65 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
		
		
			
		
	
	
			65 lines
		
	
	
		
			1.5 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
|  | ---
 | ||
|  | 
 | ||
|  |  - name: Install the package
 | ||
|  |    become: true
 | ||
|  |    ignore_errors: true
 | ||
|  |    package:
 | ||
|  |      name: Aether
 | ||
|  |      state: present
 | ||
|  | 
 | ||
|  |  - name: Validate the user
 | ||
|  |    vars:
 | ||
|  |      service_account: aether
 | ||
|  |    include_tasks: ../roles/common/service_account.yml
 | ||
|  | 
 | ||
|  |  - name: Ensure the Aether identity is protected.
 | ||
|  |    become: true
 | ||
|  |    file:
 | ||
|  |      path: "{{ item }}"
 | ||
|  |      state: directory
 | ||
|  |      owner: aether
 | ||
|  |      group: aether
 | ||
|  |      mode: 0700
 | ||
|  |    loop:
 | ||
|  |      - /home/aether/.ssh
 | ||
|  |      - /usr/local/etc/Aether
 | ||
|  |      - /usr/local/etc/Aether/backup-entries
 | ||
|  |      - /usr/local/backup
 | ||
|  | 
 | ||
|  |  - name: Ensure the Aether identity exists
 | ||
|  |    delegate_to: Core # Core will track the identity that will then be shared to everyone else.
 | ||
|  |    become: true
 | ||
|  |    command:
 | ||
|  |      creates: /home/aether/.ssh/aether
 | ||
|  |      chdir: /home/aether/.ssh/
 | ||
|  |      cmd: ssh-keygen -t ed25519 -N "" -f ./aether
 | ||
|  | 
 | ||
|  |  - name: Read the Aether identity
 | ||
|  |    become: true
 | ||
|  |    delegate_to: Core
 | ||
|  |    command: cat /home/aether/.ssh/aether
 | ||
|  |    register: aether_key
 | ||
|  | 
 | ||
|  |  - name: Read the Aether public identity
 | ||
|  |    become: true
 | ||
|  |    delegate_to: Core
 | ||
|  |    command: cat /home/aether/.ssh/aether.pub
 | ||
|  |    register: aether_pubkey
 | ||
|  | 
 | ||
|  |  - include_tasks: source.yml
 | ||
|  |    when: "{{ inventory_hostname }} is 'Core'"
 | ||
|  | 
 | ||
|  |  - include_tasks: client.yml
 | ||
|  |    when: "{{ inventory_hostname }} is 'Core'"
 | ||
|  | 
 | ||
|  |  - name: Ensure the Aether identity files are protected.
 | ||
|  |    become: true
 | ||
|  |    file:
 | ||
|  |      path: "{{ item }}"
 | ||
|  |      owner: aether
 | ||
|  |      group: aether
 | ||
|  |      mode: 0600
 | ||
|  |    loop:
 | ||
|  |      - /home/aether/.ssh/aether
 | ||
|  |      - /home/aether/.ssh/aether.pub
 |