Start creating roles

2024-02-16 18:01:26 +02:00 · 2024-02-16 18:01:26 +02:00 · 1316ee640c
parent b9c2685859
commit 1316ee640c
7 changed files with 102 additions and 0 deletions
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@ -0,0 +1,9 @@
 ---
 - name: Add ssh keys for root
  include_tasks: root_sshkeys.yml
 - name: Install sudo as it's needed for 'become'
  ansible.builtin.package:
    name: sudo
    state: present
--- a/ansible/roles/common/tasks/root_sshkeys.yml
+++ b/ansible/roles/common/tasks/root_sshkeys.yml
@ -0,0 +1,8 @@
 ---
 - name: add ssh keys to root
  ansible.posix.authorized_key:
    user: root
    key: "{{ lookup('file', '../../access/keys/' + item + '.pub') }}"
    state: present # Note: we don't remove other/existing keys
  with_items: "{{ ssh_root_keys }}"
--- a/ansible/roles/container-host/tasks/main.yml
+++ b/ansible/roles/container-host/tasks/main.yml
@ -0,0 +1,6 @@
 ---
 - name: Install podman (w/ quadlet support)
  ansible.builtin.package:
    name: podman>=4.4.0 # version 4.4.0 includes the systemd generator
    state: present
--- a/ansible/roles/container-user/tasks/main.yml
+++ b/ansible/roles/container-user/tasks/main.yml
@ -0,0 +1,24 @@
 ---
 - name: Check if required parameters are set
  ansible.builtin.assert:
    that:
      - username is defined
 - name: Create user
  ansible.builtin.user:
    name: "{{ username }}"
    home: "{{ homedir | default(omit) }}"
    uid: "{{ uid | default(omit) }}"
    state: present
 # Note: We check whether lingering is already enabled so we show as OK/skipped instead of changed
 - name: Check if user is lingering
  stat:
    path: "/var/lib/systemd/linger/{{ username }}"
  register: user_lingering
 - name: Enable session lingering
  ansible.builtin.command: "loginctl enable-linger {{ username }}"
  when:
    - not user_lingering.stat.exists
--- a/ansible/roles/ldap-server/tasks/main.yml
+++ b/ansible/roles/ldap-server/tasks/main.yml
@ -0,0 +1,20 @@
 ---
 - name: Install OpenLDAP server
  ansible.builtin.package:
    name: "{{ install_packages[ansible_os_family] }}"
    state: present
  vars:
    install_packages:
      Debian:
        - slapd
      RedHat:
        - openldap
      Suse:
        - openldap2
 - name: Enable and start the OpenLDAP server
  ansible.builtin.service:
    name: slapd.service
    enabled: true
    state: started
--- a/ansible/roles/postgres-server/handlers/main.yml
+++ b/ansible/roles/postgres-server/handlers/main.yml
@ -0,0 +1,5 @@
 - name: Restart PostgreSQL
  service:
    name: postgresql
    state: restarted
  listen: "restart postgres"
--- a/ansible/roles/postgres-server/tasks/main.yml
+++ b/ansible/roles/postgres-server/tasks/main.yml
@ -0,0 +1,30 @@
 ---
 - name: Install PostgreSQL and psycopg2
  ansible.builtin.package:
    name: "{{ install_packages[ansible_os_family] }}"
    state: present
  vars:
    install_packages:
      Debian:
        - postgresql
        - python3-psycopg2
      RedHat:
        - postgresql
        - python3-psycopg2
      Suse:
        - postgresql
        - python311-psycopg2
 - name: Enable and start the PostgreSQL server
  ansible.builtin.service:
    name: postgresql.service
    enabled: true
    state: started
 - name: Create a PostgreSQL user for root
  become: true
  become_user: postgres
  community.postgresql.postgresql_user:
    name: root
    role_attr_flags: SUPERUSER