ansible user

ansiblefuckery.yaml

@@ -0,0 +1,6 @@
+---
+- name: "Add ansible stuff"
+  hosts: all
+  roles:
+    - ansibleuser
+...

dbhosts.yaml

@@ -1,6 +1,6 @@
 ---
 - name: "Deploy database server base"
-  hosts: postgres, mariadb
+  hosts: postgres
   roles:
     - netplan
     - common

docker-host.yaml

@@ -1,9 +1,10 @@
 ---
 - name: "Deploy basic webhost with Docker"
-  hosts: keycloak, drone, swagger, guacamole, bitwarden, nexus, nextcloud 
+  hosts: docker-webhosts
   roles:
     - netplan
     - common
     - docker
     - webserver
     - internalsmtp
+...

host_vars/backup.yaml

@@ -1,4 +1,5 @@
 ---
+ansible_host: backup.stargate.internal
 servicename: mckay
 backup:
   host: oniel.tormakristof.eu

host_vars/bitwarden.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: bitwarden.stargate.internal
+...

host_vars/drone-runner.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: drone-runner.stargate.internal
+...

host_vars/drone.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: drone.stargate.internal
+...

host_vars/git.yaml

@@ -1,4 +1,5 @@
 ---
+ansible_host: git.stargate.internal
 servicename: git
 backup:
   folder: "/home/service-user"

host_vars/guacamole.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: guacamole.stargate.internal
+...

host_vars/keycloak.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: keycloak.stargate.internal
+...

host_vars/mariadb.yaml

@@ -1,14 +0,0 @@
----
-servicename: mysql
-firewall:
-  - port: "3306"
-    proto: tcp
-    interface: "eth0"
-backup:
-  folder: "/var/lib/mysql/backup"
-  tarfolder: "backup"
-  host: backup.stargate.internal
-  internal: true
-  prearecommand: "time ( mysqldump --all-databases --single-transaction --quick --lock-tables=false > /var/lib/mysql/backup/mysqldump.sql"
-  basedir: /mnt/backupstore
-...

host_vars/neko.yaml

@@ -1,4 +1,5 @@
 ---
+ansible_host: zelenka.stargate.internal
 firewall:
   - port: "ssh"
     proto: tcp

host_vars/nextcloud.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: nextcloud.stargate.internal
+...

host_vars/nexus.yaml

@@ -1,4 +1,5 @@
 ---
+ansible_host: nexus.stargate.internal
 webserver:
   - domain: "nexus.kmlabz.com"
     port: 8080

host_vars/openvpn.yaml

@@ -1,4 +1,5 @@
 ---
+ansible_host: openvpn.stargate.internal
 firewall:
   - port: "1194"
     proto: udp

host_vars/postgres.yaml

@@ -1,4 +1,5 @@
 ---
+ansible_host: postgres.stargate.internal
 servicename: postgres
 firewall:
   - port: "5432"

host_vars/smtp.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: smtp.stargate.internal
+...

host_vars/sonar.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: sonar.stargate.internal
+...

host_vars/swagger.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: swagger.stargate.internal
+...

host_vars/webgateway.yaml

@@ -0,0 +1,3 @@
+---
+ansible_host: apache.stargate.internal
+...

inventory.yaml

@@ -7,39 +7,29 @@ all:
     woolsey:
       hosts:
         neko:
-          ansible_host: zelenka.stargate.internal
         drone:
-          ansible_host: drone.stargate.internal
         keycloak:
-          ansible_host: keycloak.stargate.internal
         sonar:
-          ansible_host: sonar.stargate.internal
         swagger:
-          ansible_host: swagger.stargate.internal
         drone-runner:
-          ansible_host: drone-runner.stargate.internal
         smtp:
-          ansible_host: smtp.stargate.internal
         webgateway:
-          ansible_host: apache.stargate.internal
         openvpn:
-          ansible_host: openvpn.stargate.internal
         nexus:
-          ansible_host: nexus.stargate.internal
         git:
-          ansible_host: git.stargate.internal
         postgres:
-          ansible_host: postgres.stargate.internal
     mckay:
       hosts:
         guacamole:
-          ansible_host: guacamole.stargate.internal
         bitwarden:
-          ansible_host: bitwarden.stargate.internal
         nextcloud:
-          ansible_host: nextcloud.stargate.internal
-        mariadb:
-          ansible_host: mysql.stargate.internal
         backup:
-          ansible_host: backup.stargate.internal
+    docker-webhosts:
+        keycloak:
+        drone:
+        swagger:
+        guacamole:
+        bitwarden:
+        nexus:
+        nextcloud :
 ...

roles/ansibleuser/files/authorized_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDFkYMmPYQ8hs6D5tuTt+sEofoMd2GTXyS97mh8maXmets3eS8iMm2W4Pppaqj9lMIsYdDX0BZvbmuQa+iNKchj6HJPtvdx2Rhus1UGn74iy/NtgogWFHL9YEYILzc5lBqotV5o3z/wRMfSwqnVwYBZ7OI+LJenwf76bIUm6lVqyh2Qh9/wWOyGpUVitDpUVi/h2J3xZf8Z2r1vHFdMHJygrrKn3C4vsZobHJ48iq8QWj1vwfMavq6dgJtiS4/WUTvHuzjfHdyyO7akBM66Ul41UlGG5iqkIKTIzLECXPPWWe/vCIcumkeMxtoY0pxpsgKu1kgqhNs8Q+hgF/H+lIlXtzsZ5gKUwhS7sUNejNywaMjcOUVvnRVXh3FaH9t8HK7mGouaN7q+ghNbMKLlxueP5mpgzK+APaRcNjA/4JyXN750l22xM6YQkxqOeuK5FS/TVmn2H6otaxGrfGz1sfYyynvWSMqpNStuCjCYfEHBLqPKX5tpG8z/gGNa/51CQvM= tormakris@woolsey.tormakris.dev

roles/ansibleuser/tasks/main.yaml

@@ -0,0 +1,20 @@
+---
+- name: "Add ansible user"
+  ansible.builtin.user:
+    name: ansible
+    comment: Ansible
+    shell: /bin/bash
+
+- name: "Add ansible user to sudo group"
+  ansible.builtin.user:
+    name: ansible
+    comment: Ansible
+    groups: sudo
+    append: yes
+
+- name: Add public key to authorized keys
+  ansible.posix.authorized_key:
+    user: ansible
+    state: present
+    key: authorized_keys
+...