testing
This commit is contained in:
@@ -5,6 +5,18 @@
|
|||||||
allow_reboot: false
|
allow_reboot: false
|
||||||
manage_network: false
|
manage_network: false
|
||||||
|
|
||||||
|
root_gpgkeys:
|
||||||
|
- id: 42A3A92C5DA0F3E5F71A3710105B748C1362EB96
|
||||||
|
|
||||||
|
scripts:
|
||||||
|
- name: gotify
|
||||||
|
url: https://github.com/krislamo/dotfiles
|
||||||
|
version: 999d745710b9db500e82d1a0d0107ac5d623a669
|
||||||
|
path: gotify/.local/bin/gotify
|
||||||
|
dest: /usr/local/bin/gotify
|
||||||
|
trusted_keys:
|
||||||
|
- 42A3A92C5DA0F3E5F71A3710105B748C1362EB96
|
||||||
|
|
||||||
################
|
################
|
||||||
#### proxy #####
|
#### proxy #####
|
||||||
################
|
################
|
||||||
|
|||||||
@@ -18,8 +18,10 @@
|
|||||||
when: root_gpgkeys is defined
|
when: root_gpgkeys is defined
|
||||||
|
|
||||||
- name: Import GPG keys
|
- name: Import GPG keys
|
||||||
ansible.builtin.command:
|
ansible.builtin.command: >-
|
||||||
"gpg --keyserver {{ item.item.server | default('keys.openpgp.org') }} --recv-key {{ item.item.id }}"
|
gpg
|
||||||
|
--keyserver {{ item.item.server | default('keys.openpgp.org') }}
|
||||||
|
--recv-key {{ item.item.id }}
|
||||||
register: gpg_check_import
|
register: gpg_check_import
|
||||||
loop: "{{ gpg_check.results }}"
|
loop: "{{ gpg_check.results }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
@@ -33,7 +35,61 @@
|
|||||||
loop: "{{ gpg_check_import.results }}"
|
loop: "{{ gpg_check_import.results }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
label: "{{ item.item.item }}"
|
label: "{{ item.item.item }}"
|
||||||
when: root_gpgkeys is defined and (not item.skipped | default(false)) and ('imported' not in item.stderr)
|
when:
|
||||||
|
- root_gpgkeys is defined
|
||||||
|
- not item.skipped | default(false)
|
||||||
|
- "'imported' not in item.stderr"
|
||||||
|
|
||||||
|
- name: Create /opt/scripts directories
|
||||||
|
ansible.builtin.file:
|
||||||
|
path: "{{ item }}"
|
||||||
|
state: directory
|
||||||
|
mode: "755"
|
||||||
|
loop:
|
||||||
|
- /opt/scripts
|
||||||
|
- /opt/scripts/.keys
|
||||||
|
when: scripts is defined
|
||||||
|
|
||||||
|
- name: Generate OpenSSH deploy keys for script clones
|
||||||
|
community.crypto.openssh_keypair:
|
||||||
|
path: /opt/scripts/.keys/id_ed25519
|
||||||
|
type: ed25519
|
||||||
|
comment: "{{ ansible_hostname }}-deploy-key"
|
||||||
|
mode: "400"
|
||||||
|
state: present
|
||||||
|
when: scripts is defined
|
||||||
|
|
||||||
|
- name: Check for git installation
|
||||||
|
ansible.builtin.apt:
|
||||||
|
name: git
|
||||||
|
state: present
|
||||||
|
when: scripts is defined
|
||||||
|
|
||||||
|
- name: Clone external scripts projects
|
||||||
|
ansible.builtin.git:
|
||||||
|
repo: "{{ item.url }}"
|
||||||
|
dest: "/opt/scripts/{{ item.name }}"
|
||||||
|
version: "{{ item.version }}"
|
||||||
|
accept_newhostkey: "{{ item.accept_newhostkey | default(false) }}"
|
||||||
|
gpg_allowlist: "{{ item.trusted_keys | default([]) }}"
|
||||||
|
verify_commit: "{{ true if (item.trusted_keys is defined and item.trusted_keys) else false }}"
|
||||||
|
key_file: /opt/scripts/.keys/id_ed25519
|
||||||
|
loop: "{{ scripts }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.url }}"
|
||||||
|
when: scripts is defined
|
||||||
|
tags: scripts
|
||||||
|
|
||||||
|
- name: Synchronize scripts
|
||||||
|
ansible.posix.synchronize:
|
||||||
|
src: "/opt/scripts/{{ item.name }}/{{ item.path }}"
|
||||||
|
dest: "{{ item.dest }}"
|
||||||
|
delegate_to: "{{ inventory_hostname }}"
|
||||||
|
loop: "{{ scripts | default([]) }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
|
when: scripts is defined and scripts | length > 0
|
||||||
|
tags: scripts
|
||||||
|
|
||||||
- name: Install NTPsec
|
- name: Install NTPsec
|
||||||
ansible.builtin.apt:
|
ansible.builtin.apt:
|
||||||
|
|||||||
Reference in New Issue
Block a user