kris/homelab
kris/homelab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: kris:1d8ae8a0b6a943c52ee1f71205ed038df91123e2
Branches Tags
kris:main
kris:testing
kris:dockerbox_update
kris:HOST_IP
kris:gitea
kris:organize
kris:staticweb
kris:vagrantfile
kris:proxy_script
kris:master
kris:jellyfin
kris:traefik
kris:dockerbox_bullseye
kris:readme
kris:kutt
kris:mediawiki
kris:jekyll
kris:docs
..
compare: kris:d05c5d3086a4d54414a3ede38e866a2d71341615
Branches Tags
kris:main
kris:testing
kris:dockerbox_update
kris:HOST_IP
kris:gitea
kris:organize
kris:staticweb
kris:vagrantfile
kris:proxy_script
kris:master
kris:jellyfin
kris:traefik
kris:dockerbox_bullseye
kris:readme
kris:kutt
kris:mediawiki
kris:jekyll
kris:docs

4 Commits
1d8ae8a0b6 ... d05c5d3086

Author SHA1 Message Date
Kris Lamoureux
d05c5d3086
Slight tweaks on Ansible output 2023-10-19 16:36:05 -04:00
Kris Lamoureux
ac412f16ef
Simplify the "Import GPG keys" loop 2023-10-19 14:09:10 -04:00
Kris Lamoureux
2354a8fb8c
Verify successful GPG imports 2023-10-19 13:37:35 -04:00
Kris Lamoureux
251a7c0dd5
Import PGP key and verify git commits 2023-10-19 02:56:36 -04:00
2 changed files with 34 additions and 6 deletions
Show Stats Expand all files Collapse all files

16
dev/host_vars/docker.yml
View File

@ -2,6 +2,11 @@
allow_reboot: false
manage_network: false
# Import my GPG key for git signature verification
root_gpgkeys:
- name: kris@lamoureux.io
id: FBF673CEEC030F8AECA814E73EDA9C3441EDA925
# docker
docker_users:
- vagrant
@ -10,6 +15,7 @@ docker_users:
#docker_login_user: myuser
#docker_login_pass: YOUR_PASSWD
docker_compose_env_nolog: false # dev only setting
docker_compose_deploy:
# Traefik
- name: traefik
@ -17,9 +23,8 @@ docker_compose_deploy:
version: 31ee724feebc1d5f91cb17ffd6892c352537f194
enabled: true
accept_newhostkey: true # Consider verifying manually instead
# Must manually add my public GPG key to root's keyring
#trusted_keys:
# - FBF673CEEC030F8AECA814E73EDA9C3441EDA925
trusted_keys:
- FBF673CEEC030F8AECA814E73EDA9C3441EDA925
env:
ENABLE: true
@ -29,9 +34,8 @@ docker_compose_deploy:
version: 31ee724feebc1d5f91cb17ffd6892c352537f194
enabled: true
accept_newhostkey: true # Consider verifying manually instead
# Must manually add my public GPG key to root's keyring
#trusted_keys:
# - FBF673CEEC030F8AECA814E73EDA9C3441EDA925
trusted_keys:
- FBF673CEEC030F8AECA814E73EDA9C3441EDA925
env:
ENABLE: true
VERSION: "2.10"

24
roles/base/tasks/system.yml
View File

@ -9,6 +9,30 @@
name: gpg
state: present
- name: Check for existing GPG keys
command: "gpg --list-keys {{ item.id }} 2>/dev/null"
register: gpg_check
loop: "{{ root_gpgkeys }}"
failed_when: false
changed_when: false
when: root_gpgkeys is defined
- name: Import GPG keys
command: "gpg --keyserver {{ item.item.server | default('keys.openpgp.org') }} --recv-key {{ item.item.id }}"
register: gpg_check_import
loop: "{{ gpg_check.results }}"
loop_control:
label: "{{ item.item }}"
when: root_gpgkeys is defined and item.rc != 0
- name: Check GPG key imports
fail:
msg: "{{ item.stderr }}"
loop: "{{ gpg_check_import.results }}"
loop_control:
label: "{{ item.item.item }}"
when: (item.skipped | default(false) == false) and ('imported' not in item.stderr)
- name: Install NTPsec
ansible.builtin.apt:
name: ntpsec