diff options
39 files changed, 142 insertions, 57 deletions
diff --git a/chaos-at-home/ch-equinox-ws.yml b/chaos-at-home/ch-equinox-ws.yml index b6f5fd37..981e65fb 100644 --- a/chaos-at-home/ch-equinox-ws.yml +++ b/chaos-at-home/ch-equinox-ws.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: apt-repo/backports - role: apt-repo/spreadspace - role: apt-repo/tor-project diff --git a/chaos-at-home/ch-hroottest-obsd.yml b/chaos-at-home/ch-hroottest-obsd.yml new file mode 100644 index 00000000..de0a051a --- /dev/null +++ b/chaos-at-home/ch-hroottest-obsd.yml @@ -0,0 +1,8 @@ +--- +- name: Basic Setup + hosts: ch-hroottest-obsd + roles: + - role: core/base + - role: core/sshd + - role: core/zsh + - role: core/admin-users diff --git a/chaos-at-home/ch-jump.yml b/chaos-at-home/ch-jump.yml index b097c4ee..a82724d9 100644 --- a/chaos-at-home/ch-jump.yml +++ b/chaos-at-home/ch-jump.yml @@ -6,4 +6,4 @@ - role: core/base - role: core/sshd - role: core/zsh - - role: admin-user + - role: core/admin-users diff --git a/chaos-at-home/ch-keyserver.yml b/chaos-at-home/ch-keyserver.yml index c745ea99..aef2dc1f 100644 --- a/chaos-at-home/ch-keyserver.yml +++ b/chaos-at-home/ch-keyserver.yml @@ -6,4 +6,4 @@ - role: core/base - role: core/sshd - role: core/zsh - - role: admin-user + - role: core/admin-users diff --git a/chaos-at-home/ch-mimas2.yml b/chaos-at-home/ch-mimas2.yml index 90c15fd3..1806361b 100644 --- a/chaos-at-home/ch-mimas2.yml +++ b/chaos-at-home/ch-mimas2.yml @@ -6,7 +6,7 @@ - role: core/base - role: core/sshd - role: core/zsh - - role: admin-user + - role: core/admin-users - role: bind - role: apt-repo/spreadspace - role: acmetool/base diff --git a/chaos-at-home/ch-router-obsd.yml b/chaos-at-home/ch-router-obsd.yml new file mode 100644 index 00000000..12e95989 --- /dev/null +++ b/chaos-at-home/ch-router-obsd.yml @@ -0,0 +1,7 @@ +--- +- name: Basic Setup + hosts: ch-router-obsd + roles: + - role: core/base + - role: core/sshd + - role: core/zsh diff --git a/dan/ele-dione.yml b/dan/ele-dione.yml index 4458fe57..136b2133 100644 --- a/dan/ele-dione.yml +++ b/dan/ele-dione.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: chrony diff --git a/dan/ele-helene.yml b/dan/ele-helene.yml index a363dc4c..c9846212 100644 --- a/dan/ele-helene.yml +++ b/dan/ele-helene.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: chrony post_tasks: diff --git a/dan/ele-media.yml b/dan/ele-media.yml index 3f3130fb..e30294be 100644 --- a/dan/ele-media.yml +++ b/dan/ele-media.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: dyndns/client - role: apt-repo/spreadspace - role: acmetool/base diff --git a/dan/ele-telesto.yml b/dan/ele-telesto.yml index b8e123ff..d16f5fc4 100644 --- a/dan/ele-telesto.yml +++ b/dan/ele-telesto.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: apt-repo/spreadspace - role: ubuntu-ws diff --git a/dan/ele-thetys.yml b/dan/ele-thetys.yml index 5c83b9fb..60e8555e 100644 --- a/dan/ele-thetys.yml +++ b/dan/ele-thetys.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: apt-repo/spreadspace - role: kubernetes/base diff --git a/dan/ele-uhrturm.yml b/dan/ele-uhrturm.yml index 870fc3ec..2baad426 100644 --- a/dan/ele-uhrturm.yml +++ b/dan/ele-uhrturm.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: apt-repo/spreadspace - role: docker diff --git a/dan/sk-2019.yml b/dan/sk-2019.yml index 55648fd6..b5f048e5 100644 --- a/dan/sk-2019.yml +++ b/dan/sk-2019.yml @@ -10,7 +10,7 @@ # - role: core/sshd # - role: core/zsh # - role: core/cpu-microcode - # - role: admin-user + # - role: core/admin-users # - role: cryptdisk # - role: zfs/base # tasks: diff --git a/dan/sk-2019vm.yml b/dan/sk-2019vm.yml index 622556c4..8859a3c2 100644 --- a/dan/sk-2019vm.yml +++ b/dan/sk-2019vm.