Update tags and fix backup keys to var
This commit is contained in:
parent
cae8cfc4cb
commit
9deee94332
|
@ -570,54 +570,69 @@
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
dest: /var/home
|
dest: /var/home
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
|
||||||
# root
|
# root
|
||||||
- name: generate Root password hash
|
- name: generate Root password hash
|
||||||
command: "mkpasswd --method=sha512crypt {{ root_password }}"
|
command: "mkpasswd --method=sha512crypt {{ root_password }}"
|
||||||
no_log: true
|
no_log: true
|
||||||
register: mkpasswd
|
register: mkpasswd
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-root
|
||||||
|
|
||||||
- name: set Root password
|
- name: set Root password
|
||||||
user:
|
user:
|
||||||
name: root
|
name: root
|
||||||
password: "{{ mkpasswd.stdout }}"
|
password: "{{ mkpasswd.stdout }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-root
|
||||||
|
|
||||||
- name: remove Root known_hosts
|
- name: remove Root known_hosts
|
||||||
file:
|
file:
|
||||||
state: absent
|
state: absent
|
||||||
dest: /root/.ssh/known_hosts
|
dest: /root/.ssh/known_hosts
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-root
|
||||||
|
|
||||||
- name: write vimrc to root homedir
|
- name: write vimrc to root homedir
|
||||||
template:
|
template:
|
||||||
src: var/home/user/vimrc.j2
|
src: var/home/user/vimrc.j2
|
||||||
dest: /root/.vimrc
|
dest: /root/.vimrc
|
||||||
mode: 0600
|
mode: 0600
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-root
|
||||||
|
|
||||||
- name: create vimdir
|
- name: create vimdir
|
||||||
file:
|
file:
|
||||||
state: directory
|
state: directory
|
||||||
dest: /root/.vim
|
dest: /root/.vim
|
||||||
mode: 0700
|
mode: 0700
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-root
|
||||||
|
|
||||||
- name: write htoprc to homedir
|
- name: write htoprc to homedir
|
||||||
template:
|
template:
|
||||||
src: var/home/user/config/htop/htoprc.j2
|
src: var/home/user/config/htop/htoprc.j2
|
||||||
dest: /root/.htoprc
|
dest: /root/.htoprc
|
||||||
mode: 0600
|
mode: 0600
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-root
|
||||||
|
|
||||||
# backup
|
# backup
|
||||||
- name: ensure backup user has shell
|
- name: ensure backup user has shell
|
||||||
user:
|
user:
|
||||||
name: backup
|
name: backup
|
||||||
shell: /bin/sh
|
shell: /bin/sh
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-backup
|
||||||
|
|
||||||
- name: create backup .ssh directory
|
- name: create backup .ssh directory
|
||||||
file:
|
file:
|
||||||
|
@ -626,7 +641,9 @@
|
||||||
owner: backup
|
owner: backup
|
||||||
group: root
|
group: root
|
||||||
mode: 0700
|
mode: 0700
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-backup
|
||||||
|
|
||||||
- name: create backup authorized_keys file
|
- name: create backup authorized_keys file
|
||||||
template:
|
template:
|
||||||
|
@ -635,27 +652,35 @@
|
||||||
owner: backup
|
owner: backup
|
||||||
group: root
|
group: root
|
||||||
mode: 0640
|
mode: 0640
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-backup
|
||||||
|
|
||||||
- name: write the sudoers file
|
- name: write the sudoers file
|
||||||
template:
|
template:
|
||||||
src: etc/sudoers.d/sudoers-backup.j2
|
src: etc/sudoers.d/sudoers-backup.j2
|
||||||
dest: /etc/sudoers.d/backup
|
dest: /etc/sudoers.d/backup
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-backup
|
||||||
|
|
||||||
- name: install the post-backup timestamp script
|
- name: install the post-backup timestamp script
|
||||||
template:
|
template:
|
||||||
src: var/backups/timestamp.sh.j2
|
src: var/backups/timestamp.sh.j2
|
||||||
dest: /var/backups/timestamp.sh
|
dest: /var/backups/timestamp.sh
|
||||||
mode: 0755
|
mode: 0755
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-backup
|
||||||
|
|
||||||
- name: touch shares file
|
- name: touch shares file
|
||||||
file:
|
file:
|
||||||
dest: /var/backups/shares
|
dest: /var/backups/shares
|
||||||
state: touch
|
state: touch
|
||||||
owner: backup
|
owner: backup
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-backup
|
||||||
|
|
||||||
# deploy
|
# deploy
|
||||||
- name: ensure user deploy exists
|
- name: ensure user deploy exists
|
||||||
|
@ -669,7 +694,9 @@
|
||||||
move_home: yes
|
move_home: yes
|
||||||
state: present
|
state: present
|
||||||
append: yes
|
