]> git.phdru.name Git - ansible.git/commitdiff
projects / ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 844dedd)
Feat: Split `debian-init-user-phd` into roles
authorOleg Broytman <phd@phdru.name>
Sun, 14 Jul 2019 03:06:18 +0000 (06:06 +0300)
committerOleg Broytman <phd@phdru.name>
Tue, 16 Jul 2019 18:28:41 +0000 (21:28 +0300)
Split `debian-init-user-phd` into `debian-init-local-phd`,
`debian-init-system`, `debian-init-user-phd` and roles
`debian-init-system`, `debian-phd` and `debian-sudo`.

playbooks/debian-init-local-phd.yml [new file with mode: 0644] patch | blob
playbooks/debian-init-system.yml [new file with mode: 0644] patch | blob
playbooks/debian-init-user-phd.yml [deleted file] patch | blob | history
playbooks/roles/debian-init-system/README.txt [new file with mode: 0644] patch | blob
playbooks/roles/debian-init-system/tasks/main.yml [new file with mode: 0644] patch | blob
playbooks/roles/debian-phd/README.txt [new file with mode: 0644] patch | blob
playbooks/roles/debian-phd/defaults/main.yml [new file with mode: 0644] patch | blob
playbooks/roles/debian-phd/tasks/main.yml [new file with mode: 0644] patch | blob
playbooks/roles/debian-sudo/README.txt [new file with mode: 0644] patch | blob
playbooks/roles/debian-sudo/tasks/main.yml [new file with mode: 0644] patch | blob

diff --git a/playbooks/debian-init-local-phd.yml b/playbooks/debian-init-local-phd.yml
new file mode 100644 (file)
index 0000000..d71f24f
--- /dev/null
+++ b/playbooks/debian-init-local-phd.yml
@@ -0,0 +1,21 @@
+- name: Update local user phd
+  hosts: localhost
+  gather_facts: false
+  vars:
+    system_groups: root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,bluetooth,davfs2,vboxusers,input
+  tasks:
+    - name: Create system groups
+      become: true
+      group:
+        name: "{{ item }}"
+        system: true
+      loop: "{{ system_groups.split(',') }}"
+    - name: Create group phd
+      become: true
+      group:
+        name: phd
+    - name: user phd
+      become: true
+      user:
+        name: phd
+        groups: "{{ system_groups }}"
diff --git a/playbooks/debian-init-system.yml b/playbooks/debian-init-system.yml
new file mode 100644 (file)
index 0000000..af87134
--- /dev/null
+++ b/playbooks/debian-init-system.yml
@@ -0,0 +1,7 @@
+- name: Create user phd
+  hosts: "{{ hosts | default('servers') }}"
+  gather_facts: false
+  roles:
+    - debian-sudo
+    - debian-phd
+    - debian-init-system
diff --git a/playbooks/debian-init-user-phd.yml b/playbooks/debian-init-user-phd.yml
deleted file mode 100644 (file)
index b842599..0000000
--- a/playbooks/debian-init-user-phd.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-- name: Create user phd
-  hosts: "{{ hosts | default('servers') }}"
-  gather_facts: false
-  vars:
-    system_groups: root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,input
-  tasks:
-    - name: Create system groups
-      become: true
-      group:
-        name: "{{ item }}"
-        system: true
-      loop: "{{ system_groups.split(',') }}"
-    - name: Create group phd
-      become: true
-      group:
-        name: phd
-    - name: Add user phd
-      become: true
-      user:
-        name: phd
-        group: phd
-        groups: "{{ system_groups }}"
-    - name: Create folder ~phd/.ssh
-      file:
-        path: ~phd/.ssh
-        state: directory
-        owner: phd
-        group: phd
-        mode: 0700
-    - name: Upload SSH key
-      copy:
-        src: ~/.ssh/phd@nb3.pub
-        dest: ~phd/.ssh/phd@nb3.pub
-        owner: phd
-        group: phd
-        mode: 0600
-- name: Update local user phd
-  hosts: localhost
-  gather_facts: false
-  vars:
-    system_groups: root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,bluetooth,davfs2,vboxusers,input
-  tasks:
-    - name: Create system groups
-      become: true
-      group:
-        name: "{{ item }}"
-        system: true
-      loop: "{{ system_groups.split(',') }}"
-    - name: Create group phd
-      become: true
-      group:
-        name: phd
-    - name: user phd
-      become: true
-      user:
-        name: phd
-        groups: "{{ system_groups }}"
diff --git a/playbooks/roles/debian-init-system/README.txt b/playbooks/roles/debian-init-system/README.txt
new file mode 100644 (file)
index 0000000..57a5b0a
--- /dev/null
+++ b/playbooks/roles/debian-init-system/README.txt
@@ -0,0 +1 @@
+Init new Debian system: install minimal list of packages.
