diff --git a/examples/msn0.yml b/examples/msn0.yml index 380db2d..7c81f06 100644 --- a/examples/msn0.yml +++ b/examples/msn0.yml @@ -3,34 +3,81 @@ all: replica_domain: MSN0.AniNIX.net dns: 10.0.1.7 logserver: 10.0.1.5 + daemon_shell: /sbin/nologin children: - prod: - hosts: - Core: - interface: enp1s0f0 - ip: 10.0.1.3 - mac: 00:25:90:0d:6e:86 - type: wired - dev: - hosts: - DarkNet: - MaatBuilder: - Maat: - Sharingan: - geth: - hosts: - GethHub1: - GethHub2: - GethHub3: - Nazara: - tachikoma: - hosts: - Tachikoma: - Dedsec: - tricorder: - hosts: - DarkFeather: - Lykos: - windows: - hosts: - Games: + managed: + children: + prod: + hosts: + Core: + depriv_user: DarkFeather + interface: enp1s0f0 + ip: 10.0.1.3 + mac: 00:25:90:0d:6e:86 + type: wired + dev: + vars: + depriv_user: depriv + hosts: + DarkNet: + ip: 10.0.1.4 + mac: 00:15:5D:01:02:05 + type: wired + MaatBuilder: + ip: 10.0.1.13 + mac: 00:15:5d:01:02:07 + type: wired + Maat: + ip: 10.0.1.14 + mac: DE:8B:9E:19:55:1D + type: wired + Sharingan: + ip: 10.0.1.5 + mac: 00:15:5D:01:02:10 + type: wired + geth: + vars: + depriv_user: pi + hosts: + Geth-Hub-1: + ip: 10.0.1.10 + mac: 84:16:F9:14:15:C5 + Geth-Hub-2: + ip: 10.0.1.11 + mac: 84:16:F9:13:B6:E6 + Geth-Hub-3: + ip: 10.0.1.12 + mac: b8:27:eb:60:73:68 + Nazara: + ip: 10.0.1.7 + mac: B8:27:EB:B6:AA:0C + type: wired + unmanaged: + children: + tachikoma: + hosts: + Tachikoma: + Dedsec: + tricorder: + hosts: + DarkFeather: + Lykos: + windows: + hosts: + Games: + ip: 10.0.1.2 + mac: 00:1F:BC:10:1C:F8 + console: + hosts: + Core-Console: + ip: 10.0.1.8 + mac: 00:25:90:0D:82:5B + Maat-Console: + ip: 10.0.1.9 + mac: 00:25:90:3E:C6:8C + Geth-Eyes: + ip: 10.0.1.106 + mac: 9c:a3:aa:33:a3:99 + Print: + ip: 10.0.1.6 + mac: 00:80:92:77:CE:E4 diff --git a/playbooks/sshkey.yml b/playbooks/sshkey.yml index ca55cf3..e82ddf7 100644 --- a/playbooks/sshkey.yml +++ b/playbooks/sshkey.yml @@ -11,14 +11,14 @@ # # Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault # -- hosts: "{{ targets | default('all') }}" +- hosts: "{{ targets | default('managed') }}" order: sorted - serial: "{{ threads | default('8') }}" + serial: "{{ threads | default('1') }}" gather_facts: false ignore_unreachable: true vars: ansible_ssh_port: "{{ sshport | default('22') }}" - keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" + keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}" vars_files: - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}" @@ -28,18 +28,38 @@ command: "cat {{ keyfile }}" register: key - # Thanks to https://gist.github.com/shirou/6928012 - - name: Ensure ssh host key known + - name: Ensure known_hosts is commented delegate_to: localhost lineinfile: dest: ~/.ssh/known_hosts create: yes state: present - line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}" + line: "# {{ inventory_hostname + '.' + replica_domain }}" + + # Thanks to https://gist.github.com/shirou/6928012 + - name: Ensure ssh host RSA key known + delegate_to: localhost + lineinfile: + dest: ~/.ssh/known_hosts + create: yes + state: present + line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}" + + # Thanks to https://gist.github.com/shirou/6928012 + - name: Ensure ssh host ED25519 key known + delegate_to: localhost + lineinfile: + dest: ~/.ssh/known_hosts + create: yes + state: present + line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -ted25519 -p' + ansible_ssh_port + ' ' + inventory_hostname) }}" - authorized_key: - user: "{{ lookup('env','USER') }}" + user: "{{ depriv_user }}" key: "{{ key.stdout }}" state: present exclusive: true - name: "Pass authorized key" + name: "Pass authorized key" + vars: + ansible_ssh_password: "{{ vars['passwords'][inventory_hostname] }}" +