Update tags and fix backup keys to var

This commit is contained in:
Joshua Boniface 2021-05-27 12:28:48 -04:00 committed by Joshua Boniface
parent cae8cfc4cb
commit 9deee94332
2 changed files with 88 additions and 29 deletions

View File

@ -570,54 +570,69 @@
file: file:
state: directory state: directory
dest: /var/home dest: /var/home
tags: users tags:
- users
# root # root
- name: generate Root password hash - name: generate Root password hash
command: "mkpasswd --method=sha512crypt {{ root_password }}" command: "mkpasswd --method=sha512crypt {{ root_password }}"
no_log: true no_log: true
register: mkpasswd register: mkpasswd
tags: users tags:
- users
- user-root
- name: set Root password - name: set Root password
user: user:
name: root name: root
password: "{{ mkpasswd.stdout }}" password: "{{ mkpasswd.stdout }}"
tags: users tags:
- users
- user-root
- name: remove Root known_hosts - name: remove Root known_hosts
file: file:
state: absent state: absent
dest: /root/.ssh/known_hosts dest: /root/.ssh/known_hosts
tags: users tags:
- users
- user-root
- name: write vimrc to root homedir - name: write vimrc to root homedir
template: template:
src: var/home/user/vimrc.j2 src: var/home/user/vimrc.j2
dest: /root/.vimrc dest: /root/.vimrc
mode: 0600 mode: 0600
tags: users tags:
- users
- user-root
- name: create vimdir - name: create vimdir
file: file:
state: directory state: directory
dest: /root/.vim dest: /root/.vim
mode: 0700 mode: 0700
tags: users tags:
- users
- user-root
- name: write htoprc to homedir - name: write htoprc to homedir
template: template:
src: var/home/user/config/htop/htoprc.j2 src: var/home/user/config/htop/htoprc.j2
dest: /root/.htoprc dest: /root/.htoprc
mode: 0600 mode: 0600
tags: users tags:
- users
- user-root
# backup # backup
- name: ensure backup user has shell - name: ensure backup user has shell
user: user:
name: backup name: backup
shell: /bin/sh shell: /bin/sh
tags: users tags:
- users
- user-backup
- name: create backup .ssh directory - name: create backup .ssh directory
file: file:
@ -626,7 +641,9 @@
owner: backup owner: backup
group: root group: root
mode: 0700 mode: 0700
tags: users tags:
- users
- user-backup
- name: create backup authorized_keys file - name: create backup authorized_keys file
template: template:
@ -635,27 +652,35 @@
owner: backup owner: backup
group: root group: root
mode: 0640 mode: 0640
tags: users tags:
- users
- user-backup
- name: write the sudoers file - name: write the sudoers file
template: template:
src: etc/sudoers.d/sudoers-backup.j2 src: etc/sudoers.d/sudoers-backup.j2
dest: /etc/sudoers.d/backup dest: /etc/sudoers.d/backup
tags: users tags:
- users
- user-backup
- name: install the post-backup timestamp script - name: install the post-backup timestamp script
template: template:
src: var/backups/timestamp.sh.j2 src: var/backups/timestamp.sh.j2
dest: /var/backups/timestamp.sh dest: /var/backups/timestamp.sh
mode: 0755 mode: 0755
tags: users tags:
- users
- user-backup
- name: touch shares file - name: touch shares file
file: file:
dest: /var/backups/shares dest: /var/backups/shares
state: touch state: touch
owner: backup owner: backup
tags: users tags:
- users
- user-backup
# deploy # deploy
- name: ensure user deploy exists - name: ensure user deploy exists
@ -669,7 +694,9 @@
move_home: yes move_home: yes
state: present state: present
append: yes append: yes
tags: users tags:
- users
- user-deploy
- name: ensure homedir has right permissions - name: ensure homedir has right permissions
file: file:
@ -678,7 +705,9 @@
owner: "{{ deploy_username }}" owner: "{{ deploy_username }}"
group: operator group: operator
mode: 0700 mode: 0700
