diff --git a/tasks/user_cfg/apt.yml b/tasks/user_cfg/apt.yml new file mode 100644 index 0000000000000000000000000000000000000000..e76e8ba5a11ca36b85304897d9f3c902eb0929b1 --- /dev/null +++ b/tasks/user_cfg/apt.yml @@ -0,0 +1,23 @@ +--- +- remote_user: root + + tasks: + - name: Remove snap packages + when: snap_uninstall_pkg is defined + community.general.snap: + name: "{{ snap_uninstall_pkg }}" + state: absent + + - name: SIGNAL | add key to keyring + when: inventory_hostname in groups.station + ansible.builtin.apt_key: + url: https://updates.signal.org/desktop/apt/keys.asc + keyring: /usr/share/keyrings/signal-desktop-keyring.gpg + state: present + + - name: SIGNAL | add apt repository + when: inventory_hostname in groups.station + ansible.builtin.apt_repository: + filename: signal-desktop + repo: deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main + state: present diff --git a/tasks/apt.yml b/tasks/user_cfg/apt_restriced.yml similarity index 70% rename from tasks/apt.yml rename to tasks/user_cfg/apt_restriced.yml index db3180157b87ce182596b565a2352a767bbe7b90..4522c55910dcc9462a1f4719f39ad05b8d96eeae 100644 --- a/tasks/apt.yml +++ b/tasks/user_cfg/apt_restriced.yml @@ -1,9 +1,8 @@ ---- -- hosts: "{{ host_list }}" - remote_user: root +- remote_user: "{{ my_user }}" + become_user: root + become_method: sudo tasks: - - name: INCLUDE_VARS | base ansible.builtin.include_vars: "main.yml" @@ -18,12 +17,6 @@ when: "'mate' in group_names" ansible.builtin.include_vars: "Mate.yml" - - name: Remove snap packages - when: snap_uninstall_pkg is defined - community.general.snap: - name: "{{ snap_uninstall_pkg }}" - state: absent - - name: APT | install base & os packages ansible.builtin.apt: cache_valid_time: 3600 @@ -32,20 +25,6 @@ state: present update_cache: true - - name: SIGNAL | add key to keyring - when: inventory_hostname in groups.station - ansible.builtin.apt_key: - url: https://updates.signal.org/desktop/apt/keys.asc - keyring: /usr/share/keyrings/signal-desktop-keyring.gpg - state: present - - - name: SIGNAL | add apt repository - when: inventory_hostname in groups.station - ansible.builtin.apt_repository: - filename: signal-desktop - repo: deb [arch=amd64 signed-by=/usr/share/keyrings/signal-desktop-keyring.gpg] https://updates.signal.org/desktop/apt xenial main - state: present - - name: APT | install workstation packages when: inventory_hostname in groups.station ansible.builtin.apt: diff --git a/tasks/user_cfg/main.yml b/tasks/user_cfg/main.yml index f3f9265aca373272afe744a81866bab970fe2dab..b11fbb8be3a248a033db212f5b594fdee098a613 100644 --- a/tasks/user_cfg/main.yml +++ b/tasks/user_cfg/main.yml @@ -1,12 +1,16 @@ --- - hosts: "{{ host_list }}" - become_user: "{{ my_user }}" - become_method: su - remote_user: root tasks: + - name: IMPORT_TASKS | APT_RESTRICTED + ansible.builtin.import_tasks: apt_restricted.yml + + - name: IMPORT_TASKS | APT + ansible.builtin.import_tasks: apt.yml + when: inventory_hostname not in groups.restricted - name: "IMPORT_TASKS | root" + when: inventory_hostname not in groups.restricted ansible.builtin.import_tasks: root.yml - name: "IMPORT_TASKS | {{ my_user }}" diff --git a/tasks/user_cfg/my_user.yml b/tasks/user_cfg/my_user.yml index 3e0354b5cc6363f74697e1aeebd5a3ec4b722426..1df3ea3ba6428fad399769e53b34c476b438939f 100644 --- a/tasks/user_cfg/my_user.yml +++ b/tasks/user_cfg/my_user.yml @@ -1,30 +1,32 @@ --- - name: MY USER | dotfiles - become: yes ansible.builtin.copy: src: "{{ item }}" dest: "/home/{{ my_user }}/.{{ item | basename }}" mode: 0640 owner: "{{ my_user }}" - group: "{{ my_user }}" with_fileglob: files/dotfiles/* loop_control: label: "{{ item | basename }}" - name: MY USER | ssh config - become: yes ansible.builtin.template: dest: "/home/{{ my_user }}/.ssh/config" src: templates/ssh_config.j2 mode: 0640 +- name: "MY USER | Local public key is present for {{ my_user }}" + ansible.builtin.authorized_key: + comment: "Managed by Ansible" + key: https://gitlab.com/free_zed.keys + state: present + user: "{{ my_user }}" + - name: MY USER | git directory presence - become: yes when: inventory_hostname in groups.station ansible.builtin.file: - group: "{{ my_user }}" mode: '0750' owner: "{{ my_user }}" path: "/home/{{ my_user }}/git" @@ -35,7 +37,6 @@ ansible.builtin.include_vars: "vars/git.yml" - name: MY USER | clone git repos - become: yes when: inventory_hostname in groups.station ansible.builtin.git: dest: "/home/{{ my_user }}/git/{{ item.local_name }}" @@ -48,21 +49,17 @@ label: "{{ item.local_name }}" - name: MY USER | osm cache dir presence - become: yes when: inventory_hostname in groups.station ansible.builtin.file: - group: "{{ my_user }}" mode: '0750' owner: "{{ my_user }}" path: "/home/{{ my_user }}/.osm-tiles/" state: directory - name: MY USER | gps prune config - become: yes when: inventory_hostname in groups.station ansible.builtin.template: src: templates/pruneconfig.j2 dest: "/home/{{ my_user }}/.pruneconfig" owner: "{{ my_user }}" - group: "{{ my_user }}" mode: '0640' diff --git a/tasks/user_cfg/root.yml b/tasks/user_cfg/root.yml index d55dca4ec86c0a8063e99f2bb8159c0e47ed4b31..eb830f9d41eab5106fdba70bd5c5f4882a0ef531 100644 --- a/tasks/user_cfg/root.yml +++ b/tasks/user_cfg/root.yml @@ -1,21 +1,28 @@ --- +- remote_user: root -- name: ROOT | dotfiles - become: no - ansible.builtin.copy: - src: "{{ item }}" - dest: "/root/.{{ item | basename }}" - mode: 0640 - owner: root - group: root - with_fileglob: - files/dotfiles/* - loop_control: - label: "{{ item | basename }}" + tasks: + - name: ROOT | dotfiles + ansible.builtin.copy: + src: "{{ item }}" + dest: "/root/.{{ item | basename }}" + mode: 0640 + owner: root + group: root + with_fileglob: + files/dotfiles/* + loop_control: + label: "{{ item | basename }}" -- name: ROOT | set zsh for shell - become: no - ansible.builtin.user: - name: root - shell: /bin/zsh - state: present +- - name: ROOT | set zsh for shell + ansible.builtin.user: + name: root + shell: /bin/zsh + state: present + + - name: "ROOT | Local public key is present for root" + ansible.builtin.authorized_key: + comment: "Managed by Ansible" + key: https://gitlab.com/free_zed.keys + state: present + user: root