diff options
Diffstat (limited to 'roles/whawty/auth/store/tasks')
-rw-r--r-- | roles/whawty/auth/store/tasks/main.yml | 30 | ||||
-rw-r--r-- | roles/whawty/auth/store/tasks/sync-client.yml | 42 | ||||
-rw-r--r-- | roles/whawty/auth/store/tasks/sync-server.yml | 5 |
3 files changed, 77 insertions, 0 deletions
diff --git a/roles/whawty/auth/store/tasks/main.yml b/roles/whawty/auth/store/tasks/main.yml new file mode 100644 index 00000000..72fc61b4 --- /dev/null +++ b/roles/whawty/auth/store/tasks/main.yml @@ -0,0 +1,30 @@ +--- +- name: install rsync + apt: + name: rsync + state: present + +- name: make sure config directory exists + file: + path: /etc/whawty/auth/ + state: directory + +- name: create store base directory + file: + path: "{{ whawty_auth_store.config.basedir }}" + state: directory + mode: "{{ whawty_auth_store.permissions['dir-mode'] | default(omit) }}" + owner: "{{ whawty_auth_store.permissions.owner | default(omit) }}" + group: "{{ whawty_auth_store.permissions.group | default(omit) }}" + +- name: generate store config file + copy: + content: "{{ whawty_auth_store.config | to_nice_yaml(indent=2) }}" + dest: "/etc/whawty/auth/store-{{ whawty_auth_store.name }}.yml" + mode: "{{ whawty_auth_store.permissions['file-mode'] | default(omit) }}" + owner: "{{ whawty_auth_store.permissions.owner | default(omit) }}" + group: "{{ whawty_auth_store.permissions.group | default(omit) }}" + +- name: configure sync + when: "'sync' in whawty_auth_store" + include_tasks: "sync-{{ whawty_auth_store.sync.type }}.yml" diff --git a/roles/whawty/auth/store/tasks/sync-client.yml b/roles/whawty/auth/store/tasks/sync-client.yml new file mode 100644 index 00000000..106e347b --- /dev/null +++ b/roles/whawty/auth/store/tasks/sync-client.yml @@ -0,0 +1,42 @@ +--- +- name: make sure sync client config directory exists + file: + path: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync" + state: directory + +- name: generate ssh config for whawty-auth store sync client + copy: + content: | + Host whawty-auth-server + Hostname {{ whawty_auth_store.sync.hostname }} + {% if 'port' in whawty_auth_store.sync %} + Port {{ whawty_auth_store.sync.port }} + {% endif %} + User {{ whawty_auth_store.sync.user }} + IdentityFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519 + IdentitiesOnly yes + UserKnownHostsFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts + dest: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/ssh_config" + +- name: generate ssh keypair for sync client + openssh_keypair: + path: /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519 + type: ed25519 + comment: "whawty-auth-sync-{{ whawty_auth_store.name }}@{{ inventory_hostname }}" + +## TODO: known-hosts file... + +- name: install systemd units for whawty-auth store sync client + loop: + - service + - timer + template: + src: "systemd.{{ item }}.j2" + dest: "/etc/systemd/system/whawty-auth-store-sync-{{ whawty_auth_store.name }}.{{ item }}" + +- name: make sure whawty-auth store sync client timer is enabled and started + systemd: + daemon_reload: yes + name: "whawty-auth-store-sync-{{ whawty_auth_store.name }}.timer" + state: started + enabled: yes diff --git a/roles/whawty/auth/store/tasks/sync-server.yml b/roles/whawty/auth/store/tasks/sync-server.yml new file mode 100644 index 00000000..c4d7442f --- /dev/null +++ b/roles/whawty/auth/store/tasks/sync-server.yml @@ -0,0 +1,5 @@ +--- +## TODO: implement this +- name: sync server not yet implemented + fail: + msg: "whawty-store sync server is not yet implemented!" |