# HG changeset patch # User Meredith Howard # Date 1498262691 14400 # Node ID 8b0c09efbb5b7bf17376a8c22f7bbc149c4a6a6f # Parent 33181d87b14973f300121373bed6702daa2c01de add bootstrap role diff --git a/public_keys/ansible b/public_keys/ansible new file mode 100644 --- /dev/null +++ b/public_keys/ansible @@ -0,0 +1,1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABkACoN3BYAJHB1DYvHRWC/JNPiqXW/mQnu6pZfbBKLEwyYwYqaFk1t9AH3e4fzoiE2YQ2CCQRz8u6KSEEyTjyJvbcrxCBMSgpZxyOP/dCKvDuIz1rx5hrOVAB6NxFaJgBzNdAxnwny0iPf7DEkeNKvSoiGLTWB5kOz3eoOtwBLHTVPF3OFpiYOyAbI+3biRqPGn8wwBeeY658UktFIInee7okHt0bIyA7y6p0AKVyTjybm7BEZsUOkfZLjRH6dmJ3WX30umS/q2ToHI9aKmGsh9xi0TkrCYN0t08PnNu/f7708dCj5LjClhhvcXNiAGyO2EMdYzLVY4RMoVtB3tXVlW+TsjZvvsCl9uHnMGEk2W7WzGziXC9ftgQWr8+y3QBgoRB3TBUmpDHWbSUXVwg7f7ll8JXpA1dDYXFBdoGG7yC2/Nv9gyiSbxYjo0ypXi9wZ0fmhVI0gaYJSUmwcF+EyaYltrHFWCc77hQR+tIIEpl8z5c/7GG3QqWL2WklrmSXno6aHMbpyx6XGuhOFBNAmus= control_id@20170623 diff --git a/roles/user/defaults/main.yml b/roles/bootstrap/defaults/main.yml rename from roles/user/defaults/main.yml rename to roles/bootstrap/defaults/main.yml diff --git a/roles/user/tasks/disable-stock.yml b/roles/bootstrap/tasks/disable-stock.yml rename from roles/user/tasks/disable-stock.yml rename to roles/bootstrap/tasks/disable-stock.yml --- a/roles/user/tasks/disable-stock.yml +++ b/roles/bootstrap/tasks/disable-stock.yml @@ -1,6 +1,5 @@ --- - -- name: Disable stock users +- name: "Bootstrap: Disable stock users" shell: usermod -e 1 {{item}} ignore_errors: true with_items: diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml new file mode 100644 --- /dev/null +++ b/roles/bootstrap/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: "Bootstrap: Ansible control user" + user: + name: ansible + comment: "Ansible Controller" + home: /var/lib/ansible + createhome: true + append: true + system: true + state: present + +- name: "Bootstrap : ansible pubkeys" + authorized_key: + manage_dir: true + user: ansible + key: "{{item}}" + with_file: + - 'public_keys/ansible' + +- name: "Bootstrap : ansible sudo" + lineinfile: + dest: /etc/sudoers + state: present + regexp: '^ansible' + line: 'ansible ALL=(ALL) NOPASSWD: ALL' + validate: 'visudo -cf "%s"' + +- include: disable-stock.yml + when: disable_stock_users diff --git a/roles/devbox/meta/main.yml b/roles/devbox/meta/main.yml --- a/roles/devbox/meta/main.yml +++ b/roles/devbox/meta/main.yml @@ -1,4 +1,5 @@ --- dependencies: + - bootstrap - repositories - sudo diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -68,6 +68,3 @@ changed_when: homedir_setup.stdout | match("Updating|Cloning") failed_when: homedir_setup.rc != 0 tags: user, dotfiles - -- include: disable-stock.yml - when: disable_stock_users