="192.168.1.240,192.168.1.133",command="~/validate-rsync.sh"'
|
|
with_file:
|
|
- public_keys/backup_ed25519.pub
|
|
|
|
- name: users | root | install private ssh keys for backup
|
|
copy:
|
|
dest: "{{ ansible_user_dir }}/.ssh/"
|
|
src: "{{ item }}"
|
|
owner: "{{ ansible_user_id }}"
|
|
group: "{{ ansible_user_id }}"
|
|
mode: '0600'
|
|
loop:
|
|
- "private_keys/backup_ed25519"
|
|
when: "'backup' is in role_names"
|
|
|
|
- name: users | {{ user }} | getent user home directory
|
|
getent:
|
|
database: passwd
|
|
key: "{{ user }}"
|
|
split: ":"
|
|
fail_key: no
|
|
|
|
- name: users | root | copy ~/validate-rsync.sh
|
|
copy:
|
|
#dest: "{{ getent_passwd[user][4] }}/validate-rsync.sh"
|
|
dest: "{{ ansible_user_dir }}/validate-rsync.sh"
|
|
src: "system_setup/validate-rsync.sh"
|
|
mode: "0744"
|
|
|
|
# - name: users | root | install private ssh keys
|
|
# copy:
|
|
# dest: "/root/.ssh/"
|
|
# src: "{{ item }}"
|
|
# owner: root
|
|
# group: root
|
|
# mode: '0600'
|
|
# loop:
|
|
# - "private_keys/gitlab_read_ed25519"
|
|
|
|
# - name: users | root | install known_hosts
|
|
# copy:
|
|
# dest: "/root/.ssh/known_hosts"
|
|
# src: "users/known_hosts"
|
|
# backup: True
|
|
# mode: '0600'
|
|
# owner: 'root'
|
|
# group: 'root'
|
|
|
|
- name: users | root | create script directories
|
|
file:
|
|
path: "{{ root_home }}/scripts"
|
|
state: directory
|
|
mode: '0755'
|
|
|
|
- name: users | root | clone root_bins
|
|
git:
|
|
repo: 'ssh://git@gitea.mewissen.site:22422/rene/root-bin.git'
|
|
dest: "{{ root_home }}/bin"
|
|
key_file: '/root/.ssh/gitlab_read_ed25519'
|
|
ignore_errors: True
|
|
|
|
# - name: users | root | link dotfiles
|
|
# become: yes
|
|
# become_user: root
|
|
# file:
|
|
# state: link
|
|
# src: "/home/root/dotfiles/{{ item.src }}"
|
|
# path: "home/root/{{ item.dest }}"
|
|
# with_items:
|
|
# - { src: 'vim/vimrc', dest: '.vimrc' }
|
|
# - { src: 'bash/bashrc', dest: '.bashrc' }
|
|
# - { src: 'zsh/zshrc', dest: '.zshrc' }
|
|
# - { src: 'tmux/tmux.conf', dest: '.tmux.conf' }
|
|
|
|
######################################################
|
|
# Learn Linux TV example
|
|
######################################################
|
|
# - name: users | root | create config directories
|
|
# file:
|
|
# path: /root/{{ item.dir }}
|
|
# state: directory
|
|
# owner: root
|
|
# group: root
|
|
# mode: 0700
|
|
# with_items:
|
|
# - {dir: '.vim'}
|
|
# - {dir: '.vim/colors'}
|
|
# tags: dotfiles
|
|
|
|
# - name: users | root | copy dotfiles
|
|
# copy:
|
|
# src: users/root/{{ item.src }}
|
|
# dest: /root/{{ item.dest }}
|
|
# owner: root
|
|
# group: root
|
|
# mode: 0600
|
|
# with_items:
|
|
# - {src: 'bash/bashrc', dest: '.bashrc'}
|
|
# - {src: 'bash/bash_profile', dest: '.bash_profile'}
|
|
# - {src: 'bash/profile', dest: '.profile'}
|
|
# - {src: 'tmux/tmux.conf', dest: '.tmux.conf'}
|
|
# - {src: 'vim/vimrc', dest: '.vimrc'}
|
|
# - {src: 'zsh/zshrc', dest: '.zshrc'}
|
|
# tags: dotfiles
|