diff --git a/ansible/roles/dns/tasks/main.yaml b/ansible/roles/dns/tasks/main.yaml index 34a631a..7d1babc 100644 --- a/ansible/roles/dns/tasks/main.yaml +++ b/ansible/roles/dns/tasks/main.yaml @@ -31,12 +31,16 @@ state: started enabled: true +- name: Create unbound configs dir + file: + state: directory + path: "/etc/unbound/config.d" + # copy from dots file to the /etc/unbound/config.d the additonal config enabled -- name: Setup additonal namespaces config - when: unbound_profiles is defined +- name: Setup additonal profile config + when: organization is defined and "unbound" in organization_customize become: true copy: - src: "{{ home }}/.dots/config/unbound/profiles/{{ item }}.conf" - dest: "/etc/unbound/config.d/{{ item }}.conf" - with_items: "{{ unbound_profiles }}" + src: "{{ home }}/.dots/profiles/{{ organization }}/configs/unbound.conf" + dest: "/etc/unbound/config.d/{{ organization }}.conf" diff --git a/ansible/roles/ssh/tasks/main.yaml b/ansible/roles/ssh/tasks/main.yaml new file mode 100644 index 0000000..6f4ca62 --- /dev/null +++ b/ansible/roles/ssh/tasks/main.yaml @@ -0,0 +1,41 @@ +- name: Setup ssh dir + file: + path: "{{ home }}/.ssh" + state: directory + recurse: true + owner: "{{ user }}" + +- name: Copy pre-generated ssh keys + when: "not target_is_real" + block: + - copy: + src: ./vm_files/remote_key + dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519" + mode: u=rw,g=,o= + - copy: + src: ./vm_files/remote_key.pub + dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519.pub" + mode: u=rw,g=,o= + +- name: Config git + template: + src: ssh_config + dest: "{{ home }}/.ssh/config" + owner: "{{ user }}" + mode: u=rw,g=,o= + +- name: Load known hosts + template: + src: known_hosts + dest: "{{ home }}/.ssh/known_hosts" + owner: "{{ user }}" + mode: u=rw,g=,o= + +- name: Load organization profile + when: organization is defined and "ssh" in organization_customize + become: true + copy: + src: "{{ home }}/.dots/profiles/{{ organization }}/configs/ssh" + dest: "{{ home }}/.ssh/profiles/{{ organization }}" + + template: diff --git a/ansible/templates/ssh_config b/ansible/templates/ssh_config index 3a16ec7..72bae6a 100644 --- a/ansible/templates/ssh_config +++ b/ansible/templates/ssh_config @@ -1,3 +1,6 @@ +# include all profiles, important to do this first +Include "~/.ssh/profiles/*" + IdentityFile "~/.ssh/{{ device_name }}_perso_generic_ed25519" Host forge.lefuturiste.fr diff --git a/ansible/workstation.yaml b/ansible/workstation.yaml index 504169a..5e702df 100644 --- a/ansible/workstation.yaml +++ b/ansible/workstation.yaml @@ -79,13 +79,6 @@ hostname: name: "{{ device_name }}" - - name: Setup ssh dir - file: - path: "{{ home }}/.ssh" - state: directory - recurse: true - owner: "{{ user }}" - - name: Update pacman repo become: true community.general.pacman: @@ -100,6 +93,10 @@ - git - openssh + - name: Setup SSH client + include_role: + name: ssh + - name: Init pacman keyring become: true # complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date) @@ -120,32 +117,6 @@ - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux" - shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state" - - name: Copy pre-generated ssh keys - when: "not target_is_real" - block: - - copy: - src: ./vm_files/remote_key - dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519" - mode: u=rw,g=,o= - - copy: - src: ./vm_files/remote_key.pub - dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519.pub" - mode: u=rw,g=,o= - - - name: Config git - template: - src: ssh_config - dest: "{{ home }}/.ssh/config" - owner: "{{ user }}" - mode: u=rw,g=,o= - - - name: Load known hosts - template: - src: known_hosts - dest: "{{ home }}/.ssh/known_hosts" - owner: "{{ user }}" - mode: u=rw,g=,o= - # INSTALL from YAML - name: Install packages from YAML files (excluding AUR) become: true diff --git a/target/example_host/vars.yaml b/target/example_host/vars.yaml index 2919df8..e36103c 100644 --- a/target/example_host/vars.yaml +++ b/target/example_host/vars.yaml @@ -1,4 +1,17 @@ -device_name: example_host user: mbess +device_name: somehost +profile: pro target_is_real: true +organization: companyA +openfortivpn_profiles: + - name: companyA + p: + host: 43.54.65.76 + port: 443 + username: user + password: XXX + trusted_cert: XXXXX +organization_customize: + - ssh + - unbound