A service to replicate and serve requests for site configurations based on site ID, public IP, and the on-site lead contact's OTP.
Revisión | 08a67b57b10d407a22b0a6e7287069e5461f5595 (tree) |
---|---|
Tiempo | 2021-10-14 22:43:50 |
Autor | S. Seago <sseago-dev@proj...> |
Commiter | S. Seago |
Move ansible content to a more appropriate place
@@ -0,0 +1,25 @@ | ||
1 | +- name: Update current packages | |
2 | + ansible.builtin.apt: | |
3 | + update_cache: yes | |
4 | + cache_valid_time: 1800 | |
5 | + name: "*" | |
6 | + state: latest | |
7 | + fail_on_autoremove: yes | |
8 | + | |
9 | +- name: Make sure the automation group exists | |
10 | + ansible.builtin.user: | |
11 | + name: {{ automation_user }} | |
12 | + state: presents | |
13 | + gid: 2520 | |
14 | + | |
15 | +- name: Make sure the automation user exists | |
16 | + ansible.builtin.user: | |
17 | + name: {{ automation_user }} | |
18 | + comment: Project Celadon Automation User | |
19 | + uid: 2520 | |
20 | + state: present | |
21 | + group: {{ automation_user }} | |
22 | + create_home: yes | |
23 | + shell: /bin/bash | |
24 | + generate_ssh_key: yes | |
25 | + |
@@ -0,0 +1,21 @@ | ||
1 | +--- | |
2 | +- name: Remove existing Resolve section | |
3 | + replace: | |
4 | + path: /etc/systemd/resolved.conf | |
5 | + regexp: '^\[Resolve\][^[]+' | |
6 | + replace: '' | |
7 | + backup: yes | |
8 | + | |
9 | +- name: Set external DNS on base system to 9.9.9.9 | |
10 | + community.general.ini_file: | |
11 | + path: /etc/systemd/resolved.conf | |
12 | + section: Resolve | |
13 | + option: DNS | |
14 | + value: 9.9.9.9 | |
15 | + | |
16 | +- name: Disable DNS Stub Listener | |
17 | + community.general.ini_file: | |
18 | + path: /etc/systemd/resolved.conf | |
19 | + section: Resolve | |
20 | + option: DNSStubListener | |
21 | + value: no | |
\ No newline at end of file |
@@ -0,0 +1,12 @@ | ||
1 | +--- | |
2 | +- hosts: manifest | |
3 | + become: true | |
4 | + tasks: | |
5 | + - name: Import common role | |
6 | + import: common | |
7 | + | |
8 | + - name: Import sudo role | |
9 | + import: sudo | |
10 | + | |
11 | + - name: Import dns role | |
12 | + import: dns | |
\ No newline at end of file |
@@ -0,0 +1,1 @@ | ||
1 | +celadon-admin ALL=(ALL) NOPASSWD:ALL | |
\ No newline at end of file |
@@ -0,0 +1,15 @@ | ||
1 | +- name: Copy SSH key for automation user | |
2 | + tags: always,users,"automation user" | |
3 | + authorized_key: | |
4 | + user: "{{ automation_user }}" | |
5 | + state: present | |
6 | + key: "{{ key_path }}" | |
7 | + register: copy_ssh_key | |
8 | + | |
9 | +- name: Enable sudo without password for automation user | |
10 | + tags: always,users,"automation user" | |
11 | + copy: | |
12 | + src: ansible_sudoer | |
13 | + dest: /etc/sudoers.d/"{{ automation_user }}" | |
14 | + owner: root | |
15 | + group: root | |
\ No newline at end of file |
@@ -0,0 +1,3 @@ | ||
1 | +automation_user: celadon-robot | |
2 | +automation_pass: {{ garbage }} | |
3 | +key_path: ~/.ssh/id_ed25519.pub | |
\ No newline at end of file |
@@ -1,25 +0,0 @@ | ||
1 | -- name: Update current packages | |
2 | - ansible.builtin.apt: | |
3 | - update_cache: yes | |
4 | - cache_valid_time: 1800 | |
5 | - name: "*" | |
6 | - state: latest | |
7 | - fail_on_autoremove: yes | |
8 | - | |
9 | -- name: Make sure the automation group exists | |
10 | - ansible.builtin.user: | |
11 | - name: {{ automation_user }} | |
12 | - state: presents | |
13 | - gid: 2520 | |
14 | - | |
15 | -- name: Make sure the automation user exists | |
16 | - ansible.builtin.user: | |
17 | - name: {{ automation_user }} | |
18 | - comment: Project Celadon Automation User | |
19 | - uid: 2520 | |
20 | - state: present | |
21 | - group: {{ automation_user }} | |
22 | - create_home: yes | |
23 | - shell: /bin/bash | |
24 | - generate_ssh_key: yes | |
25 | - |
@@ -1,21 +0,0 @@ | ||
1 | ---- | |
2 | -- name: Remove existing Resolve section | |
3 | - replace: | |
4 | - path: /etc/systemd/resolved.conf | |
5 | - regexp: '^\[Resolve\][^[]+' | |
6 | - replace: '' | |
7 | - backup: yes | |
8 | - | |
9 | -- name: Set external DNS on base system to 9.9.9.9 | |
10 | - community.general.ini_file: | |
11 | - path: /etc/systemd/resolved.conf | |
12 | - section: Resolve | |
13 | - option: DNS | |
14 | - value: 9.9.9.9 | |
15 | - | |
16 | -- name: Disable DNS Stub Listener | |
17 | - community.general.ini_file: | |
18 | - path: /etc/systemd/resolved.conf | |
19 | - section: Resolve | |
20 | - option: DNSStubListener | |
21 | - value: no | |
\ No newline at end of file |
@@ -1,12 +0,0 @@ | ||
1 | ---- | |
2 | -- hosts: manifest | |
3 | - become: true | |
4 | - tasks: | |
5 | - - name: Import common role | |
6 | - import: common | |
7 | - | |
8 | - - name: Import sudo role | |
9 | - import: sudo | |
10 | - | |
11 | - - name: Import dns role | |
12 | - import: dns | |
\ No newline at end of file |
@@ -1,1 +0,0 @@ | ||
1 | -celadon-admin ALL=(ALL) NOPASSWD:ALL | |
\ No newline at end of file |
@@ -1,15 +0,0 @@ | ||
1 | -- name: Copy SSH key for automation user | |
2 | - tags: always,users,"automation user" | |
3 | - authorized_key: | |
4 | - user: "{{ automation_user }}" | |
5 | - state: present | |
6 | - key: "{{ key_path }}" | |
7 | - register: copy_ssh_key | |
8 | - | |
9 | -- name: Enable sudo without password for automation user | |
10 | - tags: always,users,"automation user" | |
11 | - copy: | |
12 | - src: ansible_sudoer | |
13 | - dest: /etc/sudoers.d/"{{ automation_user }}" | |
14 | - owner: root | |
15 | - group: root | |
\ No newline at end of file |
@@ -1,3 +0,0 @@ | ||
1 | -automation_user: celadon-robot | |
2 | -automation_pass: {{ garbage }} | |
3 | -key_path: ~/.ssh/id_ed25519.pub | |
\ No newline at end of file |