parallelvirtualcluster/pvc-ansible
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Update tags and fix backup keys to var

Browse Source
This commit is contained in:
Joshua Boniface
2021-05-27 12:28:48 -04:00
committed by Joshua Boniface
parent cae8cfc4cb
commit 9deee94332
2 changed files with 88 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

111
roles/base/tasks/main.yml
View File

@@ -570,54 +570,69 @@
file:
state: directory
dest: /var/home
tags: users
tags:
- users
# root
- name: generate Root password hash
command: "mkpasswd --method=sha512crypt {{ root_password }}"
no_log: true
register: mkpasswd
tags: users
tags:
- users
- user-root
- name: set Root password
user:
name: root
password: "{{ mkpasswd.stdout }}"
tags: users
tags:
- users
- user-root
- name: remove Root known_hosts
file:
state: absent
dest: /root/.ssh/known_hosts
tags: users
tags:
- users
- user-root
- name: write vimrc to root homedir
template:
src: var/home/user/vimrc.j2
dest: /root/.vimrc
mode: 0600
tags: users
tags:
- users
- user-root
- name: create vimdir
file:
state: directory
dest: /root/.vim
mode: 0700
tags: users
tags:
- users
- user-root
- name: write htoprc to homedir
template:
src: var/home/user/config/htop/htoprc.j2
dest: /root/.htoprc
mode: 0600
tags: users
tags:
- users
- user-root
# backup
- name: ensure backup user has shell
user:
name: backup
shell: /bin/sh
tags: users
tags:
- users
- user-backup
- name: create backup .ssh directory
file:
@@ -626,7 +641,9 @@
owner: backup
group: root
mode: 0700
tags: users
tags:
- users
- user-backup
- name: create backup authorized_keys file
template:
@@ -635,27 +652,35 @@
owner: backup
group: root
mode: 0640
tags: users
tags:
- users
- user-backup
- name: write the sudoers file
template:
src: etc/sudoers.d/sudoers-backup.j2
dest: /etc/sudoers.d/backup
tags: users
tags:
- users
- user-backup
- name: install the post-backup timestamp script
template:
src: var/backups/timestamp.sh.j2
dest: /var/backups/timestamp.sh
mode: 0755
tags: users
tags:
- users
- user-backup
- name: touch shares file
file:
dest: /var/backups/shares
state: touch
owner: backup
tags: users
tags:
- users
- user-backup
# deploy
- name: ensure user deploy exists
@@ -669,7 +694,9 @@
move_home: yes
state: present
append: yes
tags: users
tags:
- users
- user-deploy
- name: ensure homedir has right permissions
file:
@@ -678,7 +705,9 @@
owner: "{{ deploy_username }}"
group: operator
mode: 0700
tags: users
tags:
- users
- user-deploy
- name: ensure .ssh directory exists
file:
@@ -687,7 +716,9 @@
owner: "{{ deploy_username }}"
group: operator
mode: 0700
tags: users
tags:
- users
- user-deploy
- name: add authorized keys
authorized_key:
@@ -696,7 +727,9 @@
with_subelements:
- "{{ admin_users }}"
- keys
tags: users
tags:
- users
- user-deploy
# admin_users
- name: ensure user exists
@@ -711,7 +744,9 @@
state: present
append: yes
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
- name: ensure homedir has right permissions
file:
@@ -721,7 +756,9 @@
group: operator
mode: 0700
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
- name: ensure .ssh directory exists
file:
@@ -731,7 +768,9 @@
group: operator
mode: 0700
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
- name: add authorized keys
authorized_key:
@@ -740,7 +779,9 @@
with_subelements:
- "{{ admin_users }}"
- keys
tags: users
tags:
- users
- user-admin
- name: write bashrc to homedir
template:
@@ -750,7 +791,9 @@
group: operator
mode: 0700
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
- name: write bash_logout to homedir
template:
@@ -760,7 +803,9 @@
group: operator
mode: 0700
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
- name: ensure htop config directory exists
file:
@@ -770,7 +815,9 @@
group: operator
mode: 0755
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
- name: write htoprc to homedir
template:
@@ -780,7 +827,9 @@
group: operator
mode: 0644
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
- name: write profile to homedir
template:
@@ -790,7 +839,9 @@
group: operator
mode: 0700
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
- name: write vimrc to homedir
template:
@@ -800,7 +851,9 @@
group: operator
mode: 0600
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
- name: create vimdir
file:
@@ -810,7 +863,9 @@
group: operator
mode: 0700
with_items: "{{ admin_users }}"
tags: users
tags:
- users
- user-admin
#
# Verify and enable services

6
roles/base/templates/var/backups/ssh/authorized_keys.j2
View File

@@ -1,4 +1,8 @@
# backup user authorized_keys
# {{ ansible_managed }}
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnndMxkLF+Trm7Zpo59daJbH6C6SbInl8f1PAizxtUkWg8skP5EXkUc0eguos+5o6BG1VL0c8SWBnl4smvZL075l2wC3+cJeDUIyxC6aue6vualFMPj5p0h4gJWrX+L5r1b1hxnR3r5Mqx7/2W9K35/u3M6TPnRXn0XjGN93j8dsywfDOuU4xH+w0INM4iNeEne4l2SEAVA0Sm7nGNss4X18iwjnxyKgqUB+HtG2WHyEPr/Uv5OiEC+4n4LvkMRMpupx33U5ZH7pgyfFKJJsIObBf4nC4xUUZyCG2FlHiWzX0Ua9xxwz9OJIeqlwfYsLFrHEbPS5KpAXukEjshKGY1 backuppc@base.bonilan.net
{% if backup_keys is defined %}
{% for key in backup_keys %}
{{ key }}
{% endfor %}
{% endif %}