From 13804dc388ccd7e8b8344de5fbbcf52395565297 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 24 Jan 2024 00:34:32 +0100 Subject: whawty/auth/store role mostly done --- roles/whawty/auth/store/tasks/sync-client.yml | 42 +++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 roles/whawty/auth/store/tasks/sync-client.yml (limited to 'roles/whawty/auth/store/tasks/sync-client.yml') diff --git a/roles/whawty/auth/store/tasks/sync-client.yml b/roles/whawty/auth/store/tasks/sync-client.yml new file mode 100644 index 00000000..106e347b --- /dev/null +++ b/roles/whawty/auth/store/tasks/sync-client.yml @@ -0,0 +1,42 @@ +--- +- name: make sure sync client config directory exists + file: + path: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync" + state: directory + +- name: generate ssh config for whawty-auth store sync client + copy: + content: | + Host whawty-auth-server + Hostname {{ whawty_auth_store.sync.hostname }} + {% if 'port' in whawty_auth_store.sync %} + Port {{ whawty_auth_store.sync.port }} + {% endif %} + User {{ whawty_auth_store.sync.user }} + IdentityFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519 + IdentitiesOnly yes + UserKnownHostsFile /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/known_hosts + dest: "/etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/ssh_config" + +- name: generate ssh keypair for sync client + openssh_keypair: + path: /etc/whawty/auth/.store-{{ whawty_auth_store.name }}-sync/id_ed25519 + type: ed25519 + comment: "whawty-auth-sync-{{ whawty_auth_store.name }}@{{ inventory_hostname }}" + +## TODO: known-hosts file... + +- name: install systemd units for whawty-auth store sync client + loop: + - service + - timer + template: + src: "systemd.{{ item }}.j2" + dest: "/etc/systemd/system/whawty-auth-store-sync-{{ whawty_auth_store.name }}.{{ item }}" + +- name: make sure whawty-auth store sync client timer is enabled and started + systemd: + daemon_reload: yes + name: "whawty-auth-store-sync-{{ whawty_auth_store.name }}.timer" + state: started + enabled: yes -- cgit v1.2.3