projects
/
noc.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
253adcd
)
introduce ssh_users_root
author
Christian Pointner
<equinox@realraum.at>
Fri, 30 Nov 2018 07:03:55 +0000
(08:03 +0100)
committer
Christian Pointner
<equinox@realraum.at>
Fri, 30 Nov 2018 20:02:14 +0000
(21:02 +0100)
ansible/group_vars/accesspoints/main.yml
patch
|
blob
|
history
ansible/group_vars/all/main.yml
patch
|
blob
|
history
ansible/group_vars/all/users.yml
patch
|
blob
|
history
ansible/host_vars/torwaechter/main.yml
patch
|
blob
|
history
ansible/roles/base/tasks/main.yml
patch
|
blob
|
history
ansible/roles/preseed/tasks/main.yml
patch
|
blob
|
history
ansible/roles/vm/install/tasks/main.yml
patch
|
blob
|
history
diff --git
a/ansible/group_vars/accesspoints/main.yml
b/ansible/group_vars/accesspoints/main.yml
index
7d4b030
..
321c855
100644
(file)
--- a/
ansible/group_vars/accesspoints/main.yml
+++ b/
ansible/group_vars/accesspoints/main.yml
@@
-1,4
+1,8
@@
---
---
+ssh_root_users:
+ - equinox
+ - nicoo
+
accesspoint_wifi_channels:
2.4g:
ap0: 3
accesspoint_wifi_channels:
2.4g:
ap0: 3
@@
-142,7
+146,7
@@
openwrt_mixin:
/etc/dropbear/authorized_keys:
content: |-
/etc/dropbear/authorized_keys:
content: |-
- {% for key in noc_ssh_keys %}
+ {% for key in ssh_keys_root %}
{{ key }}
{% endfor %}
{{ key }}
{% endfor %}
diff --git
a/ansible/group_vars/all/main.yml
b/ansible/group_vars/all/main.yml
index
d617779
..
32a6b24
100644
(file)
--- a/
ansible/group_vars/all/main.yml
+++ b/
ansible/group_vars/all/main.yml
@@
-10,4
+10,12
@@
global_files_dir: "{{ inventory_dir }}/files"
## Root password; by default, undefined
root_password: "{{ vault_root_password }}"
## SSH keys for root, default to NOC's
## Root password; by default, undefined
root_password: "{{ vault_root_password }}"
## SSH keys for root, default to NOC's
-ssh_keys: "{{ noc_ssh_keys }}"
+
+ssh_users_root: "{{ user_groups.noc }}"
+## TODO: make this a filter_plugin...
+ssh_keys_root: "{{ ssh_users_root | map('extract', users) | map(attribute='ssh') | flatten | list }}"
+
+## TODO: not used at the moment?
+noc_groups:
+ - adm
+ - sudo
diff --git
a/ansible/group_vars/all/users.yml
b/ansible/group_vars/all/users.yml
index
ac2b99b
..
f6ede15
100644
(file)
--- a/
ansible/group_vars/all/users.yml
+++ b/
ansible/group_vars/all/users.yml
@@
-30,9
+30,3
@@
users:
gpg: 0xE3468B9CE81EB4F91486
ssh:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDsT6W8Yz9iQ9FXuyrBmLC3o1j26ugzKfJDjvYAOehtjbYj+JjNrLoob1Evg5wWbDI9w+GiaBRKpfMw/66rMty8UXnYvpr28AsMdsxmvCp7k6eW55WcWNC26Nw3cWJo8MBxDaWDfjPdVzhKU7iFTCEVz/mUqUrbyg+Y6R1psqY84zXwelyPNPUVNBSaWMORmWR397v8UaEx2jsO4Nxaw1w4RnJSyq5feXResLigh6yelCNDWu3ISQrmZtjKRCPWlVzIDAT5m0UZzHjfGtixei8QNo3Y1sNUyFmrR0jcy6Uvkcl2ryGsUApCqaIGHz9zNvVJo7lGFH7yDVnaFx2XHnbDrZqhcvtvKK9kJkXwpTwASnSg7CB4VUFxdfzOlwnGUqMrePYqN5CaFKLNNQ5vIharK+iikvgkibrCSH69Tdb26IvBpXojuoIHDpBNcAAy5d66P+EoUXv7xWVmWiDLyJd66GvNzAzwel16KrjlgYZoKaj5rAB04qafSi6gRKJMuxQTBGGBc45JojDDZUEQht0/0N9GEWZDAO2z3eyB0lsODNvJBh9jAvwEOMcNnm59GYnYrk4bKLS1GEvq6a0aQvAxJDj0OxENNsx3SloYnP+ufHUZvWI9Ccu+9PMcoNqsFomiFg5nraL7NVaaOegVVYVGr4xZm9Yl/fnfnkH/lccsPw== xro@realraum.at
gpg: 0xE3468B9CE81EB4F91486
ssh:
