Updates for structure

This commit is contained in:
DarkFeather 2021-03-16 03:09:19 -05:00
parent 68ef34c3c6
commit 87775fe636
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
2 changed files with 105 additions and 38 deletions

View File

@ -3,34 +3,81 @@ all:
replica_domain: MSN0.AniNIX.net
dns: 10.0.1.7
logserver: 10.0.1.5
daemon_shell: /sbin/nologin
children:
prod:
hosts:
Core:
interface: enp1s0f0
ip: 10.0.1.3
mac: 00:25:90:0d:6e:86
type: wired
dev:
hosts:
DarkNet:
MaatBuilder:
Maat:
Sharingan:
geth:
hosts:
GethHub1:
GethHub2:
GethHub3:
Nazara:
tachikoma:
hosts:
Tachikoma:
Dedsec:
tricorder:
hosts:
DarkFeather:
Lykos:
windows:
hosts:
Games:
managed:
children:
prod:
hosts:
Core:
depriv_user: DarkFeather
interface: enp1s0f0
ip: 10.0.1.3
mac: 00:25:90:0d:6e:86
type: wired
dev:
vars:
depriv_user: depriv
hosts:
DarkNet:
ip: 10.0.1.4
mac: 00:15:5D:01:02:05
type: wired
MaatBuilder:
ip: 10.0.1.13
mac: 00:15:5d:01:02:07
type: wired
Maat:
ip: 10.0.1.14
mac: DE:8B:9E:19:55:1D
type: wired
Sharingan:
ip: 10.0.1.5
mac: 00:15:5D:01:02:10
type: wired
geth:
vars:
depriv_user: pi
hosts:
Geth-Hub-1:
ip: 10.0.1.10
mac: 84:16:F9:14:15:C5
Geth-Hub-2:
ip: 10.0.1.11
mac: 84:16:F9:13:B6:E6
Geth-Hub-3:
ip: 10.0.1.12
mac: b8:27:eb:60:73:68
Nazara:
ip: 10.0.1.7
mac: B8:27:EB:B6:AA:0C
type: wired
unmanaged:
children:
tachikoma:
hosts:
Tachikoma:
Dedsec:
tricorder:
hosts:
DarkFeather:
Lykos:
windows:
hosts:
Games:
ip: 10.0.1.2
mac: 00:1F:BC:10:1C:F8
console:
hosts:
Core-Console:
ip: 10.0.1.8
mac: 00:25:90:0D:82:5B
Maat-Console:
ip: 10.0.1.9
mac: 00:25:90:3E:C6:8C
Geth-Eyes:
ip: 10.0.1.106
mac: 9c:a3:aa:33:a3:99
Print:
ip: 10.0.1.6
mac: 00:80:92:77:CE:E4

View File

@ -11,14 +11,14 @@
#
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
#
- hosts: "{{ targets | default('all') }}"
- hosts: "{{ targets | default('managed') }}"
order: sorted
serial: "{{ threads | default('8') }}"
serial: "{{ threads | default('1') }}"
gather_facts: false
ignore_unreachable: true
vars:
ansible_ssh_port: "{{ sshport | default('22') }}"
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
vars_files:
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
@ -28,18 +28,38 @@
command: "cat {{ keyfile }}"
register: key
# Thanks to https://gist.github.com/shirou/6928012
- name: Ensure ssh host key known
- name: Ensure known_hosts is commented
delegate_to: localhost
lineinfile:
dest: ~/.ssh/known_hosts
create: yes
state: present
line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
line: "# {{ inventory_hostname + '.' + replica_domain }}"
# Thanks to https://gist.github.com/shirou/6928012
- name: Ensure ssh host RSA key known
delegate_to: localhost
lineinfile:
dest: ~/.ssh/known_hosts
create: yes
state: present
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
# Thanks to https://gist.github.com/shirou/6928012
- name: Ensure ssh host ED25519 key known
delegate_to: localhost
lineinfile:
dest: ~/.ssh/known_hosts
create: yes
state: present
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -ted25519 -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
- authorized_key:
user: "{{ lookup('env','USER') }}"
user: "{{ depriv_user }}"
key: "{{ key.stdout }}"
state: present
exclusive: true
name: "Pass authorized key"
vars:
ansible_ssh_password: "{{ vars['passwords'][inventory_hostname] }}"