alecodes/homelab
2
1
Fork 0
Code Issues 20 Pull requests Projects 1 Releases Packages Wiki Activity Actions

feat: configure ssh connection on local machine on setup

Browse source
This commit is contained in:
Alexander Navarro 2024-12-12 12:30:40 -03:00
parent 6fa7d0fbd3
commit 449340969c
4 changed files with 77 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

49
roles/common/files/aleidk_key
View file

@ -1,25 +1,26 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
61633965313636313234353338653466663733656339366561393932626364383439333034646136 34616439393863343134346564363235333431646332363166323334663930396535666537396134
3839303430636532306232303430356132373865306232310a663265343738613034343036653761 6635626161363831383865396632396166623438633437320a663934643830366464386431356535
35303732633663323232633362373232366666393736376435653632666165656432646366656231 30363035666263633038386431363434316166653763333239333330336139633965366134636139
3663323862623830650a306139323764353435616238396438313766643836313363636638613761 6565396438383835340a306461303831333330623564323230373030363736313232653338613761
33656566643763333962373063343734356639313564643934316439666664623432613135303963 66663131343661626333613033353438343364363435343534623838653865383565623432343338
34346239313137616361336538636237623436323566626166616265663264326632663665623866 39333262316164383661356337383239663732346465313336353963666165656363663431636237
31353938343938626631333635313661336263333132376231653030346664363863343939346435 33373061303164336539383332386563393338346661386365323232303866376234376239626234
65613561376664633931363963633038623430643332663231363034396335346463306334613931 31356632643133396432353435616536646433346461306466326466656236626537393963346138
62613334313363643832353136363434643034383939313463613838346639373536393264393066 38383632376335356661613362383462393538386634363430306535343763313761626361613466
37346630303762663363313535346638633535323732636562306435316261323935323363363836 31306235616566383839303466326233656331643333633566636431343932643165326331633863
66653133313264353861326637306131333437303261336362383336373061346231633064653139 63653965356565306234303333316466323161356364616431326535646263626534366433613937
38326564636534373966336535343165363137346261386464326161613264393339393661356337 65633634383666386561373338666166636232633966303030313534633031326663663231623132
62343062363530333339663932663366313030326533333239613265326135353264383835383036 30343461626265633565616266636231353066663964323062343136636138316632646533366466
39643034353435353064316234313864653631313631376333313438306565373164613030383139 65363938646531336131396334636432633431306663653961393539326661613531636538313863
62373836336262316237376433313964306337636263343233363530323831343163333265373536 64656164383339633534323939663162376463383230353461643963353330643235343265636263
33383036393534326561626565366461623438643734306663333238623563383131306361306639 33356532353566626263323663303063323731373230353034623132396130643362663565393662
31656537623931303830623338313630633562653762613532363338353938636463396138666363 62643630616665353536616362383663646534623333626164333735663439356432353330643866
66666137663363653938323261653238396633653238346365323664316361353831353034376230 30343232373739346532376365653132636664373531643438396461376362323563353931633561
66623733343233366632656461656632323839326530313532336139373636613966393238626234 66636662303363313539316239613465366266633930313534613231393739313330333039313732
33343039343039623831323539616434356132303030663136373337633532363761383066353730 62343234313863316333663534613433396331623265626664663332356261363662666463346436
62323263643264383163333962366239333363346366316562336339356637306563663632353337 62653435616337376565656534363766356534396537656535666336383232326264653136643539
30376430643732373162333035383266663063663634663233313133363931333565386230326362 31343030616538633864373833666264396332656338366563636435313563303736653534343763
36666633343661313039386662623861313761353163386662336536663866383463643338653066 31383931626661666430393661613838656164333039643261303239313566306539333330363836
63326335356431646465 65623864333632653463656131336538303337343236323938623763623035643565666437653838
6637

18
roles/common/files/aleidk_key.pub
View file

@ -1,10 +1,10 @@
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256
65316163633033323362323465383233343166663965353634623531343230333966383133633035 33303135313364353036303264633765653631623035363566666532633264633034656139353631
3139663363333965636634326264633264303765323436610a336166663166376265366466353730 6135306466373836613933393939306463633337613966390a636163633565373733313763656233
39396532366562383935353234376563356332653637643737373930656331326135306236373137 33643366393065323136306463353531643530306635343662316164373365643366396631323565
3865323265343231660a666130666430623239613731646332393762623066643964386130633538 3766623235366137380a623232623534643066303765616236653461643566393566383538346635
35346532656262363964656438613236323932306139663465383361393235326332383438623366 36373030626536383938383531386531336635346262383065646539393661356631346166376665
65353833646365363832636333393161626535316535626534383462336233353061366566386138 33303961613333636564623437356364333135393037326264323438313430303764323732636362
63353564326130633063383661343932363735326464346236373631643432363332623936376464 30636331313963393531646531613133343963653465363165366161393833373632316430363463
31313765656133383536376334323335333439376162373432373462373266306131323639353136 38313136643365343665613135343234363664316366353365333936656561653838656664346561
3931 35643139386430373736623962353030613436633332663832326532653436313266