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDsT6W8Yz9iQ9FXuyrBmLC3o1j26ugzKfJDjvYAOehtjbYj+JjNrLoob1Evg5wWbDI9w+GiaBRKpfMw/66rMty8UXnYvpr28AsMdsxmvCp7k6eW55WcWNC26Nw3cWJo8MBxDaWDfjPdVzhKU7iFTCEVz/mUqUrbyg+Y6R1psqY84zXwelyPNPUVNBSaWMORmWR397v8UaEx2jsO4Nxaw1w4RnJSyq5feXResLigh6yelCNDWu3ISQrmZtjKRCPWlVzIDAT5m0UZzHjfGtixei8QNo3Y1sNUyFmrR0jcy6Uvkcl2ryGsUApCqaIGHz9zNvVJo7lGFH7yDVnaFx2XHnbDrZqhcvtvKK9kJkXwpTwASnSg7CB4VUFxdfzOlwnGUqMrePYqN5CaFKLNNQ5vIharK+iikvgkibrCSH69Tdb26IvBpXojuoIHDpBNcAAy5d66P+EoUXv7xWVmWiDLyJd66GvNzAzwel16KrjlgYZoKaj5rAB04qafSi6gRKJMuxQTBGGBc45JojDDZUEQht0/0N9GEWZDAO2z3eyB0lsODNvJBh9jAvwEOMcNnm59GYnYrk4bKLS1GEvq6a0aQvAxJDj0OxENNsx3SloYnP+ufHUZvWI9Ccu+9PMcoNqsFomiFg5nraL7NVaaOegVVYVGr4xZm9Yl/fnfnkH/lccsPw== xro@realraum.at
-
-noc_groups:
- - adm
- - sudo
-
-noc_ssh_keys: "{{ user_groups.noc | map('extract', users) | map(attribute='ssh') | flatten | list }}"
diff --git
a/ansible/host_vars/torwaechter/main.yml
b/ansible/host_vars/torwaechter/main.yml
index
016ec44
..
864a50d
100644
(file)
--- a/
ansible/host_vars/torwaechter/main.yml
+++ b/
ansible/host_vars/torwaechter/main.yml
@@
-1,4
+1,6
@@
---
---
+ssh_keys_tuergit: "{{ ssh_keys_root }}"
+
openwrt_arch: x86
openwrt_target: geode
openwrt_output_image_suffixes:
openwrt_arch: x86
openwrt_target: geode
openwrt_output_image_suffixes:
@@
-59,13
+61,13
@@
openwrt_mixin:
/etc/ssh/authorized_keys.d/root:
content: |-
/etc/ssh/authorized_keys.d/root:
content: |-
- {% for key in noc_ssh_keys %}
+ {% for key in ssh_keys_root %}
{{ key }}
{% endfor %}
/etc/ssh/authorized_keys.d/tuergit:
content: |-
{{ key }}
{% endfor %}
/etc/ssh/authorized_keys.d/tuergit:
content: |-
- {% for key in noc_ssh_keys %}
+ {% for key in ssh_keys_tuergit %}
{{ key }}
{% endfor %}
{{ key }}
{% endfor %}
diff --git
a/ansible/roles/base/tasks/main.yml
b/ansible/roles/base/tasks/main.yml
index
7fb9d24
..
b9d8601
100644
(file)
--- a/
ansible/roles/base/tasks/main.yml
+++ b/
ansible/roles/base/tasks/main.yml
@@
-47,7
+47,7
@@
- name: Set authorized keys for root user
authorized_key:
user: root
- name: Set authorized keys for root user
authorized_key:
user: root
- key: "{{ ssh_keys | join('\n') }}"
+ key: "{{ ssh_keys_root | join('\n') }}"
exclusive: yes
- name: disable apt suggests and recommends
exclusive: yes
- name: disable apt suggests and recommends
diff --git
a/ansible/roles/preseed/tasks/main.yml
b/ansible/roles/preseed/tasks/main.yml
index
8289eb6
..
7406154
100644
(file)
--- a/
ansible/roles/preseed/tasks/main.yml
+++ b/
ansible/roles/preseed/tasks/main.yml
@@
-14,7
+14,7
@@
user: root
manage_dir: no
path: "{{ preseed_tmpdir }}/authorized_keys"
user: root
manage_dir: no
path: "{{ preseed_tmpdir }}/authorized_keys"
- key: "{{ ssh_keys | join('\n') }}"
+ key: "{{ ssh_keys_root | join('\n') }}"
- name: Inject files into initramfs
shell: cpio -H newc -o | gzip -9 >> 'initrd.preseed.gz'
- name: Inject files into initramfs
shell: cpio -H newc -o | gzip -9 >> 'initrd.preseed.gz'
diff --git
a/ansible/roles/vm/install/tasks/main.yml
b/ansible/roles/vm/install/tasks/main.yml
index
f14ea50
..
973f44d
100644
(file)
--- a/
ansible/roles/vm/install/tasks/main.yml
+++ b/
ansible/roles/vm/install/tasks/main.yml
@@
-39,7
+39,7
@@
- import_role:
name: preseed
vars:
- import_role:
name: preseed
vars:
- ssh_keys: "{{ hostvars[hostname].ssh_keys }}"
+ ssh_keys_root: "{{ hostvars[hostname].ssh_keys_root }}"
install_interface: enp1s1
preseed_tmpdir: "{{ tmpdir.stdout }}"
install_interface: enp1s1
preseed_tmpdir: "{{ tmpdir.stdout }}"