~xenrox/ansible

ref: 1d15030d9d6b8ac9c899725823bff8afd2475fdf ansible/roles/xenrox/tasks/main.yml -rw-r--r-- 1.2 KiB
1d15030dThorben Günther CI: Deploy to fenrir as well 2 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
---
- name: Get secrets
  ansible.builtin.set_fact:
    archlinux_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/archlinux') }}"

- name: install xenrox packages
  community.general.pacman:
    name: "{{ xenrox_packages }}"
    state: present

- name: Allow wheel group to use sudo
  ansible.builtin.copy:
    src: override
    dest: /etc/sudoers.d/override
    owner: root
    group: root
    mode: 0440

- name: create user
  ansible.builtin.user:
    name: xenrox
    shell: /bin/zsh
    home: /home/xenrox
    password: "{{ archlinux_secrets['xenrox_password'] | password_hash('sha512', archlinux_secrets['xenrox_hash']) }}"
  no_log: true

- name: add to wheel
  ansible.builtin.user:
    name: xenrox
    append: true
    groups: wheel

- name: Add SSH public key for auto-deployment
  ansible.builtin.set_fact:
    ssh_pubkeys: "{{ ssh_pubkeys + ['xenrox_ansible.pub'] }}"
  when: ci_deploy_target

- name: Read SSH public keys
  ansible.builtin.set_fact:
    authorized_keys: "{% for key in ssh_pubkeys %}{{ lookup('file', '../public_keys/' + key) }}\n{% endfor %}"

- name: deposit ssh pub key
  ansible.posix.authorized_key:
    user: xenrox
    state: present
    exclusive: true
    key: "{{ authorized_keys }}"