Pour tout problème contactez-nous par mail : support@froggit.fr | La FAQ :grey_question: | Rejoignez-nous sur le Chat :speech_balloon:

Skip to content
Snippets Groups Projects
Commit 38001a64 authored by freezed's avatar freezed :mountain:
Browse files

:wrench: USER Improve user config

parent 25b94d1b
No related merge requests found
[physical] [production]
192.168.1.1 node10 ansible_host=192.168.1.10
192.168.1.11 node33 ansible_host=192.168.1.33
[gnome] [staging]
192.168.1.11 node20 ansible_host=192.168.1.20
node44 ansible_host=192.168.1.44
[station]
localhost
node11 ansible_host=192.168.1.11
node22 ansible_host=192.168.1.22
[mate]
192.168.1.2
[virtual] [gnome]
192.168.1.2 node11
192.168.1.22
[server] [mate]
192.168.1.1 node2
192.168.1.2
[workstat] [workstat]
192.168.1.11 node11
[station] [physical:children]
localhost station
192.168.1.11
192.168.1.22 [server:children]
pve
[station:children] [station:children]
gnome gnome
mate mate
workstat workstat
[all:vars]
inventory_fqdn="{{ inventory_hostname }}.local"
ldp_token="<PUT-YOURS-HERE>"
ldp_zone="<PUT-YOURS-HERE>"
my_user="<USERNAME>"
user_shell=/bin/bash
[backup:vars]
backup_user="<BACKUP_USERNAME>"
[pve:vars]
[server:vars] [server:vars]
timezone="UTC"
gateway="<GATEWAY_IP>" gateway="<GATEWAY_IP>"
inventory_fqdn="{{ inventory_hostname }}.domain.tld"
timezone="UTC"
[station:vars] [station:vars]
timezone="Europe/Paris" timezone="Europe/Paris"
[all:vars]
ldp_token="put-yours-here"
ldp_zone="put-yours-here"
...@@ -21,10 +21,12 @@ ...@@ -21,10 +21,12 @@
- name: SUDO | User presence (with groups) - name: SUDO | User presence (with groups)
become: true become: true
ansible.builtin.user: ansible.builtin.user:
append: true
groups: sudo
name: "{{ my_user }}" name: "{{ my_user }}"
shell: "{{ user_shell }}"
state: present state: present
groups: sudo uid: 1000
append: true
- name: SUDO | Reset ansible connection to apply group update - name: SUDO | Reset ansible connection to apply group update
become: true become: true
......
# ############################################# #
# This file is managed by Ansible #
# Manual edition will be overridden #
# https://lab.frogg.it/freezed/ansible-debian #
# ############################################# #
USAGE_FILE=/var/.usage
lsb_release -d | sed 's/Description:/-=VERSION=-\t/g'
echo -e "-=UPTIME=-\t $(uptime)\n"
echo -e "-=WHOisHERE=-\n $(w)\n"
echo -e "\n-=IPs=-\n $(ip -br address|grep UP)\n"
echo -e "-=SCREEN=-\n $(screen -list)"
echo -e "-=DISKSPACE=-"
[[ -n $(zpool list) ]] &> /dev/null && zpool list -o name,size,free,frag,cap,health || df -h -t ext4 --output=source,used,avail,target
echo -e "\n-=USAGE=-"
[[ -e $USAGE_FILE ]] && cat ${USAGE_FILE} || echo "Usage unknown"
#jinja2:lstrip_blocks: True
# ############################################# # # ############################################# #
# SSH config file #
# ~/.ssh/config #
# #
# This file is managed by Ansible # # This file is managed by Ansible #
# Manual edition will be overridden # # Manual edition will be overridden #
# #
# https://lab.frogg.it/freezed/ansible-debian # # https://lab.frogg.it/freezed/ansible-debian #
# #
# ############################################# # # ############################################# #
{% for host in groups['all'] %} # Ensure the remote shell produces no output for non-interactive sessions
Host {{ host }}
User {{ hostvars[host]['my_user'] }}
Hostname {{ hostvars[host]['ansible_host'] }}
Port {{ hostvars[host]['ansible_port'] }}
{% endfor %}
# ############################################# #
# This file is managed by Ansible #
# Manual edition will be overridden #
# https://lab.frogg.it/freezed/ansible-debian #
# ############################################# #
echo "DEBUG: I am .profile"
...@@ -6,7 +6,16 @@ ...@@ -6,7 +6,16 @@
tasks: tasks:
- name: "IMPORT_TASKS | root" - name: USER CONFIG | install zsh
when: inventory_hostname in groups.workstat
ansible.builtin.apt:
cache_valid_time: 3600
force_apt_get: true
pkg: zsh
state: present
update_cache: true
- name: IMPORT_TASKS | root
ansible.builtin.import_tasks: root.yml ansible.builtin.import_tasks: root.yml
- name: "IMPORT_TASKS | {{ my_user }}" - name: "IMPORT_TASKS | {{ my_user }}"
......
--- ---
- name: MY USER | set user
become: true
ansible.builtin.user:
name: "{{ my_user }}"
shell: "{{ user_shell }}"
state: present
uid: 1000
- name: MY USER | dotfiles - name: MY USER | dotfiles
become: yes become: true
ansible.builtin.copy: ansible.builtin.copy:
src: "{{ item }}" src: "{{ item }}"
dest: "/home/{{ my_user }}/.{{ item | basename }}" dest: "/home/{{ my_user }}/.{{ item | basename }}"
...@@ -14,23 +21,43 @@ ...@@ -14,23 +21,43 @@
label: "{{ item | basename }}" label: "{{ item | basename }}"
- name: MY USER | ssh config - name: MY USER | ssh config
become: yes become: true
ansible.builtin.template: ansible.builtin.template:
dest: "/home/{{ my_user }}/.ssh/config" dest: "/home/{{ my_user }}/.ssh/config"