append: yes
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-deploy
|
||||||
|
|
||||||
- name: ensure homedir has right permissions
|
- name: ensure homedir has right permissions
|
||||||
file:
|
file:
|
||||||
|
@ -678,7 +705,9 @@
|
||||||
owner: "{{ deploy_username }}"
|
owner: "{{ deploy_username }}"
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-deploy
|
||||||
|
|
||||||
- name: ensure .ssh directory exists
|
- name: ensure .ssh directory exists
|
||||||
file:
|
file:
|
||||||
|
@ -687,7 +716,9 @@
|
||||||
owner: "{{ deploy_username }}"
|
owner: "{{ deploy_username }}"
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-deploy
|
||||||
|
|
||||||
- name: add authorized keys
|
- name: add authorized keys
|
||||||
authorized_key:
|
authorized_key:
|
||||||
|
@ -696,7 +727,9 @@
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ admin_users }}"
|
- "{{ admin_users }}"
|
||||||
- keys
|
- keys
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-deploy
|
||||||
|
|
||||||
# admin_users
|
# admin_users
|
||||||
- name: ensure user exists
|
- name: ensure user exists
|
||||||
|
@ -711,7 +744,9 @@
|
||||||
state: present
|
state: present
|
||||||
append: yes
|
append: yes
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: ensure homedir has right permissions
|
- name: ensure homedir has right permissions
|
||||||
file:
|
file:
|
||||||
|
@ -721,7 +756,9 @@
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: ensure .ssh directory exists
|
- name: ensure .ssh directory exists
|
||||||
file:
|
file:
|
||||||
|
@ -731,7 +768,9 @@
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: add authorized keys
|
- name: add authorized keys
|
||||||
authorized_key:
|
authorized_key:
|
||||||
|
@ -740,7 +779,9 @@
|
||||||
with_subelements:
|
with_subelements:
|
||||||
- "{{ admin_users }}"
|
- "{{ admin_users }}"
|
||||||
- keys
|
- keys
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: write bashrc to homedir
|
- name: write bashrc to homedir
|
||||||
template:
|
template:
|
||||||
|
@ -750,7 +791,9 @@
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: write bash_logout to homedir
|
- name: write bash_logout to homedir
|
||||||
template:
|
template:
|
||||||
|
@ -760,7 +803,9 @@
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: ensure htop config directory exists
|
- name: ensure htop config directory exists
|
||||||
file:
|
file:
|
||||||
|
@ -770,7 +815,9 @@
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0755
|
mode: 0755
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: write htoprc to homedir
|
- name: write htoprc to homedir
|
||||||
template:
|
template:
|
||||||
|
@ -780,7 +827,9 @@
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0644
|
mode: 0644
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: write profile to homedir
|
- name: write profile to homedir
|
||||||
template:
|
template:
|
||||||
|
@ -790,7 +839,9 @@
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: write vimrc to homedir
|
- name: write vimrc to homedir
|
||||||
template:
|
template:
|
||||||
|
@ -800,7 +851,9 @@
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0600
|
mode: 0600
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
- name: create vimdir
|
- name: create vimdir
|
||||||
file:
|
file:
|
||||||
|
@ -810,7 +863,9 @@
|
||||||
group: operator
|
group: operator
|
||||||
mode: 0700
|
mode: 0700
|
||||||
with_items: "{{ admin_users }}"
|
with_items: "{{ admin_users }}"
|
||||||
tags: users
|
tags:
|
||||||
|
- users
|
||||||
|
- user-admin
|
||||||
|
|
||||||
#
|
#
|
||||||
# Verify and enable services
|
# Verify and enable services
|
||||||
|
|
|
@ -1,4 +1,8 @@
|
||||||
# backup user authorized_keys
|
# backup user authorized_keys
|
||||||
# {{ ansible_managed }}
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnndMxkLF+Trm7Zpo59daJbH6C6SbInl8f1PAizxtUkWg8skP5EXkUc0eguos+5o6BG1VL0c8SWBnl4smvZL075l2wC3+cJeDUIyxC6aue6vualFMPj5p0h4gJWrX+L5r1b1hxnR3r5Mqx7/2W9K35/u3M6TPnRXn0XjGN93j8dsywfDOuU4xH+w0INM4iNeEne4l2SEAVA0Sm7nGNss4X18iwjnxyKgqUB+HtG2WHyEPr/Uv5OiEC+4n4LvkMRMpupx33U5ZH7pgyfFKJJsIObBf4nC4xUUZyCG2FlHiWzX0Ua9xxwz9OJIeqlwfYsLFrHEbPS5KpAXukEjshKGY1 backuppc@base.bonilan.net
|
{% if backup_keys is defined %}
|
||||||
|
{% for key in backup_keys %}
|
||||||
|
{{ key }}
|
||||||
|
{% endfor %}
|
||||||
|
{% endif %}
|
||||||
|
|
Loading…
Reference in New Issue