From c9742fe2e5f8513381e0498f50e8030097ea0af4 Mon Sep 17 00:00:00 2001 From: "Joshua M. Boniface" Date: Fri, 1 Sep 2023 15:42:25 -0400 Subject: [PATCH] Update tags and fix backup keys to var --- roles/base/tasks/main.yml | 111 +++++++++++++----- .../var/backups/ssh/authorized_keys.j2 | 6 +- 2 files changed, 88 insertions(+), 29 deletions(-) diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml index acc16a5..0206223 100644 --- a/roles/base/tasks/main.yml +++ b/roles/base/tasks/main.yml @@ -570,54 +570,69 @@ file: state: directory dest: /var/home - tags: users + tags: + - users # root - name: generate Root password hash command: "mkpasswd --method=sha512crypt {{ root_password }}" no_log: true register: mkpasswd - tags: users + tags: + - users + - user-root - name: set Root password user: name: root password: "{{ mkpasswd.stdout }}" - tags: users + tags: + - users + - user-root - name: remove Root known_hosts file: state: absent dest: /root/.ssh/known_hosts - tags: users + tags: + - users + - user-root - name: write vimrc to root homedir template: src: var/home/user/vimrc.j2 dest: /root/.vimrc mode: 0600 - tags: users + tags: + - users + - user-root - name: create vimdir file: state: directory dest: /root/.vim mode: 0700 - tags: users + tags: + - users + - user-root - name: write htoprc to homedir template: src: var/home/user/config/htop/htoprc.j2 dest: /root/.htoprc mode: 0600 - tags: users + tags: + - users + - user-root # backup - name: ensure backup user has shell user: name: backup shell: /bin/sh - tags: users + tags: + - users + - user-backup - name: create backup .ssh directory file: @@ -626,7 +641,9 @@ owner: backup group: root mode: 0700 - tags: users + tags: + - users + - user-backup - name: create backup authorized_keys file template: @@ -635,27 +652,35 @@ owner: backup group: root mode: 0640 - tags: users + tags: + - users + - user-backup - name: write the sudoers file template: src: etc/sudoers.d/sudoers-backup.j2 dest: /etc/sudoers.d/backup - tags: users + tags: + - users + - user-backup - name: install the post-backup timestamp script template: src: var/backups/timestamp.sh.j2 dest: /var/backups/timestamp.sh mode: 0755 - tags: users + tags: + - users + - user-backup - name: touch shares file file: dest: /var/backups/shares state: touch owner: backup - tags: users + tags: + - users + - user-backup # deploy - name: ensure user deploy exists @@ -669,7 +694,9 @@ move_home: yes state: present append: yes - tags: users + tags: + - users + - user-deploy - name: ensure homedir has right permissions file: @@ -678,7 +705,9 @@ owner: "{{ deploy_username }}" group: operator mode: 0700 - tags: users + tags: + - users + - user-deploy - name: ensure .ssh directory exists file: @@ -687,7 +716,9 @@ owner: "{{ deploy_username }}" group: operator mode: 0700 - tags: users + tags: + - users + - user-deploy - name: add authorized keys authorized_key: @@ -696,7 +727,9 @@ with_subelements: - "{{ admin_users }}" - keys - tags: users + tags: + - users + - user-deploy # admin_users - name: ensure user exists @@ -711,7 +744,9 @@ state: present append: yes with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin - name: ensure homedir has right permissions file: @@ -721,7 +756,9 @@ group: operator mode: 0700 with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin - name: ensure .ssh directory exists file: @@ -731,7 +768,9 @@ group: operator mode: 0700 with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin - name: add authorized keys authorized_key: @@ -740,7 +779,9 @@ with_subelements: - "{{ admin_users }}" - keys - tags: users + tags: + - users + - user-admin - name: write bashrc to homedir template: @@ -750,7 +791,9 @@ group: operator mode: 0700 with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin - name: write bash_logout to homedir template: @@ -760,7 +803,9 @@ group: operator mode: 0700 with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin - name: ensure htop config directory exists file: @@ -770,7 +815,9 @@ group: operator mode: 0755 with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin - name: write htoprc to homedir template: @@ -780,7 +827,9 @@ group: operator mode: 0644 with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin - name: write profile to homedir template: @@ -790,7 +839,9 @@ group: operator mode: 0700 with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin - name: write vimrc to homedir template: @@ -800,7 +851,9 @@ group: operator mode: 0600 with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin - name: create vimdir file: @@ -810,7 +863,9 @@ group: operator mode: 0700 with_items: "{{ admin_users }}" - tags: users + tags: + - users + - user-admin # # Verify and enable services diff --git a/roles/base/templates/var/backups/ssh/authorized_keys.j2 b/roles/base/templates/var/backups/ssh/authorized_keys.j2 index 80c426f..5919c71 100644 --- a/roles/base/templates/var/backups/ssh/authorized_keys.j2 +++ b/roles/base/templates/var/backups/ssh/authorized_keys.j2 @@ -1,4 +1,8 @@ # backup user authorized_keys # {{ ansible_managed }} -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCnndMxkLF+Trm7Zpo59daJbH6C6SbInl8f1PAizxtUkWg8skP5EXkUc0eguos+5o6BG1VL0c8SWBnl4smvZL075l2wC3+cJeDUIyxC6aue6vualFMPj5p0h4gJWrX+L5r1b1hxnR3r5Mqx7/2W9K35/u3M6TPnRXn0XjGN93j8dsywfDOuU4xH+w0INM4iNeEne4l2SEAVA0Sm7nGNss4X18iwjnxyKgqUB+HtG2WHyEPr/Uv5OiEC+4n4LvkMRMpupx33U5ZH7pgyfFKJJsIObBf4nC4xUUZyCG2FlHiWzX0Ua9xxwz9OJIeqlwfYsLFrHEbPS5KpAXukEjshKGY1 backuppc@base.bonilan.net +{% if backup_keys is defined %} +{% for key in backup_keys %} +{{ key }} +{% endfor %} +{% endif %}