mbess/monakhos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity

feat(ssh): known hosts from profile

Browse source 
refactored to use enabled_profiles var
This commit is contained in:
Matthieu Bessat 2024-07-16 20:37:20 +02:00
parent f09b114cfe
commit 9dc0dbc514
3 changed files with 38 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
ansible/roles/ssh/tasks/main.yaml
View file

@ -24,15 +24,29 @@
owner: "{{ user }}" owner: "{{ user }}"
mode: u=rw,g=,o= mode: u=rw,g=,o=
- name: Load known hosts - name: Create temporary build directory
template: ansible.builtin.tempfile:
src: known_hosts state: directory
dest: "{{ home }}/.ssh/known_hosts" suffix: ssh_known_hosts
owner: "{{ user }}" register: tempdir_known_hosts
mode: u=rw,g=,o=
- name: Load organization profile - name: Load known hosts from profiles
when: organization is defined and "ssh" in organization_customize template:
copy: # load from controller host
src: "{{ home }}/.dots/profiles/{{ organization }}/configs/ssh" src: "{{ home }}/.dots/profiles/{{ item.name }}/configs/ssh/known_hosts"
dest: "{{ home }}/.ssh/profiles/{{ organization }}" dest: "{{ tempdir_known_hosts.path }}/{{ item.name }}"
with_items: "{{ enabled_profiles }}"
- name: Concat known hosts
template:
src: ssh/known_hosts
dest: "{{ home }}/.ssh/known_hosts"
vars:
tempdir_known_hosts: "{{ tempdir_known_hosts }}"
- name: Load ssh config of profiles
template:
src: "{{ home }}/.dots/profiles/{{ item.name }}/configs/ssh/config"
dest: "{{ home }}/.ssh/profiles/{{ item.name }}"
mode: u=rw,g=,o=
with_items: "{{ enabled_profiles }}"

6
ansible/templates/ssh/known_hosts Normal file
View file

@ -0,0 +1,6 @@
# Auto-generated known hosts file, try to **not** edit this file
{% for enabled_profile in enabled_profiles %}
# {{ enabled_profile.name }}
{{ lookup('file', tempdir_known_hosts.path + '/' + enabled_profile.name) }}
{% endfor %}

14
ansible/workstation.yaml
View file

@ -225,7 +225,7 @@
- name: Setup user units - name: Setup user units
loop: "{{ systemd_services.user }}" loop: "{{ systemd_services.user }}"
when: "item.from is not defined and (item.profile == 'all' or item.profile == profile)" when: "item.from is not defined and (item.profile == 'all' or item.profile in enabled_profiles)"
template: template:
src: "systemd/user/{{ item.name }}.service" src: "systemd/user/{{ item.name }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
@ -234,7 +234,7 @@
- name: Setup user unit with from - name: Setup user unit with from
loop: "{{ systemd_services.user }}" loop: "{{ systemd_services.user }}"
when: "item.from is defined and (item.profile == 'all' or item.profile == profile)" when: "item.from is defined and (item.profile == 'all' or item.profile in enabled_profiles)"
template: template:
src: "systemd/user/{{ item.from }}.service" src: "systemd/user/{{ item.from }}.service"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.service"
@ -243,7 +243,7 @@
- name: Setup user timers - name: Setup user timers
loop: "{{ systemd_services.user }}" loop: "{{ systemd_services.user }}"
when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile == profile)" when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)"
template: template:
src: "systemd/user/{{ item.name }}.timer" src: "systemd/user/{{ item.name }}.timer"
dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer" dest: "{{ home }}/.config/systemd/user/{{ item.name }}.timer"
@ -259,7 +259,7 @@
enabled: true enabled: true
- name: Enable some systemd user timers - name: Enable some systemd user timers
when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile == profile)" when: "item.timer is defined and item.timer and (item.profile == 'all' or item.profile in enabled_profiles)"
loop: "{{ systemd_services.user }}" loop: "{{ systemd_services.user }}"
systemd_service: systemd_service:
scope: user scope: user
@ -273,7 +273,7 @@
path: "{{ home }}/.mnt/{{ item }}" path: "{{ home }}/.mnt/{{ item }}"
state: directory state: directory
recurse: true recurse: true
when: "profile == 'perso'" when: "'perso' in enabled_profiles"
loop: loop:
- srv06/warmd/mbess - srv06/warmd/mbess
- srv06/coldd/mbess - srv06/coldd/mbess
@ -335,7 +335,7 @@
ansible.builtin.git: ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/books-sources.git" repo: "git@forge.lefuturiste.fr:mbess/books-sources.git"
dest: /home/mbess/workspace/books_sources dest: /home/mbess/workspace/books_sources
when: "profile == 'perso'" when: "'perso' in enabled_profiles"
- name: Clone snippets space - name: Clone snippets space
ansible.builtin.git: ansible.builtin.git:
repo: "git@forge.lefuturiste.fr:mbess/snippets.git" repo: "git@forge.lefuturiste.fr:mbess/snippets.git"
@ -349,7 +349,7 @@
state: link state: link
- name: Setup OpenFortiVPN - name: Setup OpenFortiVPN
when: 'profile == "pro"' when: '"pro" in enabled_profiles'
include_role: include_role:
name: openfortivpn name: openfortivpn