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: cryptdisk - role: zfs/base - role: apt-repo/spreadspace diff --git a/dan/sk-cloudia.yml b/dan/sk-cloudia.yml index c2df3615..f3a46e7c 100644 --- a/dan/sk-cloudia.yml +++ b/dan/sk-cloudia.yml @@ -10,7 +10,7 @@ # - role: core/sshd # - role: core/zsh # - role: core/cpu-microcode - # - role: admin-user + # - role: core/admin-users # - role: zfs/base # - role: kubernetes/base # - role: kubernetes/standalone diff --git a/dan/sk-tomnext-nc.yml b/dan/sk-tomnext-nc.yml index ee96da7a..326dcf4b 100644 --- a/dan/sk-tomnext-nc.yml +++ b/dan/sk-tomnext-nc.yml @@ -6,7 +6,7 @@ - role: core/base - role: core/sshd - role: core/zsh - - role: admin-user + - role: core/admin-users - role: zfs/base - role: apt-repo/spreadspace - role: zfs/sanoid diff --git a/dan/sk-tomnext.yml b/dan/sk-tomnext.yml index 3e777bab..b6c3b95a 100644 --- a/dan/sk-tomnext.yml +++ b/dan/sk-tomnext.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: cryptdisk - role: zfs/base - role: apt-repo/spreadspace diff --git a/dan/sk-torrent.yml b/dan/sk-torrent.yml index 918eec65..594f9f53 100644 --- a/dan/sk-torrent.yml +++ b/dan/sk-torrent.yml @@ -6,5 +6,5 @@ - role: core/base - role: core/sshd - role: core/zsh - - role: admin-user + - role: core/admin-users - role: skillz/torrent diff --git a/inventory/group_vars/all/users.yml b/inventory/group_vars/all/users.yml index 3d81e8f6..a30f4a0a 100644 --- a/inventory/group_vars/all/users.yml +++ b/inventory/group_vars/all/users.yml @@ -20,10 +20,11 @@ users: - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd1se9DUnMWXjF4a770J4rl6L9zFmNKc7TzN0hsapUS bene@klapprechner +## TODO: fix this! user_passwords: equinox: "{{ vault_equinox_password }}" - dan: "{{ vault_dan_password }}" - brt: "{{ vault_brt_password }}" + # dan: "{{ vault_dan_password }}" + # brt: "{{ vault_brt_password }}" ssh_key_map: diff --git a/inventory/host_vars/ch-hroottest-obsd.yml b/inventory/host_vars/ch-hroottest-obsd.yml new file mode 100644 index 00000000..c8af9fe1 --- /dev/null +++ b/inventory/host_vars/ch-hroottest-obsd.yml @@ -0,0 +1,29 @@ +--- +vm_host: ch-hroottest + +install: + host: "{{ vm_host }}" + mem: 1024 + numcpu: 1 + disks: + primary: /dev/vda + virtio: + vda: + type: zfs + name: root + size: 10g + interfaces: + - bridge: br-public + name: vio0 + autostart: True + +network: + nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" + domain: "{{ host_domain }}" + systemd_link: + interfaces: "{{ install.interfaces }}" + primary: + interface: vio0 + ip: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr(hostvars[vm_host].vm_host.network.bridges.public.offsets[inventory_hostname]) | ipaddr('address') }}" + mask: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('netmask') }}" + gateway: "{{ hostvars[vm_host].vm_host.network.bridges.public.prefix | ipaddr('address') }}" diff --git a/inventory/host_vars/ch-hroottest-vm1.yml b/inventory/host_vars/ch-hroottest-vm1.yml index 53a910e8..ccb3ca92 100644 --- a/inventory/host_vars/ch-hroottest-vm1.yml +++ b/inventory/host_vars/ch-hroottest-vm1.yml @@ -15,7 +15,7 @@ install: interfaces: - bridge: br-public name: primary0 - autostart: True + autostart: True network: nameservers: "{{ hostvars[vm_host].vm_host.network.dns }}" diff --git a/inventory/host_vars/ch-hroottest.yml