47
roles/common/tasks/main.yaml
View file

@ -1,24 +1,51 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/refs/heads/main/src/ansiblelint/schemas/tasks.json # yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/refs/heads/main/src/ansiblelint/schemas/tasks.json
- name: Setup users - name: Setup users
loop: "{{ users }}" loop: "{{ users | dict2items }}"
ansible.builtin.user: ansible.builtin.user:
state: present state: present
name: "{{ item.name }}" name: "{{ item.key }}"
system: "{{ item.system }}" system: "{{ item.value.system }}"
shell: "{{ item.shell }}" shell: "{{ item.value.shell }}"
create_home: true create_home: true
password: "{{ (item.password != '!' or item.password != '*') | ternary(item.password | password_hash('sha512'), item.password) }}" password: "{{ (item.value.password != '!' or item.value.password != '*') | ternary(item.value.password | password_hash('sha512'), item.value.password) }}"
groups: "{{ item.groups + (extra_groups | default([])) }}" groups: "{{ item.value.groups + (extra_groups | default([])) }}"
- name: Add SSH public key to users - name: Add SSH public key to users
loop: "{{ users }}" loop: "{{ users | dict2items }}"
ansible.posix.authorized_key: ansible.posix.authorized_key:
user: "{{ item.name }}" user: "{{ item.key }}"
state: present state: present
exclusive: true exclusive: true
key: "{{ item.ssh_keys.pub }}" key: "{{ lookup('file', item.value.ssh_keys.pub) }}"
key_options: "{{ 'command=\"' + robo_allowed_commands | join('; ') + '\"' if robo_allowed_commands is defined and item.name == 'robo' else omit }}" key_options: "{{ 'command=\"' + robo_allowed_commands | join('; ') + '\"' if robo_allowed_commands is defined and item.key == 'robo' else omit }}"
- name: Configure SSH login for current user if present
vars:
user_name: "{{ lookup('env', 'USER') }}"
user_dir: "{{ lookup('env', 'HOME') }}"
current_user: "{{ users[user_name] | default(None) }}"
when: current_user
block:
- name: Save SSH Key in localhost
run_once: True
local_action:
module: copy
src: "{{ current_user.ssh_keys.priv }}"
dest: "{{ user_dir }}/.ssh/credentials/homelab"
owner: "{{ user_name }}"
group: "{{ user_name }}"
mode: '0600'
- name: Configure SSH host
local_action:
module: community.general.ssh_config
user: "{{ user_name }}"
host: "{{ inventory_hostname }}"
hostname: "{{ ansible_default_ipv4.address }}"
identity_file: "{{ user_dir }}/.ssh/credentials/homelab"
port: "{{ ansible_port | default(22) }}"
state: present
- name: Disable password authentication for SSH - name: Disable password authentication for SSH
become: true become: true

12
roles/common/vars/main.yaml
View file

@ -1,7 +1,7 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/refs/heads/main/src/ansiblelint/schemas/vars.json # yaml-language-server: $schema=https://raw.githubusercontent.com/ansible/ansible-lint/refs/heads/main/src/ansiblelint/schemas/vars.json
--- ---
users: users:
- name: aleidk aleidk:
shell: /bin/sh shell: /bin/sh
system: false system: false
groups: groups:
@ -14,10 +14,10 @@ users:
3861326166353836330a333563623030346563353264313333363132633238636463623761313635 3861326166353836330a333563623030346563353264313333363132633238636463623761313635
3432 3432
ssh_keys: ssh_keys:
priv: "{{ lookup('file', 'files/aleidk_key') }}" priv: files/aleidk_key
pub: "{{ lookup('file', 'files/aleidk_key.pub') }}" pub: files/aleidk_key.pub
- name: robo robo:
shell: /bin/sh shell: /bin/sh
system: true system: true
groups: [] groups: []
@ -29,5 +29,5 @@ users:
6433373636316237330a343139363432653737376465633538636639626238613266646664366166 6433373636316237330a343139363432653737376465633538636639626238613266646664366166
3136 3136
ssh_keys: ssh_keys:
priv: "{{ lookup('file', 'files/robo_key') }}" priv: files/robo_key
pub: "{{ lookup('file', 'files/robo_key.pub') }}" pub: files/robo_key.pub