Update provision.sh and add tasks for users
This commit is contained in:
parent
e8926785c3
commit
036f64e60a
GPG Key ID:
CBBBE7371E81C4EA
|
|
@ -9,6 +9,12 @@ hdd_mount_point: /opt/{{ hdd_name }}
|
|||
ssd_name: pi-ssd
|
||||
ssd_mount_point: /opt/{{ ssd_name }}
|
||||
|
||||
ssh_keys:
|
||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
||||
users:
|
||||
- name: ubuntu
|
||||
comment: System Administration
|
||||
password: $6$YitakVLuUxjnPfDd$aFnEDcc98y6MlRYxLPAhb.eHsKqSIz385i4VrHW1Q8b986IqUhtu62gaOIALzM4FAU3dnWaHNUTGxY0zgA6jC0
|
||||
groups:
|
||||
- sudo
|
||||
ssh_keys:
|
||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
||||
|
|
|
|||
60
provision.sh
60
provision.sh
|
|
@ -1,14 +1,15 @@
|
|||
#!/bin/sh
|
||||
#!/usr/bin/env sh
|
||||
|
||||
set -e
|
||||
|
||||
usage() {
|
||||
printf '%s\n' "Usage:"
|
||||
printf '$ %s\n' "$0 [-h|--help]"
|
||||
printf '$ %s\n' "$0 os"
|
||||
printf '$ %s\n' "$0 docker"
|
||||
printf '$ %s\n' "$0 reboot [-f|--force]"
|
||||
printf '$ %s\n' "$0 services [SINGLE_SERVICE]"
|
||||
printf '$ %s\n' "$0 [--dry] os"
|
||||
printf '$ %s\n' "$0 [--dry] docker"
|
||||
printf '$ %s\n' "$0 [--dry] users [-i|--init]"
|
||||
printf '$ %s\n' "$0 [--dry] reboot [-f|--force]"
|
||||
printf '$ %s\n' "$0 [--dry] services [-d|--down] [SINGLE_SERVICE]"
|
||||
}
|
||||
|
||||
install_modules() {
|
||||
|
|
@ -18,28 +19,57 @@ install_modules() {
|
|||
}
|
||||
|
||||
cd "$(dirname "$0")" || exit 255
|
||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass --ask-become-pass"
|
||||
if [ "$1" = "--dry" ]; then
|
||||
EXEC="echo"
|
||||
shift
|
||||
else
|
||||
EXEC="eval"
|
||||
fi
|
||||
|
||||
case $1 in
|
||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass --ask-become-pass"
|
||||
TAG="$1"
|
||||
shift
|
||||
|
||||
case $TAG in
|
||||
"")
|
||||
install_modules; $BASE_CMD ;;
|
||||
os|docker)
|
||||
install_modules; $BASE_CMD --tags "$1" ;;
|
||||
install_modules; $BASE_CMD --tags "$TAG" ;;
|
||||
users)
|
||||
install_modules
|
||||
|
||||
if [ "$1" = "-i" ] || [ "$1" = "--init" ]; then
|
||||
$EXEC "$BASE_CMD --user root --tags '$TAG'"
|
||||
else
|
||||
$EXEC "$BASE_CMD --tags '$TAG'"
|
||||
fi
|
||||
;;
|
||||
reboot)
|
||||
install_modules
|
||||
if [ "$2" = "-f" ] || [ "$2" = "--force" ]; then
|
||||
$BASE_CMD --tags "$1" --extra-vars "force_reboot=true"
|
||||
|
||||
if [ "$1" = "-f" ] || [ "$1" = "--force" ]; then
|
||||
$EXEC "$BASE_CMD --tags '$TAG' --extra-vars 'force_reboot=true'"
|
||||
else
|
||||
$BASE_CMD --tags "$1" --extra-vars "reboot=true"
|
||||
$EXEC "$BASE_CMD --tags '$TAG' --extra-vars 'reboot=true'"
|
||||
fi
|
||||
;;
|
||||
services)
|
||||
install_modules
|
||||
if [ -z "$2" ]; then
|
||||
$BASE_CMD --tags "$1"
|
||||
else
|
||||
$BASE_CMD --tags "$1" --extra-vars "single_service=$2"
|
||||
|
||||
if [ "$1" = "-d" ] || [ "$1" = "--down" ]; then
|
||||
DOWN=1
|
||||
shift
|
||||
fi
|
||||
|
||||
if [ -z "$DOWN" ] && [ -n "$1" ]; then
|
||||
VARS="single_service=$1"
|
||||
elif [ -n "$DOWN" ] && [ -z "$1" ]; then
|
||||
VARS="stop=true"
|
||||
elif [ -n "$DOWN" ] && [ -n "$1" ]; then
|
||||
VARS='{"stop": true, "single_service": "'$1'"}'
|
||||
fi
|
||||
|
||||
$EXEC "$BASE_CMD --tags '$TAG' $(test -z "$VARS" || echo "--extra-vars '$VARS'")"
|
||||
;;
|
||||
-h|--help)
|
||||
usage ;;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,10 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Configure user accounts
|
||||
ansible.builtin.import_tasks: users.yml
|
||||
tags:
|
||||
- users
|
||||
|
||||
- name: Configure system base
|
||||
ansible.builtin.import_tasks: base.yml
|
||||
|
||||
|
|
|
|||
|
|
@ -1,11 +1,5 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Add public SSH key to default user
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ ansible_user }}"
|
||||
key: "{{ ssh_keys | join('\n') }}"
|
||||
exclusive: true
|
||||
|
||||
- name: Allow SSH login with public keys
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
|
|
|
|||
|
|
@ -0,0 +1,18 @@
|
|||
# vim: ft=yaml.ansible
|
||||
---
|
||||
- name: Add users
|
||||
ansible.builtin.user:
|
||||
name: "{{ item.name }}"
|
||||
comment: "{{ item.comment }}"
|
||||
password: "{{ item.password }}"
|
||||
groups: "{{ item.groups }}"
|
||||
shell: /bin/bash
|
||||
update_password: always
|
||||
loop: "{{ users }}"
|
||||
|
||||
- name: Add ssh authorized_keys
|
||||
ansible.posix.authorized_key:
|
||||
user: "{{ item.name }}"
|
||||
key: "{{ item.ssh_keys | join('\n') }}"
|
||||
exclusive: true
|
||||
loop: "{{ users }}"
|
||||
Reference in New Issue