Updates for structure
This commit is contained in:
parent
68ef34c3c6
commit
87775fe636
GPG Key ID:
1CC1E3F4ED06F296
@ -3,34 +3,81 @@ all:
|
|||||||
replica_domain: MSN0.AniNIX.net
|
replica_domain: MSN0.AniNIX.net
|
||||||
dns: 10.0.1.7
|
dns: 10.0.1.7
|
||||||
logserver: 10.0.1.5
|
logserver: 10.0.1.5
|
||||||
|
daemon_shell: /sbin/nologin
|
||||||
children:
|
children:
|
||||||
prod:
|
managed:
|
||||||
hosts:
|
children:
|
||||||
Core:
|
prod:
|
||||||
interface: enp1s0f0
|
hosts:
|
||||||
ip: 10.0.1.3
|
Core:
|
||||||
mac: 00:25:90:0d:6e:86
|
depriv_user: DarkFeather
|
||||||
type: wired
|
interface: enp1s0f0
|
||||||
dev:
|
ip: 10.0.1.3
|
||||||
hosts:
|
mac: 00:25:90:0d:6e:86
|
||||||
DarkNet:
|
type: wired
|
||||||
MaatBuilder:
|
dev:
|
||||||
Maat:
|
vars:
|
||||||
Sharingan:
|
depriv_user: depriv
|
||||||
geth:
|
hosts:
|
||||||
hosts:
|
DarkNet:
|
||||||
GethHub1:
|
ip: 10.0.1.4
|
||||||
GethHub2:
|
mac: 00:15:5D:01:02:05
|
||||||
GethHub3:
|
type: wired
|
||||||
Nazara:
|
MaatBuilder:
|
||||||
tachikoma:
|
ip: 10.0.1.13
|
||||||
hosts:
|
mac: 00:15:5d:01:02:07
|
||||||
Tachikoma:
|
type: wired
|
||||||
Dedsec:
|
Maat:
|
||||||
tricorder:
|
ip: 10.0.1.14
|
||||||
hosts:
|
mac: DE:8B:9E:19:55:1D
|
||||||
DarkFeather:
|
type: wired
|
||||||
Lykos:
|
Sharingan:
|
||||||
windows:
|
ip: 10.0.1.5
|
||||||
hosts:
|
mac: 00:15:5D:01:02:10
|
||||||
Games:
|
type: wired
|
||||||
|
geth:
|
||||||
|
vars:
|
||||||
|
depriv_user: pi
|
||||||
|
hosts:
|
||||||
|
Geth-Hub-1:
|
||||||
|
ip: 10.0.1.10
|
||||||
|
mac: 84:16:F9:14:15:C5
|
||||||
|
Geth-Hub-2:
|
||||||
|
ip: 10.0.1.11
|
||||||
|
mac: 84:16:F9:13:B6:E6
|
||||||
|
Geth-Hub-3:
|
||||||
|
ip: 10.0.1.12
|
||||||
|
mac: b8:27:eb:60:73:68
|
||||||
|
Nazara:
|
||||||
|
ip: 10.0.1.7
|
||||||
|
mac: B8:27:EB:B6:AA:0C
|
||||||
|
type: wired
|
||||||
|
unmanaged:
|
||||||
|
children:
|
||||||
|
tachikoma:
|
||||||
|
hosts:
|
||||||
|
Tachikoma:
|
||||||
|
Dedsec:
|
||||||
|
tricorder:
|
||||||
|
hosts:
|
||||||
|
DarkFeather:
|
||||||
|
Lykos:
|
||||||
|
windows:
|
||||||
|
hosts:
|
||||||
|
Games:
|
||||||
|
ip: 10.0.1.2
|
||||||
|
mac: 00:1F:BC:10:1C:F8
|
||||||
|
console:
|
||||||
|
hosts:
|
||||||
|
Core-Console:
|
||||||
|
ip: 10.0.1.8
|
||||||
|
mac: 00:25:90:0D:82:5B
|
||||||
|
Maat-Console:
|
||||||
|
ip: 10.0.1.9
|
||||||
|
mac: 00:25:90:3E:C6:8C
|
||||||
|
Geth-Eyes:
|
||||||
|
ip: 10.0.1.106
|
||||||
|
mac: 9c:a3:aa:33:a3:99
|
||||||
|
Print:
|
||||||
|
ip: 10.0.1.6
|
||||||
|
mac: 00:80:92:77:CE:E4
|
||||||
|
|||||||
@ -11,14 +11,14 @@
|
|||||||
#
|
#
|
||||||
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
|
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
|
||||||
#
|
#
|
||||||
- hosts: "{{ targets | default('all') }}"
|
- hosts: "{{ targets | default('managed') }}"
|
||||||
order: sorted
|
order: sorted
|
||||||
serial: "{{ threads | default('8') }}"
|
serial: "{{ threads | default('1') }}"
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
ignore_unreachable: true
|
ignore_unreachable: true
|
||||||
vars:
|
vars:
|
||||||
ansible_ssh_port: "{{ sshport | default('22') }}"
|
ansible_ssh_port: "{{ sshport | default('22') }}"
|
||||||
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
|
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
|
||||||
vars_files:
|
vars_files:
|
||||||
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
|
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
|
||||||
|
|
||||||
@ -28,18 +28,38 @@
|
|||||||
command: "cat {{ keyfile }}"
|
command: "cat {{ keyfile }}"
|
||||||
register: key
|
register: key
|
||||||
|
|
||||||
# Thanks to https://gist.github.com/shirou/6928012
|
- name: Ensure known_hosts is commented
|
||||||
- name: Ensure ssh host key known
|
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
lineinfile:
|
lineinfile:
|
||||||
dest: ~/.ssh/known_hosts
|
dest: ~/.ssh/known_hosts
|
||||||
create: yes
|
create: yes
|
||||||
state: present
|
state: present
|
||||||
line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
|
line: "# {{ inventory_hostname + '.' + replica_domain }}"
|
||||||
|
|
||||||
|
# Thanks to https://gist.github.com/shirou/6928012
|
||||||
|
- name: Ensure ssh host RSA key known
|
||||||
|
delegate_to: localhost
|
||||||
|
lineinfile:
|
||||||
|
dest: ~/.ssh/known_hosts
|
||||||
|
create: yes
|
||||||
|
state: present
|
||||||
|
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
|
||||||
|
|
||||||
|
# Thanks to https://gist.github.com/shirou/6928012
|
||||||
|
- name: Ensure ssh host ED25519 key known
|
||||||
|
delegate_to: localhost
|
||||||
|
lineinfile:
|
||||||
|
dest: ~/.ssh/known_hosts
|
||||||
|
create: yes
|
||||||
|
state: present
|
||||||
|
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -ted25519 -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
|
||||||
|
|
||||||
- authorized_key:
|
- authorized_key:
|
||||||
user: "{{ lookup('env','USER') }}"
|
user: "{{ depriv_user }}"
|
||||||
key: "{{ key.stdout }}"
|
key: "{{ key.stdout }}"
|
||||||
state: present
|
state: present
|
||||||
exclusive: true
|
exclusive: true
|
||||||
name: "Pass authorized key"
|
name: "Pass authorized key"
|
||||||
|
vars:
|
||||||
|
ansible_ssh_password: "{{ vars['passwords'][inventory_hostname] }}"
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user