Updates for structure
This commit is contained in:
parent
68ef34c3c6
commit
87775fe636
@ -3,34 +3,81 @@ all:
|
||||
replica_domain: MSN0.AniNIX.net
|
||||
dns: 10.0.1.7
|
||||
logserver: 10.0.1.5
|
||||
daemon_shell: /sbin/nologin
|
||||
children:
|
||||
prod:
|
||||
hosts:
|
||||
Core:
|
||||
interface: enp1s0f0
|
||||
ip: 10.0.1.3
|
||||
mac: 00:25:90:0d:6e:86
|
||||
type: wired
|
||||
dev:
|
||||
hosts:
|
||||
DarkNet:
|
||||
MaatBuilder:
|
||||
Maat:
|
||||
Sharingan:
|
||||
geth:
|
||||
hosts:
|
||||
GethHub1:
|
||||
GethHub2:
|
||||
GethHub3:
|
||||
Nazara:
|
||||
tachikoma:
|
||||
hosts:
|
||||
Tachikoma:
|
||||
Dedsec:
|
||||
tricorder:
|
||||
hosts:
|
||||
DarkFeather:
|
||||
Lykos:
|
||||
windows:
|
||||
hosts:
|
||||
Games:
|
||||
managed:
|
||||
children:
|
||||
prod:
|
||||
hosts:
|
||||
Core:
|
||||
depriv_user: DarkFeather
|
||||
interface: enp1s0f0
|
||||
ip: 10.0.1.3
|
||||
mac: 00:25:90:0d:6e:86
|
||||
type: wired
|
||||
dev:
|
||||
vars:
|
||||
depriv_user: depriv
|
||||
hosts:
|
||||
DarkNet:
|
||||
ip: 10.0.1.4
|
||||
mac: 00:15:5D:01:02:05
|
||||
type: wired
|
||||
MaatBuilder:
|
||||
ip: 10.0.1.13
|
||||
mac: 00:15:5d:01:02:07
|
||||
type: wired
|
||||
Maat:
|
||||
ip: 10.0.1.14
|
||||
mac: DE:8B:9E:19:55:1D
|
||||
type: wired
|
||||
Sharingan:
|
||||
ip: 10.0.1.5
|
||||
mac: 00:15:5D:01:02:10
|
||||
type: wired
|
||||
geth:
|
||||
vars:
|
||||
depriv_user: pi
|
||||
hosts:
|
||||
Geth-Hub-1:
|
||||
ip: 10.0.1.10
|
||||
mac: 84:16:F9:14:15:C5
|
||||
Geth-Hub-2:
|
||||
ip: 10.0.1.11
|
||||
mac: 84:16:F9:13:B6:E6
|
||||
Geth-Hub-3:
|
||||
ip: 10.0.1.12
|
||||
mac: b8:27:eb:60:73:68
|
||||
Nazara:
|
||||
ip: 10.0.1.7
|
||||
mac: B8:27:EB:B6:AA:0C
|
||||
type: wired
|
||||
unmanaged:
|
||||
children:
|
||||
tachikoma:
|
||||
hosts:
|
||||
Tachikoma:
|
||||
Dedsec:
|
||||
tricorder:
|
||||
hosts:
|
||||
DarkFeather:
|
||||
Lykos:
|
||||
windows:
|
||||
hosts:
|
||||
Games:
|
||||
ip: 10.0.1.2
|
||||
mac: 00:1F:BC:10:1C:F8
|
||||
console:
|
||||
hosts:
|
||||
Core-Console:
|
||||
ip: 10.0.1.8
|
||||
mac: 00:25:90:0D:82:5B
|
||||
Maat-Console:
|
||||
ip: 10.0.1.9
|
||||
mac: 00:25:90:3E:C6:8C
|
||||
Geth-Eyes:
|
||||
ip: 10.0.1.106
|
||||
mac: 9c:a3:aa:33:a3:99
|
||||
Print:
|
||||
ip: 10.0.1.6
|
||||
mac: 00:80:92:77:CE:E4
|
||||
|
@ -11,14 +11,14 @@
|
||||
#
|
||||
# Expects ANSIBLE_VAULT_FILE to be set in the environment to path the vault
|
||||
#
|
||||
- hosts: "{{ targets | default('all') }}"
|
||||
- hosts: "{{ targets | default('managed') }}"
|
||||
order: sorted
|
||||
serial: "{{ threads | default('8') }}"
|
||||
serial: "{{ threads | default('1') }}"
|
||||
gather_facts: false
|
||||
ignore_unreachable: true
|
||||
vars:
|
||||
ansible_ssh_port: "{{ sshport | default('22') }}"
|
||||
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"
|
||||
keyfile: "{{ pubkey | default(lookup('env','HOME') + '/.ssh/id_ed25519.pub') }}"
|
||||
vars_files:
|
||||
- "{{ lookup('env', 'ANSIBLE_VAULT_FILE') }}"
|
||||
|
||||
@ -28,18 +28,38 @@
|
||||
command: "cat {{ keyfile }}"
|
||||
register: key
|
||||
|
||||
# Thanks to https://gist.github.com/shirou/6928012
|
||||
- name: Ensure ssh host key known
|
||||
- name: Ensure known_hosts is commented
|
||||
delegate_to: localhost
|
||||
lineinfile:
|
||||
dest: ~/.ssh/known_hosts
|
||||
create: yes
|
||||
state: present
|
||||
line: "{{ lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
|
||||
line: "# {{ inventory_hostname + '.' + replica_domain }}"
|
||||
|
||||
# Thanks to https://gist.github.com/shirou/6928012
|
||||
- name: Ensure ssh host RSA key known
|
||||
delegate_to: localhost
|
||||
lineinfile:
|
||||
dest: ~/.ssh/known_hosts
|
||||
create: yes
|
||||
state: present
|
||||
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -trsa -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
|
||||
|
||||
# Thanks to https://gist.github.com/shirou/6928012
|
||||
- name: Ensure ssh host ED25519 key known
|
||||
delegate_to: localhost
|
||||
lineinfile:
|
||||
dest: ~/.ssh/known_hosts
|
||||
create: yes
|
||||
state: present
|
||||
line: "{{ ip + ',' + inventory_hostname + '.' + replica_domain + ',' + lookup('pipe', 'ssh-keyscan -ted25519 -p' + ansible_ssh_port + ' ' + inventory_hostname) }}"
|
||||
|
||||
- authorized_key:
|
||||
user: "{{ lookup('env','USER') }}"
|
||||
user: "{{ depriv_user }}"
|
||||
key: "{{ key.stdout }}"
|
||||
state: present
|
||||
exclusive: true
|
||||
name: "Pass authorized key"
|
||||
vars:
|
||||
ansible_ssh_password: "{{ vars['passwords'][inventory_hostname] }}"
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user