Mercurial > hg > mhoward > devbox-ansible / changeset
changeset
Move known_hosts stuff to system-wide / remove dotfiles from user role
Wed, 13 Apr 2016 12:36:13 -0400
- author
- Meredith Howard <mhoward@roomag.org>
- date
- Wed, 13 Apr 2016 12:36:13 -0400
- changeset 36
- 745c6a77bf68
- parent 35
- 5da50e754d33
- child 37
- d6d4702712f7
Move known_hosts stuff to system-wide / remove dotfiles from user role
| roles/devbox/tasks/main.yml | file | annotate | diff | comparison | revisions | |
| roles/user/tasks/main.yml | file | annotate | diff | comparison | revisions |
--- a/roles/devbox/tasks/main.yml +++ b/roles/devbox/tasks/main.yml @@ -3,4 +3,20 @@ - include: dist-debian.yml when: ansible_os_family == 'Debian' +- name: "ssh : Ensure known_hosts keys" + lineinfile: + dest: /etc/ssh/ssh_known_hosts + state: present + line: "{{item.value}}" + create: true + mode: 0644 + with_dict: "{{hostkeys}}" + tags: ssh +- name: "ssh : Purge invalid known_hosts keys" + lineinfile: + dest: /etc/ssh/ssh_known_hosts + state: absent + line: "{{item.value}}" + with_dict: "{{hostkeys_removed}}" + tags: ssh
--- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -19,53 +19,3 @@ - public_keys/{{user.name}} tags: user, ssh -- name: "ssh : Ensure known_hosts keys" - become: true - become_user: "{{user.name}}" - lineinfile: - dest: "{{user.home}}/.ssh/known_hosts" - state: present - line: "{{item.value}}" - create: true - mode: 0600 - with_dict: "{{hostkeys}}" - tags: user, ssh - -- name: "ssh : Purge invalid known_hosts keys" - become: true - become_user: "{{user.name}}" - lineinfile: - dest: "{{user.home}}/.ssh/known_hosts" - state: absent - line: "{{item.value}}" - with_dict: "{{hostkeys_removed}}" - tags: user, ssh - - -# I like to make my ~ my dotfiles working directory (some folks symlink -# everything) Here that means I clone, move hg, then checkout, clobbering any -# conflicts with /etc/skel stuff. -- name: Clone dotfiles - shell: > - hg clone -U {{dotfiles_repository}} {{user.home}}/_dotfiles_ - && mv {{user.home}}/_dotfiles_/.hg {{user.home}} - && rmdir {{user.home}}/_dotfiles_ - && chown -R {{user.name}}:{{user.group}} {{user.home}}/.hg - && sudo -u {{user.name}} hg -R {{user.home}} update -C - args: - create: "{{user.home}}/.hg" - tags: user, dotfiles - - -# This is an existing script that clones/updates zgen, rbenv, and plenv. -# My dotfiles use each if the right directory exists. -- name: Run homedir-setup - become: true - become_user: "{{user.name}}" - shell: bin/homedir-setup - args: - chdir: "{{user.home}}" - register: homedir_setup - changed_when: homedir_setup.stdout | match("Updating|Cloning") - failed_when: homedir_setup.rc != 0 - tags: user, install