src: templates/ssh_config.j2 src: templates/ssh-config.j2
mode: 0640 mode: 0640
- name: "MY USER | Local public key for {{ my_user }}" - name: "MY USER | authorized_key for «{{ my_user }}»"
become: yes become: true
ansible.builtin.authorized_key: ansible.builtin.authorized_key:
comment: "Managed by Ansible" comment: "Managed by Ansible"
key: https://gitlab.com/free_zed.keys key: https://gitlab.com/free_zed.keys
state: present state: present
user: "{{ my_user }}" user: "{{ my_user }}"
- name: MY USER | git directory presence - name: MY USER | osm cache dir presence
become: yes become: true
when: inventory_hostname in groups.station when: inventory_hostname in groups.station
ansible.builtin.file:
group: "{{ my_user }}"
mode: '0750'
owner: "{{ my_user }}"
path: "/home/{{ my_user }}/.osm-tiles/"
state: directory
- name: MY USER | gps prune config
become: true
when: inventory_hostname in groups.station
ansible.builtin.template:
src: templates/pruneconfig.j2
dest: "/home/{{ my_user }}/.pruneconfig"
owner: "{{ my_user }}"
group: "{{ my_user }}"
mode: '0640'
- name: MY USER | git directory presence
become: true
when: inventory_hostname in groups.workstat
ansible.builtin.file: ansible.builtin.file:
group: "{{ my_user }}" group: "{{ my_user }}"
mode: '0750' mode: '0750'
...@@ -43,34 +70,14 @@ ...@@ -43,34 +70,14 @@
ansible.builtin.include_vars: "vars/git.yml" ansible.builtin.include_vars: "vars/git.yml"
- name: MY USER | clone git repos - name: MY USER | clone git repos
become: yes become: true
when: inventory_hostname in groups.workstat when: inventory_hostname in groups.workstat
ansible.builtin.git: ansible.builtin.git:
dest: "/home/{{ my_user }}/git/{{ item.local_name }}" dest: "/home/{{ my_user }}/git/{{ item.local_name }}"
repo: "{{ item.url_https }}" repo: "{{ item.url_https }}"
remote: "origin" remote: "origin"
update: no update: no
accept_hostkey: yes accept_hostkey: true
with_items: "{{ git_repositories }}" with_items: "{{ git_repositories }}"
loop_control: loop_control:
label: "{{ item.local_name }}" label: "{{ item.local_name }}"
- name: MY USER | osm cache dir presence
become: yes
when: inventory_hostname in groups.station
ansible.builtin.file:
group: "{{ my_user }}"
mode: '0750'
owner: "{{ my_user }}"
path: "/home/{{ my_user }}/.osm-tiles/"
state: directory
- name: MY USER | gps prune config
become: yes
when: inventory_hostname in groups.station
ansible.builtin.template:
src: templates/pruneconfig.j2
dest: "/home/{{ my_user }}/.pruneconfig"
owner: "{{ my_user }}"
group: "{{ my_user }}"
mode: '0640'
--- ---
- name: ROOT | set user
become: no
when: inventory_hostname not in groups.workstat
ansible.builtin.user:
name: root
shell: "{{ user_shell }}"
state: present
- name: ROOT | dotfiles - name: ROOT | dotfiles
become: no become: no
...@@ -13,9 +20,26 @@ ...@@ -13,9 +20,26 @@
loop_control: loop_control:
label: "{{ item | basename }}" label: "{{ item | basename }}"
- name: ROOT | ssh config
when: inventory_hostname not in groups.station
become: no
ansible.builtin.template:
dest: "/root/.ssh/config"
src: templates/ssh-config.j2
mode: 0640
- name: ROOT | local public key
become: no
ansible.builtin.authorized_key:
comment: "Managed by Ansible"
key: https://gitlab.com/free_zed.keys
state: present
user: root
- name: ROOT | set zsh for shell - name: ROOT | set zsh for shell
become: no become: no
when: inventory_hostname in groups.workstat
ansible.builtin.user: ansible.builtin.user:
name: root name: root
shell: /bin/zsh shell: "{{ user_shell }}"
state: present state: present
#jinja2:lstrip_blocks: True
# ############################################# #
# This file is managed by Ansible #
# Manual edition will be overridden #
# https://lab.frogg.it/freezed/ansible-debian #
# ############################################# #
{% if inventory_hostname in groups['station'] or inventory_hostname in groups['backup'] %}
# WAN
{% for host in groups['production'] %}
Host {{ host }}
User {{ hostvars[host]['my_user'] }}
Hostname {{ hostvars[host]['ansible_host'] }}
Port {{ hostvars[host]['ansible_port'] }}
{% endfor %}
{% endif %}
{% if inventory_hostname in groups['station'] or inventory_hostname in groups['production'] %}
# BKP
{% for host in groups['backup'] %}
Host {{ host }}
User {{ hostvars[host]['my_user'] }}
Hostname {{ hostvars[host]['ansible_host'] }}
Port {{ hostvars[host]['ansible_port'] }}
{% endfor %}
{% endif %}
{% if inventory_hostname in groups['station'] %}
# DEV
{% for host in groups['devel'] %}
Host {{ host }}
User {{ hostvars[host]['my_user'] }}
Hostname {{ hostvars[host]['ansible_host'] }}
Port {{ hostvars[host]['ansible_port'] }}
{% endfor %}
# LOCAL
{% for host in groups['station'] %}
Host {{ host }}
User {{ hostvars[host]['my_user'] }}
Hostname {{ hostvars[host]['ansible_host'] }}
Port {{ hostvars[host]['ansible_port'] }}
{% endfor %}
{% endif %}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment