USER Improve user config

38001a64 · freezed · 25b94d1b · 38001a64 · 38001a64 · 38001a64
Commit 38001a64 authored 2 years ago by freezed
--- a/inventory.sample
+++ b/inventory.sample
-[physical]
-192.168.1.1
-192.168.1.11
+[production]
+node10	ansible_host=192.168.1.10
+node33	ansible_host=192.168.1.33

-[gnome]
-192.168.1.11
+[staging]
+node20	ansible_host=192.168.1.20
+node44	ansible_host=192.168.1.44
+
+[station]
+localhost
+node11	ansible_host=192.168.1.11
+node22	ansible_host=192.168.1.22

-[mate]
-192.168.1.2

-[virtual]
-192.168.1.2
-192.168.1.22
+[gnome]
+node11

-[server]
-192.168.1.1
-192.168.1.2
+[mate]
+node2

 [workstat]
-192.168.1.11
+node11

-[station]
-localhost
-192.168.1.11
-192.168.1.22
+[physical:children]
+station
+
+[server:children]
+pve

 [station:children]
 gnome
 mate
 workstat

+
+[all:vars]
+inventory_fqdn="{{ inventory_hostname }}.local"
+ldp_token="<PUT-YOURS-HERE>"
+ldp_zone="<PUT-YOURS-HERE>"
+my_user="<USERNAME>"
+user_shell=/bin/bash
+
+[backup:vars]
+backup_user="<BACKUP_USERNAME>"
+
+[pve:vars]
+
+
 [server:vars]
-timezone="UTC"
 gateway="<GATEWAY_IP>"
+inventory_fqdn="{{ inventory_hostname }}.domain.tld"
+timezone="UTC"

 [station:vars]
 timezone="Europe/Paris"
-
-[all:vars]
-ldp_token="put-yours-here"
-ldp_zone="put-yours-here"
--- a/tasks/become_user_cfg.yml
+++ b/tasks/become_user_cfg.yml
@@ -21,10 +21,12 @@
    - name: SUDO | User presence (with groups)
      become: true
      ansible.builtin.user:
+        append: true
+        groups: sudo
        name: "{{ my_user }}"
+        shell: "{{ user_shell }}"
        state: present
-        groups: sudo
-        append: true
+        uid: 1000

    - name: SUDO | Reset ansible connection to apply group update
      become: true

--- a/tasks/user_cfg/files/dotfiles/bash_login
+++ b/tasks/user_cfg/files/dotfiles/bash_login
+# ############################################# #
+#       This file is managed by Ansible         #
+#       Manual edition will be overridden       #
+#  https://lab.frogg.it/freezed/ansible-debian  #
+# ############################################# #
+
+USAGE_FILE=/var/.usage
+
+lsb_release -d | sed 's/Description:/-=VERSION=-\t/g'
+
+echo -e "-=UPTIME=-\t   $(uptime)\n"
+
+echo -e "-=WHOisHERE=-\n $(w)\n"
+
+echo -e "\n-=IPs=-\n    $(ip -br address|grep UP)\n"
+
+echo -e "-=SCREEN=-\n   $(screen -list)"
+
+echo -e "-=DISKSPACE=-"
+[[ -n $(zpool list) ]] &> /dev/null && zpool list -o name,size,free,frag,cap,health || df -h -t ext4 --output=source,used,avail,target
+
+echo -e "\n-=USAGE=-"
+[[ -e $USAGE_FILE ]] && cat ${USAGE_FILE} || echo "Usage unknown"
--- a/tasks/user_cfg/templates/ssh_config.j2
+++ b/tasks/user_cfg/templates/ssh_config.j2
-#jinja2:lstrip_blocks: True
 # ############################################# #
-#              SSH config file                  #
-#               ~/.ssh/config                   #
-#                                               #
 #       This file is managed by Ansible         #
 #       Manual edition will be overridden       #
-#                                               #
 #  https://lab.frogg.it/freezed/ansible-debian  #
-#                                               #
 # ############################################# #