tags: users tags:
- users
- user-deploy
- name: ensure .ssh directory exists - name: ensure .ssh directory exists
file: file:
@ -687,7 +716,9 @@
owner: "{{ deploy_username }}" owner: "{{ deploy_username }}"
group: operator group: operator
mode: 0700 mode: 0700
tags: users tags:
- users
- user-deploy
- name: add authorized keys - name: add authorized keys
authorized_key: authorized_key:
@ -696,7 +727,9 @@
with_subelements: with_subelements:
- "{{ admin_users }}" - "{{ admin_users }}"
- keys - keys
tags: users tags:
- users
- user-deploy
# admin_users # admin_users
- name: ensure user exists - name: ensure user exists
@ -711,7 +744,9 @@
state: present state: present
append: yes append: yes
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
- name: ensure homedir has right permissions - name: ensure homedir has right permissions
file: file:
@ -721,7 +756,9 @@
group: operator group: operator
mode: 0700 mode: 0700
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
- name: ensure .ssh directory exists - name: ensure .ssh directory exists
file: file:
@ -731,7 +768,9 @@
group: operator group: operator
mode: 0700 mode: 0700
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
- name: add authorized keys - name: add authorized keys
authorized_key: authorized_key:
@ -740,7 +779,9 @@
with_subelements: with_subelements:
- "{{ admin_users }}" - "{{ admin_users }}"
- keys - keys
tags: users tags:
- users
- user-admin
- name: write bashrc to homedir - name: write bashrc to homedir
template: template:
@ -750,7 +791,9 @@
group: operator group: operator
mode: 0700 mode: 0700
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
- name: write bash_logout to homedir - name: write bash_logout to homedir
template: template:
@ -760,7 +803,9 @@
group: operator group: operator
mode: 0700 mode: 0700
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
- name: ensure htop config directory exists - name: ensure htop config directory exists
file: file:
@ -770,7 +815,9 @@
group: operator group: operator
mode: 0755 mode: 0755
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
- name: write htoprc to homedir - name: write htoprc to homedir
template: template:
@ -780,7 +827,9 @@
group: operator group: operator
mode: 0644 mode: 0644
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
- name: write profile to homedir - name: write profile to homedir
template: template:
@ -790,7 +839,9 @@
group: operator group: operator
mode: 0700 mode: 0700
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
- name: write vimrc to homedir - name: write vimrc to homedir
template: template:
@ -800,7 +851,9 @@
group: operator group: operator
mode: 0600 mode: 0600
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
- name: create vimdir - name: create vimdir
file: file:
@ -810,7 +863,9 @@
group: operator group: operator
mode: 0700 mode: 0700
with_items: "{{ admin_users }}" with_items: "{{ admin_users }}"
tags: users tags:
- users
- user-admin
# #
# Verify and enable services # Verify and enable services

View File

@ -1,4 +1,8 @@
# backup user authorized_keys # backup user authorized_keys
# {{ ansible_managed }} # {{ ansible_managed }}
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnndMxkLF+Trm7Zpo59daJbH6C6SbInl8f1PAizxtUkWg8skP5EXkUc0eguos+5o6BG1VL0c8SWBnl4smvZL075l2wC3+cJeDUIyxC6aue6vualFMPj5p0h4gJWrX+L5r1b1hxnR3r5Mqx7/2W9K35/u3M6TPnRXn0XjGN93j8dsywfDOuU4xH+w0INM4iNeEne4l2SEAVA0Sm7nGNss4X18iwjnxyKgqUB+HtG2WHyEPr/Uv5OiEC+4n4LvkMRMpupx33U5ZH7pgyfFKJJsIObBf4nC4xUUZyCG2FlHiWzX0Ua9xxwz9OJIeqlwfYsLFrHEbPS5KpAXukEjshKGY1 backuppc@base.bonilan.net {% if backup_keys is defined %}
{% for key in backup_keys %}
{{ key }}
{% endfor %}
{% endif %}