From 1316ee640cc9efe2e3804d008b7cbbf98732d9a5 Mon Sep 17 00:00:00 2001 From: Albert Stefanov Date: Fri, 16 Feb 2024 18:01:26 +0200 Subject: [PATCH] Start creating roles --- ansible/roles/common/tasks/main.yml | 9 ++++++ ansible/roles/common/tasks/root_sshkeys.yml | 8 +++++ ansible/roles/container-host/tasks/main.yml | 6 ++++ ansible/roles/container-user/tasks/main.yml | 24 +++++++++++++++ ansible/roles/ldap-server/tasks/main.yml | 20 +++++++++++++ .../roles/postgres-server/handlers/main.yml | 5 ++++ ansible/roles/postgres-server/tasks/main.yml | 30 +++++++++++++++++++ 7 files changed, 102 insertions(+) create mode 100644 ansible/roles/common/tasks/main.yml create mode 100644 ansible/roles/common/tasks/root_sshkeys.yml create mode 100644 ansible/roles/container-host/tasks/main.yml create mode 100644 ansible/roles/container-user/tasks/main.yml create mode 100644 ansible/roles/ldap-server/tasks/main.yml create mode 100644 ansible/roles/postgres-server/handlers/main.yml create mode 100644 ansible/roles/postgres-server/tasks/main.yml diff --git a/ansible/roles/common/tasks/main.yml b/ansible/roles/common/tasks/main.yml new file mode 100644 index 0000000..8cbcceb --- /dev/null +++ b/ansible/roles/common/tasks/main.yml @@ -0,0 +1,9 @@ +--- + +- name: Add ssh keys for root + include_tasks: root_sshkeys.yml + +- name: Install sudo as it's needed for 'become' + ansible.builtin.package: + name: sudo + state: present diff --git a/ansible/roles/common/tasks/root_sshkeys.yml b/ansible/roles/common/tasks/root_sshkeys.yml new file mode 100644 index 0000000..f840b9e --- /dev/null +++ b/ansible/roles/common/tasks/root_sshkeys.yml @@ -0,0 +1,8 @@ +--- + +- name: add ssh keys to root + ansible.posix.authorized_key: + user: root + key: "{{ lookup('file', '../../access/keys/' + item + '.pub') }}" + state: present # Note: we don't remove other/existing keys + with_items: "{{ ssh_root_keys }}" diff --git a/ansible/roles/container-host/tasks/main.yml b/ansible/roles/container-host/tasks/main.yml new file mode 100644 index 0000000..667b7c5 --- /dev/null +++ b/ansible/roles/container-host/tasks/main.yml @@ -0,0 +1,6 @@ +--- + +- name: Install podman (w/ quadlet support) + ansible.builtin.package: + name: podman>=4.4.0 # version 4.4.0 includes the systemd generator + state: present diff --git a/ansible/roles/container-user/tasks/main.yml b/ansible/roles/container-user/tasks/main.yml new file mode 100644 index 0000000..625c230 --- /dev/null +++ b/ansible/roles/container-user/tasks/main.yml @@ -0,0 +1,24 @@ +--- + +- name: Check if required parameters are set + ansible.builtin.assert: + that: + - username is defined + +- name: Create user + ansible.builtin.user: + name: "{{ username }}" + home: "{{ homedir | default(omit) }}" + uid: "{{ uid | default(omit) }}" + state: present + +# Note: We check whether lingering is already enabled so we show as OK/skipped instead of changed +- name: Check if user is lingering + stat: + path: "/var/lib/systemd/linger/{{ username }}" + register: user_lingering + +- name: Enable session lingering + ansible.builtin.command: "loginctl enable-linger {{ username }}" + when: + - not user_lingering.stat.exists \ No newline at end of file diff --git a/ansible/roles/ldap-server/tasks/main.yml b/ansible/roles/ldap-server/tasks/main.yml new file mode 100644 index 0000000..2937a58 --- /dev/null +++ b/ansible/roles/ldap-server/tasks/main.yml @@ -0,0 +1,20 @@ +--- + +- name: Install OpenLDAP server + ansible.builtin.package: + name: "{{ install_packages[ansible_os_family] }}" + state: present + vars: + install_packages: + Debian: + - slapd + RedHat: + - openldap + Suse: + - openldap2 + +- name: Enable and start the OpenLDAP server + ansible.builtin.service: + name: slapd.service + enabled: true + state: started \ No newline at end of file diff --git a/ansible/roles/postgres-server/handlers/main.yml b/ansible/roles/postgres-server/handlers/main.yml new file mode 100644 index 0000000..af3f58f --- /dev/null +++ b/ansible/roles/postgres-server/handlers/main.yml @@ -0,0 +1,5 @@ +- name: Restart PostgreSQL + service: + name: postgresql + state: restarted + listen: "restart postgres" \ No newline at end of file diff --git a/ansible/roles/postgres-server/tasks/main.yml b/ansible/roles/postgres-server/tasks/main.yml new file mode 100644 index 0000000..e1845d9 --- /dev/null +++ b/ansible/roles/postgres-server/tasks/main.yml @@ -0,0 +1,30 @@ +--- + +- name: Install PostgreSQL and psycopg2 + ansible.builtin.package: + name: "{{ install_packages[ansible_os_family] }}" + state: present + vars: + install_packages: + Debian: + - postgresql + - python3-psycopg2 + RedHat: + - postgresql + - python3-psycopg2 + Suse: + - postgresql + - python311-psycopg2 + +- name: Enable and start the PostgreSQL server + ansible.builtin.service: + name: postgresql.service + enabled: true + state: started + +- name: Create a PostgreSQL user for root + become: true + become_user: postgres + community.postgresql.postgresql_user: + name: root + role_attr_flags: SUPERUSER \ No newline at end of file