~xenrox/ansible

ref: 61f8805f46e3a209e9689af95ff76bc07480b9fe ansible/roles/xenrox/tasks/main.yml -rw-r--r-- 1.1 KiB
61f8805fThorben Günther Move remaining file secrets to vault 2 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
---
- name: Get secrets
  ansible.builtin.set_fact:
    archlinux_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/archlinux') }}"

- name: install xenrox packages
  community.general.pacman:
    name: "{{ xenrox_packages }}"
    state: present

- name: Allow wheel group to use sudo
  ansible.builtin.copy:
    src: override
    dest: /etc/sudoers.d/override
    owner: root
    group: root
    mode: 0440

- name: create user
  ansible.builtin.user:
    name: xenrox
    shell: /bin/zsh
    home: /home/xenrox
    password: "{{ archlinux_secrets['xenrox_password'] | password_hash('sha512', archlinux_secrets['xenrox_hash']) }}"
  no_log: true

- name: add to wheel
  ansible.builtin.user:
    name: xenrox
    append: true
    groups: wheel

- name: Read SSH public keys
  ansible.builtin.set_fact:
    authorized_keys: "{% for key in ssh_pubkeys %}{{ lookup('file', '../public_keys/' + key) }}\n{% endfor %}"

- name: deposit ssh pub key
  ansible.posix.authorized_key:
    user: xenrox
    state: present
    exclusive: true
    key: "{{ authorized_keys }}"