b/inventory/host_vars/ch-hroottest.yml index e074afbb..080f5306 100644 --- a/inventory/host_vars/ch-hroottest.yml +++ b/inventory/host_vars/ch-hroottest.yml @@ -43,6 +43,7 @@ vm_host: prefix: 192.168.250.254/24 offsets: ch-hroottest-vm1: 100 + ch-hroottest-obsd: 101 nat: yes zfs: default: diff --git a/inventory/hosts.ini b/inventory/hosts.ini index 8e96f240..ad231374 100644 --- a/inventory/hosts.ini +++ b/inventory/hosts.ini @@ -26,6 +26,7 @@ ch-gw-lan host_name=gw-lan ch-jump host_name=jump ansible_port=2342 ansible_host=ch-jump ch-hroottest host_name=hroot-test ch-hroottest-vm1 host_name=hroot-test-vm1 +ch-hroottest-obsd host_name=hroot-test-obsd [chaos-at-home:children] mz-chaos-at-home @@ -225,6 +226,7 @@ chaos-at-home-switches [openbsd] ch-router-obsd +ch-hroottest-obsd [kvmhosts] @@ -258,6 +260,7 @@ ele-mur sk-tomnext-nc sk-tomnext-hp ch-hroottest-vm1 +ch-hroottest-obsd [hroot] sk-2019 @@ -282,6 +285,7 @@ lw-master sk-testvm sk-torrent ch-hroottest-vm1 +ch-hroottest-obsd [hetzner:children] hroot diff --git a/roles/admin-user/tasks/main.yml b/roles/admin-user/tasks/main.yml deleted file mode 100644 index 53eea376..00000000 --- a/roles/admin-user/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: install sudo - apt: - name: sudo - state: present - -- name: add admin users - loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" - loop_control: - label: "{{ item.name }}" - user: - name: "{{ item.name }}" - state: present - password: "{{ item.password }}" - groups: - - sudo - - adm - append: yes - shell: "{{ item.shell | default(omit) }}" - -- name: install ssh keys for admin users - loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" - loop_control: - label: "{{ item.name }}" - authorized_key: - user: "{{ item.name }}" - key: "{{ item.ssh_keys | join('\n') }}" - exclusive: yes diff --git a/roles/core/admin-users/tasks/Debian.yml b/roles/core/admin-users/tasks/Debian.yml new file mode 100644 index 00000000..6d8d6f95 --- /dev/null +++ b/roles/core/admin-users/tasks/Debian.yml @@ -0,0 +1,5 @@ +--- +- name: install sudo + apt: + name: sudo + state: present diff --git a/roles/core/admin-users/tasks/OpenBSD.yml b/roles/core/admin-users/tasks/OpenBSD.yml new file mode 100644 index 00000000..1a04a3d3 --- /dev/null +++ b/roles/core/admin-users/tasks/OpenBSD.yml @@ -0,0 +1,12 @@ +--- +- name: install sudo + openbsd_pkg: + name: sudo-- + state: present + +- name: allow wheel group to use sudo + lineinfile: + regexp: '^#?\s*%wheel(\s+)ALL=\(ALL\) SETENV: ALL$' + line: '%wheel\1ALL=(ALL) SETENV: ALL' + backrefs: yes + dest: /etc/sudoers diff --git a/roles/core/admin-users/tasks/main.yml b/roles/core/admin-users/tasks/main.yml new file mode 100644 index 00000000..c8a4c756 --- /dev/null +++ b/roles/core/admin-users/tasks/main.yml @@ -0,0 +1,37 @@ +--- +- name: load os/distrubtion/version specific variables + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + +- name: load os/distrubtion/version specific tasks + vars: + params: + files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + loop: "{{ q('first_found', params) }}" + loop_control: + loop_var: tasks_file + include_tasks: "{{ tasks_file }}" + +- name: add admin users + loop: "{{ admin_users_group | union(admin_users_host) }}" + user: + name: "{{ item }}" + state: present + password: "{{ user_passwords[item] }}" + groups: "{{ admin_users_groups }}" + append: yes + shell: "{{ users[item].shell | default(admin_users_default_shell) }}" + +- name: install ssh keys for admin users + loop: "{{ admin_users_group | union(admin_users_host) }}" + authorized_key: + user: "{{ item }}" + key: "{{ users[item].ssh | join('\n') }}" + exclusive: yes diff --git a/roles/core/admin-users/vars/Debian.yml b/roles/core/admin-users/vars/Debian.yml new file mode 100644 index 00000000..af8d20ca --- /dev/null +++ b/roles/core/admin-users/vars/Debian.yml @@ -0,0 +1,5 @@ +--- +admin_users_default_shell: /bin/zsh +admin_users_groups: + - sudo + - adm diff --git a/roles/core/admin-users/vars/OpenBSD.yml b/roles/core/admin-users/vars/OpenBSD.yml new file mode 100644 index 00000000..a1d958d6 --- /dev/null +++ b/roles/core/admin-users/vars/OpenBSD.yml @@ -0,0 +1,4 @@ +--- +admin_users_default_shell: /usr/local/bin/zsh +admin_users_groups: + - wheel diff --git a/roles/kubernetes/kubeadm/master/tasks/main.yml b/roles/kubernetes/kubeadm/master/tasks/main.yml index bc238c0a..19037adc 100644 --- a/roles/kubernetes/kubeadm/master/tasks/main.yml +++ b/roles/kubernetes/kubeadm/master/tasks/main.yml @@ -52,7 +52,7 @@ state: link - name: add kubectl completion config for shells - with_items: + loop: - zsh - bash blockinfile: diff --git a/spreadspace/lw-dione.yml b/spreadspace/lw-dione.yml index 2a083fc0..a4058d21 100644 --- a/spreadspace/lw-dione.yml +++ b/spreadspace/lw-dione.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: chrony diff --git a/spreadspace/lw-helene.yml b/spreadspace/lw-helene.yml index da4f42f5..082fc6de 100644 --- a/spreadspace/lw-helene.yml +++ b/spreadspace/lw-helene.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: chrony diff --git a/spreadspace/lw-telesto.yml b/spreadspace/lw-telesto.yml index 1cf4c5c5..f960bef2 100644 --- a/spreadspace/lw-telesto.yml +++ b/spreadspace/lw-telesto.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: apt-repo/spreadspace - role: ubuntu-ws diff --git a/spreadspace/lw-thetys.yml b/spreadspace/lw-thetys.yml index 60159936..4adbb893 100644 --- a/spreadspace/lw-thetys.yml +++ b/spreadspace/lw-thetys.yml @@ -7,7 +7,7 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: apt-repo/spreadspace - role: kubernetes/base diff --git a/spreadspace/s2-calypso.yml b/spreadspace/s2-calypso.yml index a3a11652..a1415af5 100644 --- a/spreadspace/s2-calypso.yml +++ b/spreadspace/s2-calypso.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: apt-repo/spreadspace - role: blackmagic-desktopvideo diff --git a/spreadspace/s2-dione.yml b/spreadspace/s2-dione.yml index 24673474..89b1fcfa 100644 --- a/spreadspace/s2-dione.yml +++ b/spreadspace/s2-dione.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: apt-repo/spreadspace - role: blackmagic-desktopvideo diff --git a/spreadspace/s2-helene.yml b/spreadspace/s2-helene.yml index 64fff1d3..ec8ec11c 100644 --- a/spreadspace/s2-helene.yml +++ b/spreadspace/s2-helene.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: apt-repo/spreadspace - role: blackmagic-desktopvideo diff --git a/spreadspace/s2-telesto.yml b/spreadspace/s2-telesto.yml index 4642422a..c933d7d0 100644 --- a/spreadspace/s2-telesto.yml +++ b/spreadspace/s2-telesto.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: blackmagic-desktopvideo - role: apt-repo/spreadspace diff --git a/spreadspace/s2-thetys.yml b/spreadspace/s2-thetys.yml index 524e2894..780f8f0f 100644 --- a/spreadspace/s2-thetys.yml +++ b/spreadspace/s2-thetys.yml @@ -7,6 +7,6 @@ - role: core/sshd - role: core/zsh - role: core/cpu-microcode - - role: admin-user + - role: core/admin-users - role: apt-repo/spreadspace - role: blackmagic-desktopvideo |