diff --git a/playbooks/roles/debian-init-system/tasks/main.yml b/playbooks/roles/debian-init-system/tasks/main.yml
new file mode 100644 (file)
index 0000000..5640f76
--- /dev/null
+++ b/playbooks/roles/debian-init-system/tasks/main.yml
@@ -0,0 +1,10 @@
+- name: Install minimal software packages
+  become: true
+  apt:
+    autoclean: yes
+    autoremove: yes
+    install_recommends: no
+    name: ['apt', 'aptitude', 'dselect', 'bash', 'bash-completion', 'mc', 'python', 'python3', 'rsync', 'vim']
+    purge: yes
+    state: latest
+    update_cache: yes
diff --git a/playbooks/roles/debian-phd/README.txt b/playbooks/roles/debian-phd/README.txt
new file mode 100644 (file)
index 0000000..84c7fa3
--- /dev/null
+++ b/playbooks/roles/debian-phd/README.txt
@@ -0,0 +1,2 @@
+Init remote user phd: create system and user groups, create the user,
+upload SSH public key.
diff --git a/playbooks/roles/debian-phd/defaults/main.yml b/playbooks/roles/debian-phd/defaults/main.yml
new file mode 100644 (file)
index 0000000..b9fc971
--- /dev/null
+++ b/playbooks/roles/debian-phd/defaults/main.yml
@@ -0,0 +1 @@
+system_groups: root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,input
diff --git a/playbooks/roles/debian-phd/tasks/main.yml b/playbooks/roles/debian-phd/tasks/main.yml
new file mode 100644 (file)
index 0000000..cea3f9f
--- /dev/null
+++ b/playbooks/roles/debian-phd/tasks/main.yml
@@ -0,0 +1,30 @@
+- name: Create system groups
+  become: true
+  group:
+    name: "{{ item }}"
+    system: true
+  loop: "{{ system_groups.split(',') }}"
+- name: Create group phd
+  become: true
+  group:
+    name: phd
+- name: Add user phd
+  become: true
+  user:
+    name: phd
+    group: phd
+    groups: "{{ system_groups }}"
+- name: Create folder ~phd/.ssh
+  file:
+    path: ~phd/.ssh
+    state: directory
+    owner: phd
+    group: phd
+    mode: 0700
+- name: Upload SSH key
+  copy:
+    src: ~/.ssh/phd@nb3.pub
+    dest: ~phd/.ssh/authorized_keys
+    owner: phd
+    group: phd
+    mode: 0600
diff --git a/playbooks/roles/debian-sudo/README.txt b/playbooks/roles/debian-sudo/README.txt
new file mode 100644 (file)
index 0000000..9d2929b
--- /dev/null
+++ b/playbooks/roles/debian-sudo/README.txt
@@ -0,0 +1 @@
+Init sudo: install sudo, add user phd, allow passwordless operations.
diff --git a/playbooks/roles/debian-sudo/tasks/main.yml b/playbooks/roles/debian-sudo/tasks/main.yml
new file mode 100644 (file)
index 0000000..05544b1
--- /dev/null
+++ b/playbooks/roles/debian-sudo/tasks/main.yml
@@ -0,0 +1,22 @@
+- name: Install sudo
+  become: true
+  apt:
+    install_recommends: no
+    name: sudo
+    state: latest
+    update_cache: yes
+- name: Add user phd to group sudo
+  become: true
+  user:
+    name: phd
+    append: yes
+    groups: sudo
+- name: Allow passwordless operations
+  become: true
+  copy:
+    content: 'phd      ALL=(ALL:ALL) NOPASSWD: ALL'
+    dest: /etc/sudoers.d/phd
+    owner: root
+    group: sudo
+    mode: 0640
+    force: yes
My ansible: inventory, playbooks, roles