Merge branch 'main' into use_sudo

2023-03-07 13:36:42 +00:00 · 2023-03-07 13:36:42 +00:00 · 63414b60dd
parent 5cae83c557 3bddaaa22c
commit 63414b60dd
8 changed files with 15 additions and 15 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,3 +4,4 @@ playbook.retry
 *.log
 .idea/
 venv/
+/ansible.cfg
--- a/8
+++ b/8
@ -1,4 +1,10 @@
-init: create_venv install_pre_commit install_ansible_galaxy_modules
+init: create_ansible_cfg create_venv install_pre_commit install_ansible_galaxy_modules
+
+.ONESHELL:
+create_ansible_cfg:
+	read -rp "Enter remote username: " REMOTE_USER
+	cp ansible.cfg.sample ansible.cfg
+	sed -i "s/REMOTE_USER/$$REMOTE_USER/g" ansible.cfg

 create_venv:
 	python3 -m venv venv
--- a/ansible.cfg
+++ b/ansible.cfg
@ -1,3 +0,0 @@
-[defaults]
-remote_user = root
-inventory = datacoop_hosts
--- a/ansible.cfg.sample
+++ b/ansible.cfg.sample
@ -0,0 +1,4 @@
+[defaults]
+remote_user = REMOTE_USER
+inventory = datacoop_hosts
+use_persistent_connections = True
--- a/deploy.sh
+++ b/deploy.sh
@ -8,7 +8,7 @@ usage () {
    } >&2
 }

-BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass"
+BASE_CMD="ansible-playbook playbook.yml --ask-become-pass --ask-vault-pass"

 if [ "$1" = "--vagrant" ]; then
    BASE_CMD="$BASE_CMD --verbose --inventory=vagrant_host"
--- a/roles/docker/tasks/services/gitea.yml
+++ b/roles/docker/tasks/services/gitea.yml
@ -29,8 +29,6 @@
      GITEA__mailer__FROM: "noreply@{{ services.gitea.domain }}"
      GITEA__mailer__MAILER_TYPE: "smtp"
      GITEA__mailer__HOST: "{{ smtp_host }}:{{ smtp_port }}"
-      GITEA__mailer__USER: "noop"
-      GITEA__mailer__PASSWD: "noop"
      GITEA__security__LOGIN_REMEMBER_DAYS: "60"
      GITEA__security__PASSWORD_COMPLEXITY: "off"
      GITEA__security__MIN_PASSWORD_LENGTH: "8"
--- a/roles/docker/tasks/services/restic_backup.yml
+++ b/roles/docker/tasks/services/restic_backup.yml
@ -5,7 +5,7 @@
    path: "{{ services.restic.volume_folder }}/ssh"
    owner: root
    group: root
-    mode: '0700'
+    mode: '0755'
    state: directory

 - name: Copy private SSH key
--- a/roles/ubuntu_base/tasks/users.yml
+++ b/roles/ubuntu_base/tasks/users.yml
@ -15,9 +15,3 @@
    key: "{{ item.ssh_keys | join('\n') }}"
    exclusive: true
  loop: "{{ users | default([]) }}"
-
- name: "Add ssh authorized_keys to root user"
-  ansible.posix.authorized_key:
-    user: "root"
-    key: "{{ users | default([]) | map(attribute='ssh_keys') | flatten | join('\n') }}"
-    exclusive: true