Seeding Aether

roles/Aether/tasks/main.yml

@@ -0,0 +1,64 @@
+---
+
+ - name: Install the package
+   become: true
+   ignore_errors: true
+   package:
+     name: Aether
+     state: present
+
+ - name: Validate the user
+   vars:
+     service_account: aether
+   include_tasks: ../roles/common/service_account.yml
+
+ - name: Ensure the Aether identity is protected.
+   become: true
+   file:
+     path: "{{ item }}"
+     state: directory
+     owner: aether
+     group: aether
+     mode: 0700
+   loop:
+     - /home/aether/.ssh
+     - /usr/local/etc/Aether
+     - /usr/local/etc/Aether/backup-entries
+     - /usr/local/backup
+
+ - name: Ensure the Aether identity exists
+   delegate_to: Core # Core will track the identity that will then be shared to everyone else.
+   become: true
+   command:
+     creates: /home/aether/.ssh/aether
+     chdir: /home/aether/.ssh/
+     cmd: ssh-keygen -t ed25519 -N "" -f ./aether
+
+ - name: Read the Aether identity
+   become: true
+   delegate_to: Core
+   command: cat /home/aether/.ssh/aether
+   register: aether_key
+
+ - name: Read the Aether public identity
+   become: true
+   delegate_to: Core
+   command: cat /home/aether/.ssh/aether.pub
+   register: aether_pubkey
+
+ - include_tasks: source.yml
+   when: "{{ inventory_hostname }} is 'Core'"
+
+ - include_tasks: client.yml
+   when: "{{ inventory_hostname }} is 'Core'"
+
+ - name: Ensure the Aether identity files are protected.
+   become: true
+   file:
+     path: "{{ item }}"
+     owner: aether
+     group: aether
+     mode: 0600
+   loop:
+     - /home/aether/.ssh/aether
+     - /home/aether/.ssh/aether.pub