From 83e27ac758c38ffd9931ef8830e0256e772e5881 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sat, 12 Jan 2019 03:30:30 +0100
Subject: added dyndns client role

---
 roles/dyndns/client/tasks/main.yml | 60 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 roles/dyndns/client/tasks/main.yml

(limited to 'roles/dyndns/client/tasks')

diff --git a/roles/dyndns/client/tasks/main.yml b/roles/dyndns/client/tasks/main.yml
new file mode 100644
index 00000000..81f74936
--- /dev/null
+++ b/roles/dyndns/client/tasks/main.yml
@@ -0,0 +1,60 @@
+---
+- name: create user for dyndns
+  user:
+    name: dyndns
+    home: /var/lib/dyndns
+    system: yes
+    shell: /bin/false
+    generate_ssh_key: yes
+    ssh_key_type: ed25519
+    ssh_key_comment: "dyndns@{{ host_name }}.{{ host_domain }}"
+  register: dyndns_user
+
+- name: install ssh key on server
+  delegate_to: "{{ dyndns_server }}"
+  lineinfile:
+    path: /var/lib/dyndns/.ssh/authorized_keys
+    mode: 0600
+    regexp: 'command="/usr/local/bin/dyndns.py {{ dyndns_client_name }}"'
+    line: 'no-agent-forwarding,no-port-forwarding,no-pty,no-X11-forwarding,no-user-rc,command="/usr/local/bin/dyndns.py {{ dyndns_client_name }}" {{ dyndns_user.ssh_public_key }}'
+
+- name: install ssh config
+  template:
+    src: ssh_config.j2
+    dest: /var/lib/dyndns/.ssh/config
+    owner: dyndns
+    group: dyndns
+
+
+  ## TODO: fix me!!!
+- name: hack to make known_hosts work (1/2)
+  command: "ssh-keyscan -p {{ hostvars[dyndns_server].ansible_port }} {{ hostvars[dyndns_server].host_name }}.{{ hostvars[dyndns_server].host_domain }}"
+  args:
+    creates: /var/lib/dyndns/.ssh/known_hosts
+  changed_when: False
+  check_mode: False
+  register: dyndns_ssh_keyscan
+
+- name: hack to make known_hosts work (1/2)
+  copy:
+    content: "{{ dyndns_ssh_keyscan.stdout }}"
+    dest: /var/lib/dyndns/.ssh/known_hosts
+    owner: dyndns
+    group: dyndns
+   # fix me
+
+
+- name: install systemd uints
+  template:
+    src: "dyndns.{{ item }}.j2"
+    dest: "/etc/systemd/system/dyndns.{{ item }}"
+  with_items:
+    - service
+    - timer
+
+- name: make sure the systemd timer is enabled and running
+  systemd:
+    daemon_reload: yes
+    name: dyndns.timer
+    enabled: yes
+    state: started
-- 
cgit v1.2.3