mbess/monakhos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Activity

fix: organization customize

Browse source
This commit is contained in:
Matthieu Bessat 2024-07-10 11:06:57 +02:00
parent 3f391f0ba5
commit af0ee2691a
5 changed files with 71 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
ansible/roles/dns/tasks/main.yaml
View file

@ -31,12 +31,16 @@
state: started state: started
enabled: true enabled: true
- name: Create unbound configs dir
file:
state: directory
path: "/etc/unbound/config.d"
# copy from dots file to the /etc/unbound/config.d the additonal config enabled # copy from dots file to the /etc/unbound/config.d the additonal config enabled
- name: Setup additonal namespaces config - name: Setup additonal profile config
when: unbound_profiles is defined when: organization is defined and "unbound" in organization_customize
become: true become: true
copy: copy:
src: "{{ home }}/.dots/config/unbound/profiles/{{ item }}.conf" src: "{{ home }}/.dots/profiles/{{ organization }}/configs/unbound.conf"
dest: "/etc/unbound/config.d/{{ item }}.conf" dest: "/etc/unbound/config.d/{{ organization }}.conf"
with_items: "{{ unbound_profiles }}"

41
ansible/roles/ssh/tasks/main.yaml Normal file
View file

@ -0,0 +1,41 @@
- name: Setup ssh dir
file:
path: "{{ home }}/.ssh"
state: directory
recurse: true
owner: "{{ user }}"
- name: Copy pre-generated ssh keys
when: "not target_is_real"
block:
- copy:
src: ./vm_files/remote_key
dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519"
mode: u=rw,g=,o=
- copy:
src: ./vm_files/remote_key.pub
dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519.pub"
mode: u=rw,g=,o=
- name: Config git
template:
src: ssh_config
dest: "{{ home }}/.ssh/config"
owner: "{{ user }}"
mode: u=rw,g=,o=
- name: Load known hosts
template:
src: known_hosts
dest: "{{ home }}/.ssh/known_hosts"
owner: "{{ user }}"
mode: u=rw,g=,o=
- name: Load organization profile
when: organization is defined and "ssh" in organization_customize
become: true
copy:
src: "{{ home }}/.dots/profiles/{{ organization }}/configs/ssh"
dest: "{{ home }}/.ssh/profiles/{{ organization }}"
template:

3
ansible/templates/ssh_config
View file

@ -1,3 +1,6 @@
# include all profiles, important to do this first
Include "~/.ssh/profiles/*"
IdentityFile "~/.ssh/{{ device_name }}_perso_generic_ed25519" IdentityFile "~/.ssh/{{ device_name }}_perso_generic_ed25519"
Host forge.lefuturiste.fr Host forge.lefuturiste.fr

37
ansible/workstation.yaml
View file

@ -79,13 +79,6 @@
hostname: hostname:
name: "{{ device_name }}" name: "{{ device_name }}"
- name: Setup ssh dir
file:
path: "{{ home }}/.ssh"
state: directory
recurse: true
owner: "{{ user }}"
- name: Update pacman repo - name: Update pacman repo
become: true become: true
community.general.pacman: community.general.pacman:
@ -100,6 +93,10 @@
- git - git
- openssh - openssh
- name: Setup SSH client
include_role:
name: ssh
- name: Init pacman keyring - name: Init pacman keyring
become: true become: true
# complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date) # complicated shit follow, to run or not this part depending on if we need to update the pacman key (expiration date)
@ -120,32 +117,6 @@
- shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux" - shell: "rm -rf /etc/pacman.d/gnupg && pacman-key --init && pacman-key --populate archlinux"
- shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state" - shell: "mkdir -p {{ home }}/.cache/monakhos; echo -n $(date --iso-8601=d) > {{ home }}/.cache/monakhos/pacman_key_state"
- name: Copy pre-generated ssh keys
when: "not target_is_real"
block:
- copy:
src: ./vm_files/remote_key
dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519"
mode: u=rw,g=,o=
- copy:
src: ./vm_files/remote_key.pub
dest: "{{ home }}/.ssh/{{ device_name }}_generic_ed25519.pub"
mode: u=rw,g=,o=
- name: Config git
template:
src: ssh_config
dest: "{{ home }}/.ssh/config"
owner: "{{ user }}"
mode: u=rw,g=,o=
- name: Load known hosts
template:
src: known_hosts
dest: "{{ home }}/.ssh/known_hosts"
owner: "{{ user }}"
mode: u=rw,g=,o=
# INSTALL from YAML # INSTALL from YAML
- name: Install packages from YAML files (excluding AUR) - name: Install packages from YAML files (excluding AUR)
become: true become: true

15
target/example_host/vars.yaml
View file

@ -1,4 +1,17 @@
device_name: example_host
user: mbess user: mbess
device_name: somehost
profile: pro
target_is_real: true target_is_real: true
organization: companyA
openfortivpn_profiles:
- name: companyA
p:
host: 43.54.65.76
port: 443
username: user
password: XXX
trusted_cert: XXXXX
organization_customize:
- ssh
- unbound