Updates for structure

This commit is contained in:
DarkFeather 2021-03-16 03:09:19 -05:00
parent 68ef34c3c6
commit 87775fe636
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
2 changed files with 105 additions and 38 deletions

View File

@ -3,26 +3,57 @@ all:
replica_domain: MSN0.AniNIX.net replica_domain: MSN0.AniNIX.net
dns: 10.0.1.7 dns: 10.0.1.7
logserver: 10.0.1.5 logserver: 10.0.1.5
daemon_shell: /sbin/nologin
children:
managed:
children: children:
prod: prod:
hosts: hosts:
Core: Core:
depriv_user: DarkFeather
interface: enp1s0f0 interface: enp1s0f0
ip: 10.0.1.3 ip: 10.0.1.3
mac: 00:25:90:0d:6e:86 mac: 00:25:90:0d:6e:86
type: wired type: wired
dev: dev:
vars:
depriv_user: depriv
hosts: hosts:
DarkNet: DarkNet:
ip: 10.0.1.4
mac: 00:15:5D:01:02:05
type: wired
MaatBuilder: MaatBuilder:
ip: 10.0.1.13
mac: 00:15:5d:01:02:07
type: wired
Maat: Maat:
ip: 10.0.1.14
mac: DE:8B:9E:19:55:1D
type: wired
Sharingan: Sharingan:
ip: 10.0.1.5
mac: 00:15:5D:01:02:10
type: wired
geth: geth:
vars:
depriv_user: pi
hosts: hosts:
GethHub1: Geth-Hub-1:
GethHub2: ip: 10.0.1.10
GethHub3: mac: 84:16:F9:14:15:C5
Geth-Hub-2:
ip: 10.0.1.11
mac: 84:16:F9:13:B6:E6
Geth-Hub-3:
ip: 10.0.1.12
mac: b8:27:eb:60:73:68
Nazara: Nazara:
ip: 10.0.1.7
mac: B8:27:EB:B6:AA:0C
type: wired
unmanaged:
children:
tachikoma: tachikoma:
hosts: hosts:
Tachikoma: Tachikoma:
@ -34,3 +65,19 @@ all:
windows: windows:
hosts: hosts:
Games: Games:
ip: 10.0.1.2
mac: 00:1F:BC:10:1C:F8
console:
hosts:
Core-Console:
ip: 10.0.1.8
mac: 00:25:90:0D:82:5B
Maat-Console:
ip: 10.0.1.9
mac: 00:25:90:3E:C6:8C
Geth-Eyes:
ip: 10.0.1.106
mac: 9c:a3:aa:33:a3:99
Print:
ip: 10.0.1.6
mac: 00:80:92:77:CE:E4

View File

@ -11,14 +11,14 @@
# #
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault # Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
# #
- hosts: "{{ targets | default('all') }}" - hosts: "{{ targets | default('managed') }}"
order: sorted order: sorted
serial: "{{ threads | default('8') }}" serial: "{{ threads | default('1') }}"
gather_facts: false gather_facts: false
ignore_unreachable: true ignore_unreachable: true
vars: vars:
ansible_ssh_port: "{{ sshport | default('22') }}" ansible_ssh_port: "{{ sshport | default('22') }}"
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_rsa.pub') }}" keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
vars_files: vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}" - "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
@ -28,18 +28,38 @@
command: "cat {{ keyfile }}" command: "cat {{ keyfile }}"
register: key register: key
# Thanks to https://gist.github.com/shirou/6928012 - name: Ensure known_hosts is commented
- name: Ensure ssh host key known
delegate_to: localhost delegate_to: localhost
lineinfile: lineinfile:
dest: ~/.ssh/known_hosts dest: ~/.ssh/known_hosts
create: yes create: yes
state: present state: present
line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}" line: "# {{ inventory_hostname + '.' + replica_domain }}"
# Thanks to https://gist.github.com/shirou/6928012
- name: Ensure ssh host RSA key known
delegate_to: localhost
lineinfile:
dest: ~/.ssh/known_hosts
create: yes
state: present
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
# Thanks to https://gist.github.com/shirou/6928012
- name: Ensure ssh host ED25519 key known
delegate_to: localhost
lineinfile:
dest: ~/.ssh/known_hosts
create: yes
state: present
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -ted25519 -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
- authorized_key: - authorized_key:
user: "{{ lookup('env','USER') }}" user: "{{ depriv_user }}"
key: "{{ key.stdout }}" key: "{{ key.stdout }}"
state: present state: present
exclusive: true exclusive: true
name: "Pass authorized key" name: "Pass authorized key"
vars:
ansible_ssh_password: "{{ vars['passwords'][inventory_hostname] }}"