~xenrox/ansible

1d15030d9d6b8ac9c899725823bff8afd2475fdf — Thorben Günther 4 months ago 61f8805
CI: Deploy to fenrir as well
M .build.yml => .build.yml +2 -1
@@ 33,9 33,10 @@ tasks:
      terraform validate
  - deploy: |
      mkdir -p ~/.ssh
      cp ansible/ssh_host_keys/xenrox.net ~/.ssh/known_hosts
      cat ansible/ssh_host_keys/* > ~/.ssh/known_hosts
      set +x
      . ~/.vault-secret
      set -x
      cd ansible
      ansible-playbook playbooks/avalon.yml
      ansible-playbook playbooks/fenrir.yml

M host_vars/fenrir.xenrox.net/vars.yml => host_vars/fenrir.xenrox.net/vars.yml +1 -0
@@ 1,2 1,3 @@
---
ci_deploy_target: true
wireguard_address: 10.0.0.2

M host_vars/xenrox.net/vars.yml => host_vars/xenrox.net/vars.yml +1 -0
@@ 11,6 11,7 @@ wireguard_address: 10.0.0.1
wireguard_vpn_subnet: 10.200.200.0/24

borg_user: u272193-sub1
ci_deploy_target: true
croc_relay: true
hostname: avalon.xenrox.net
srht: true

A roles/xenrox/defaults/main.yml => roles/xenrox/defaults/main.yml +5 -0
@@ 0,0 1,5 @@
---
# Set to true for hosts whose playbooks are executed in the CI/CD pipeline
ci_deploy_target: false
ssh_pubkeys:
  - yubikey.pub

M roles/xenrox/tasks/main.yml => roles/xenrox/tasks/main.yml +5 -0
@@ 30,6 30,11 @@
    append: true
    groups: wheel

- name: Add SSH public key for auto-deployment
  ansible.builtin.set_fact:
    ssh_pubkeys: "{{ ssh_pubkeys + ['xenrox_ansible.pub'] }}"
  when: ci_deploy_target

- name: Read SSH public keys
  ansible.builtin.set_fact:
    authorized_keys: "{% for key in ssh_pubkeys %}{{ lookup('file', '../public_keys/' + key) }}\n{% endfor %}"

M roles/xenrox/vars/main.yml => roles/xenrox/vars/main.yml +0 -3
@@ 2,6 2,3 @@
xenrox_packages:
  - sudo
  - zsh
ssh_pubkeys:
  - yubikey.pub
  - xenrox_ansible.pub

A ssh_host_keys/fenrir.xenrox.net => ssh_host_keys/fenrir.xenrox.net +3 -0
@@ 0,0 1,3 @@
|1|QGqxZIv4cwqGFwz9PBgLPs9H0q8=|dWoffkwu/W93jbJ3EOJAxATsewk= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC9lJag/d2MAwaJekn2JzCzrxN1v8ynA3rVDQ8sZHn1j8KwXssKiFW73FtQoaRyB6WbUYVaSX5dQrvhXT9uMryMBMsgaHdEo/fo2XJhISCnV/l5kev/EeE0HGvJ/z4/4ycqR3TsquRsM222T8PEinjEZnBQmFfRJ8EuWTavay4ZxRlstANZNX9C/+VeWZ28X5zIZuSOYlvTZ5HgP0jD36bJr0UAO7mWM9IOH+2atkHCiOeqVwM5rP4ivG38SVHI85EGK3km8jQZU95VOCDfDqm385CkWC8Pt7KPWtixLYMumoTge9poXXKCsHVBYtln6PtgUemprkcGBlD+AHiFf7u7nYSTHzltUbNzt66Bd5uOG1OGkBKiGOjwhcTxTax4PbxJTYFa6EXU3USwpPeksMzrzEc/Cd1oV+NGZJaewzbm645QafBb4Q1y+Z+b4GYb+XkDFpFK0ZsLH+hd88iEbFqr27Qeh81+DoZr5aLxoNfXgC/YxVHkVmrnZMdJPWEl5mE=
|1|Ogun8TkKreYuq3sv7DhRgr1Rw00=|9N/OfmAFjHscOheR7NjMFRNQCdM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPmyWL1JinEe8Q5Yqeum2y+eHl7vR7sm49M4UQE5yt7OK0wSP62skHRRtQ1V8ZOs3a9XGQEE3ZJRFrg6HxlVK/k=
|1|2nTX7USL6SKppJr0/gRrE8SxKgI=|MRXp77R0eatNHHbrc6VNfZvcUQk= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlShdpi8OGC/9u9t6ODBkBCke71Z5JVcRg09xwV1CDE