-
Notifications
You must be signed in to change notification settings - Fork 0
/
ansible-keys.yml
119 lines (115 loc) · 3.69 KB
/
ansible-keys.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
# keys setup playbook
#
# ansible-keys.yml
---
- name: keys setup
hosts: all
tasks:
- name: check mandatory variables are defined
assert:
that:
- user is defined
# .gnupg
- name: get new gpg dir stats
stat:
path: "/home/{{ user }}/data/keys/dot-gnupg"
register: new_gnupg
- name: setup gpg dir
block:
- name: ensure correct permissions for .gnupg dir
file:
path: "/home/{{ user }}/data/keys/dot-gnupg"
mode: 0700
- name: symlink new gpg dir
file:
src: "/home/{{ user }}/data/keys/dot-gnupg"
dest: "/home/{{ user }}/.gnupg"
state: link
force: true
become_user: "{{ user }}"
when: new_gnupg.stat.exists == true
# setup pass
- name: install pass
dnf:
name: pass
state: present
- name: get new pass dir stats
stat:
path: "/home/{{ user }}/data/keys/dot-password-store"
register: new_password_store
- name: setup pass dir
file:
src: "/home/{{ user }}/data/keys/dot-password-store"
dest: "/home/{{ user }}/.password-store"
state: link
force: true
become_user: "{{ user }}"
when: new_password_store.stat.exists == true
# .ssh
- name: get new ssh dir stats
stat:
path: "/home/{{ user }}/data/keys/dot-ssh"
register: new_ssh
- name: setup ssh dir
block:
- name: ensure correct permissions for .ssh dir
file:
path: "/home/{{ user }}/data/keys/dot-ssh"
mode: 0700
- name: get default private ssh key stats
stat:
path: "/home/{{ user }}/data/keys/dot-ssh/id_rsa"
register: default_ssh_key
- name: ensure correct permissions for default priva ssh key
file:
path: "/home/{{ user }}/data/keys/dot-ssh/id_rsa"
mode: 0600
when: default_ssh_key.stat.exists == true
# check ssh dir is symlink and remove if not
# otherwise SELinux prevents creating symlink
# as it is a non-empty directory
- name: get old ssh dir stats
stat:
path: "/home/{{ user }}/.ssh"
register: old_ssh
- name: remove old ssh dir if not symlink
file:
state: absent
path: "/home/{{ user }}/.ssh"
when: >
old_ssh.stat.exists == true and
( old_ssh.stat.islnk is not defined or old_ssh.stat.islnk == false )
- name: symlink new ssh dir
file:
src: "/home/{{ user }}/data/keys/dot-ssh"
dest: "/home/{{ user }}/.ssh"
state: link
become_user: "{{ user }}"
- name: set auto-install-key permissions
file:
path: "/home/{{ user }}/.ssh/auto-install-key"
mode: "0600"
when: new_ssh.stat.exists == true
- name: add ssh key to keyring
shell: eval $(ssh-agent)
become_user: "{{ user }}"
changed_when: false
# .pgpass
- name: get new postgresql password file stats
stat:
path: "/home/{{ user }}/data/keys/dot-pgpass"
register: new_pgpass
- name: setup postgresql password file
block:
- name: ensure correct permissions for postgresql password file
file:
path: "/home/{{ user }}/data/keys/dot-pgpass"
mode: 0600
- name: symlink postgresql password file
file:
src: "/home/{{ user }}/data/keys/dot-pgpass"
dest: "/home/{{ user }}/.pgpass"
state: link
force: true
become_user: "{{ user }}"
when: new_pgpass.stat.exists == true