-{% for host in groups['all']  %}
-Host {{ host }}
-  User {{ hostvars[host]['my_user'] }}
-  Hostname {{ hostvars[host]['ansible_host'] }}
-  Port {{ hostvars[host]['ansible_port'] }}
-
-{% endfor %}
+# Ensure the remote shell produces no output for non-interactive sessions
--- a/tasks/user_cfg/files/dotfiles/profile
+++ b/tasks/user_cfg/files/dotfiles/profile
+# ############################################# #
+#       This file is managed by Ansible         #
+#       Manual edition will be overridden       #
+#  https://lab.frogg.it/freezed/ansible-debian  #
+# ############################################# #
+echo "DEBUG: I am .profile"
--- a/tasks/user_cfg/main.yml
+++ b/tasks/user_cfg/main.yml
@@ -6,7 +6,16 @@

  tasks:

-  - name: "IMPORT_TASKS | root"
+  - name: USER CONFIG | install zsh
+    when: inventory_hostname in groups.workstat
+    ansible.builtin.apt:
+      cache_valid_time: 3600
+      force_apt_get: true
+      pkg: zsh
+      state: present
+      update_cache: true
+
+  - name: IMPORT_TASKS | root
    ansible.builtin.import_tasks: root.yml

  - name: "IMPORT_TASKS | {{ my_user }}"

--- a/tasks/user_cfg/my_user.yml
+++ b/tasks/user_cfg/my_user.yml
 ---
+- name: MY USER | set user
+  become: true
+  ansible.builtin.user:
+    name: "{{ my_user }}"
+    shell: "{{ user_shell }}"
+    state: present
+    uid: 1000

 - name: MY USER | dotfiles
-  become: yes
+  become: true
  ansible.builtin.copy:
    src: "{{ item }}"
    dest: "/home/{{ my_user }}/.{{ item | basename }}"
@@ -14,23 +21,43 @@
    label: "{{ item | basename }}"

 - name: MY USER | ssh config
-  become: yes
+  become: true
  ansible.builtin.template:
    dest: "/home/{{ my_user }}/.ssh/config"
-    src: templates/ssh_config.j2
+    src: templates/ssh-config.j2
    mode: 0640

- name: "MY USER | Local public key for {{ my_user }}"
-  become: yes
+- name: "MY USER | authorized_key for «{{ my_user }}»"
+  become: true
  ansible.builtin.authorized_key:
    comment: "Managed by Ansible"
    key: https://gitlab.com/free_zed.keys
    state: present
    user: "{{ my_user }}"

- name: MY USER | git directory presence
-  become: yes
+- name: MY USER | osm cache dir presence
+  become: true
  when: inventory_hostname in groups.station
+  ansible.builtin.file:
+    group: "{{ my_user }}"
+    mode: '0750'
+    owner: "{{ my_user }}"
+    path: "/home/{{ my_user }}/.osm-tiles/"
+    state: directory
+
+- name: MY USER | gps prune config
+  become: true
+  when: inventory_hostname in groups.station
+  ansible.builtin.template:
+    src: templates/pruneconfig.j2
+    dest: "/home/{{ my_user }}/.pruneconfig"
+    owner: "{{ my_user }}"
+    group: "{{ my_user }}"
+    mode: '0640'
+
+- name: MY USER | git directory presence
+  become: true
+  when: inventory_hostname in groups.workstat
  ansible.builtin.file:
    group: "{{ my_user }}"
    mode: '0750'
@@ -43,34 +70,14 @@
  ansible.builtin.include_vars: "vars/git.yml"

