From 9dc0dbc514a1adb071005e50483932c795901b77 Mon Sep 17 00:00:00 2001 From: Matthieu Bessat Date: Tue, 16 Jul 2024 20:37:20 +0200 Subject: [PATCH] feat(ssh): known hosts from profile refactored to use enabled_profiles var --- ansible/roles/ssh/tasks/main.yaml | 36 +++++++++++++++++++++---------- ansible/templates/ssh/known_hosts | 6 ++++++ ansible/workstation.yaml | 14 ++++++------ 3 files changed, 38 insertions(+), 18 deletions(-) create mode 100644 ansible/templates/ssh/known_hosts diff --git a/ansible/roles/ssh/tasks/main.yaml b/ansible/roles/ssh/tasks/main.yaml index 65f03bd..164d667 100644 --- a/ansible/roles/ssh/tasks/main.yaml +++ b/ansible/roles/ssh/tasks/main.yaml @@ -24,15 +24,29 @@ owner: "{{ user }}" mode: u=rw,g=,o= -- name: Load known hosts - template: - src: known_hosts - dest: "{{ home }}/.ssh/known_hosts" - owner: "{{ user }}" - mode: u=rw,g=,o= +- name: Create temporary build directory + ansible.builtin.tempfile: + state: directory + suffix: ssh_known_hosts + register: tempdir_known_hosts -- name: Load organization profile - when: organization is defined and "ssh" in organization_customize - copy: - src: "{{ home }}/.dots/profiles/{{ organization }}/configs/ssh" - dest: "{{ home }}/.ssh/profiles/{{ organization }}" +- name: Load known hosts from profiles + template: + # load from controller host + src: "{{ home }}/.dots/profiles/{{ item.name }}/configs/ssh/known_hosts" + dest: "{{ tempdir_known_hosts.path }}/{{ item.name }}" + with_items: "{{ enabled_profiles }}" + +- name: Concat known hosts + template: + src: ssh/known_hosts + dest: "{{ home }}/.ssh/known_hosts" + vars: + tempdir_known_hosts: "{{ tempdir_known_hosts }}" + +- name: Load ssh config of profiles + template: + src: "{{ home }}/.dots/profiles/{{ item.name }}/configs/ssh/config" + dest: "{{ home }}/.ssh/profiles/{{ item.name }}" + mode: u=rw,g=,o= + with_items: "{{ enabled_profiles }}" diff --git a/ansible/templates/ssh/known_hosts b/ansible/templates/ssh/known_hosts new file mode 100644 index 0000000..5f7258b --- /dev/null +++ b/ansible/templates/ssh/known_hosts @@ -0,0 +1,6 @@ +# Auto-generated known hosts file, try to **not** edit this file +{% for enabled_profile in enabled_profiles %} +# {{ enabled_profile.name }} +{{ lookup('file', tempdir_known_hosts.path + '/' + enabled_profile.name) }} + +{% endfor %} diff --git a/ansible/workstation.yaml b/ansible/workstation.yaml index e7d85a9..ad84abe 100644 --- a/ansible/workstation.yaml +++ b/ansible/workstation.yaml @@ -225,7 +225,7 @@ - name: Setup user units loop: "{{ systemd_services.user }}" - when: "item.from is not defined and (item.profile == 'all' or item.profile == profile)" + when: "item.from is not defined and (item.profile == 'all' or item.profile in enabled_profiles)" template: src: "systemd/user/{{ item.name }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" @@ -234,7 +234,7 @@ - name: Setup user unit with from loop: "{{ systemd_services.user }}" - when: "item.from is defined and (item.profile == 'all' or item.profile == profile)" + when: "item.from is defined and (item.profile == 'all' or item.profile in enabled_profiles)" template: src: "systemd/user/{{ item.from }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" @@ -243,7 +243,7 @@ - name: Setup user timers loop: "{{ systemd_services.user }}" - when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile == profile)" + when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)" template: src: "systemd/user/{{ item.name }}.timer" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer" @@ -259,7 +259,7 @@ enabled: true - name: Enable some systemd user timers - when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile == profile)" + when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)" loop: "{{ systemd_services.user }}" systemd_service: scope: user @@ -273,7 +273,7 @@ path: "{{ home }}/.mnt/{{ item }}" state: directory recurse: true - when: "profile == 'perso'" + when: "'perso' in enabled_profiles" loop: - srv06/warmd/mbess - srv06/coldd/mbess @@ -335,7 +335,7 @@ ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" dest: /home/mbess/workspace/books_sources - when: "profile == 'perso'" + when: "'perso' in enabled_profiles" - name: Clone snippets space ansible.builtin.git: repo: "git@forge.lefuturiste.fr:mbess/snippets.git" @@ -349,7 +349,7 @@ state: link - name: Setup OpenFortiVPN - when: 'profile == "pro"' + when: '"pro" in enabled_profiles' include_role: name: openfortivpn