]> git.somenet.org - root/pub/somesible.git/blob - roles/base/ansible/setup/tasks/main.yml
SomeNet / public repos / root / pub / somesible.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
roles/base/backup/files
[root/pub/somesible.git] / roles / base / ansible / setup / tasks / main.yml
1 #####################################
2 ### someone's ansible provisioner ###
3 #####################################
4 # Part of: https://git.somenet.org/root/pub/somesible.git
5 # 2017-2025 by someone <someone@somenet.org>
6 #
7 # sudo-user for remote provisioning and periodic local provisioning.
8 #
9 ---
10 - name: install sudo
11   apt:
12     pkg:
13     - acl
14     - sudo
15     state: present
16     policy_rc_d: 101
17   tags: "online"
18   ignore_errors: "{{ignore_online_errors | bool}}"
19
20
21 - name: create ansible public-files dir
22   file:
23     path: "/opt/somesible"
24     state: directory
25     mode: 0755
26     owner: "root"
27     group: "root"
28
29
30 - name: create ansible user
31   user:
32     name: "ansible"
33     uid: 609
34     home: "/var/ansible"
35     shell: "/bin/bash"
36     createhome: no
37     system: yes
38     group: "root"
39     state: present
40
41
42 - name: create ansible user's homedir
43   file:
44     path: "/var/ansible"
45     state: directory
46     mode: 0700
47     owner: "ansible"
48     group: "root"
49
50
51 - name: add ansible to sudoers
52   copy:
53     src: "{{item}}"
54     dest: "/etc/sudoers.d/ansible"
55     mode: 0440
56     owner: "root"
57     group: "root"
58     validate: /usr/sbin/visudo -cf %s
59   with_first_found:
60     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sudoers.d.ansible"
61     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sudoers.d.ansible"
62     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sudoers.d.ansible"
63     - "default/sudoers.d.ansible"
64
65
66 - name: override default sudoers file
67   copy:
68     src: "{{item}}"
69     dest: "/etc/sudoers"
70     mode: 0440
71     owner: "root"
72     group: "root"
73     validate: /usr/sbin/visudo -cf %s
74   with_first_found:
75     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/sudoers"
76     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/sudoers"
77     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/sudoers"
78     - "default/sudoers"
79
80
81 - name: set ansible .ssh-dir permissions
82   file:
83     path: "/var/ansible/.ssh"
84     state: directory
85     mode: 0700
86     owner: "ansible"
87     group: "root"
88
89
90 - name: copy authorized_keys
91   copy:
92     src: "{{item}}"
93     dest: "/var/ansible/.ssh/authorized_keys"
94     mode: 0600
95     owner: "ansible"
96     group: "root"
97   with_first_found:
98     - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/authorized_keys"
99     - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/authorized_keys"
100     - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/authorized_keys"
101     - "default/authorized_keys"