 - name: MY USER | clone git repos
-  become: yes
+  become: true
  when: inventory_hostname in groups.workstat
  ansible.builtin.git:
    dest: "/home/{{ my_user }}/git/{{ item.local_name }}"
    repo:  "{{ item.url_https }}"
    remote: "origin"
    update: no
-    accept_hostkey: yes
+    accept_hostkey: true
  with_items: "{{ git_repositories }}"
  loop_control:
    label: "{{ item.local_name }}"
-
- name: MY USER | osm cache dir presence
-  become: yes
-  when: inventory_hostname in groups.station
-  ansible.builtin.file:
-    group: "{{ my_user }}"
-    mode: '0750'
-    owner: "{{ my_user }}"
-    path: "/home/{{ my_user }}/.osm-tiles/"
-    state: directory
-
- name: MY USER | gps prune config
-  become: yes
-  when: inventory_hostname in groups.station
-  ansible.builtin.template:
-    src: templates/pruneconfig.j2
-    dest: "/home/{{ my_user }}/.pruneconfig"
-    owner: "{{ my_user }}"
-    group: "{{ my_user }}"
-    mode: '0640'
--- a/tasks/user_cfg/root.yml
+++ b/tasks/user_cfg/root.yml
 ---
+- name: ROOT | set user
+  become: no
+  when: inventory_hostname not in groups.workstat
+  ansible.builtin.user:
+    name: root
+    shell: "{{ user_shell }}"
+    state: present

 - name: ROOT | dotfiles
  become: no
@@ -13,9 +20,26 @@
  loop_control:
    label: "{{ item | basename }}"

+- name: ROOT | ssh config
+  when: inventory_hostname not in groups.station
+  become: no
+  ansible.builtin.template:
+    dest: "/root/.ssh/config"
+    src: templates/ssh-config.j2
+    mode: 0640
+
+- name: ROOT | local public key
+  become: no
+  ansible.builtin.authorized_key:
+    comment: "Managed by Ansible"
+    key: https://gitlab.com/free_zed.keys
+    state: present
+    user: root
+
 - name: ROOT | set zsh for shell
  become: no
+  when: inventory_hostname in groups.workstat
  ansible.builtin.user:
    name: root
-    shell: /bin/zsh
+    shell: "{{ user_shell }}"
    state: present
--- a/tasks/user_cfg/templates/ssh-config.j2
+++ b/tasks/user_cfg/templates/ssh-config.j2
+#jinja2:lstrip_blocks: True
+# ############################################# #
+#       This file is managed by Ansible         #
+#       Manual edition will be overridden       #
+#  https://lab.frogg.it/freezed/ansible-debian  #
+# ############################################# #
+
+{% if inventory_hostname in groups['station'] or inventory_hostname in groups['backup'] %}
+# WAN
+    {% for host in groups['production'] %}
+Host {{ host }}
+  User {{ hostvars[host]['my_user'] }}
+  Hostname {{ hostvars[host]['ansible_host'] }}
+  Port {{ hostvars[host]['ansible_port'] }}
+    {% endfor %}
+{% endif %}
+
+{% if inventory_hostname in groups['station'] or inventory_hostname in groups['production'] %}
+# BKP
+    {% for host in groups['backup'] %}
+Host {{ host }}
+  User {{ hostvars[host]['my_user'] }}
+  Hostname {{ hostvars[host]['ansible_host'] }}
+  Port {{ hostvars[host]['ansible_port'] }}
+    {% endfor %}
+{% endif %}
+
+{% if inventory_hostname in groups['station'] %}
+# DEV
+    {% for host in groups['devel'] %}
+Host {{ host }}
+  User {{ hostvars[host]['my_user'] }}
+  Hostname {{ hostvars[host]['ansible_host'] }}
+  Port {{ hostvars[host]['ansible_port'] }}
+    {% endfor %}
+
+# LOCAL
+    {% for host in groups['station'] %}
+Host {{ host }}
+  User {{ hostvars[host]['my_user'] }}
+  Hostname {{ hostvars[host]['ansible_host'] }}
+  Port {{ hostvars[host]['ansible_port'] }}
+    {% endfor %}
+{% endif %}