Start creating roles

2024-02-16 18:01:26 +02:00 · 2024-02-16 18:01:26 +02:00 · 1316ee640c
parent b9c2685859
commit 1316ee640c
7 changed files with 102 additions and 0 deletions
--- a/ansible/roles/common/tasks/main.yml
+++ b/ansible/roles/common/tasks/main.yml
@ -0,0 +1,9 @@
+---
+
+- name: Add ssh keys for root
+  include_tasks: root_sshkeys.yml
+
+- name: Install sudo as it's needed for 'become'
+  ansible.builtin.package:
+    name: sudo
+    state: present
--- a/ansible/roles/common/tasks/root_sshkeys.yml
+++ b/ansible/roles/common/tasks/root_sshkeys.yml
@ -0,0 +1,8 @@
+---
+
+- name: add ssh keys to root
+  ansible.posix.authorized_key:
+    user: root
+    key: "{{ lookup('file', '../../access/keys/' + item + '.pub') }}"
+    state: present # Note: we don't remove other/existing keys
+  with_items: "{{ ssh_root_keys }}"
--- a/ansible/roles/container-host/tasks/main.yml
+++ b/ansible/roles/container-host/tasks/main.yml
@ -0,0 +1,6 @@
+---
+
+- name: Install podman (w/ quadlet support)
+  ansible.builtin.package:
+    name: podman>=4.4.0 # version 4.4.0 includes the systemd generator
+    state: present
--- a/ansible/roles/container-user/tasks/main.yml
+++ b/ansible/roles/container-user/tasks/main.yml
@ -0,0 +1,24 @@
+---
+
+- name: Check if required parameters are set
+  ansible.builtin.assert:
+    that:
+      - username is defined
+
+- name: Create user
+  ansible.builtin.user:
+    name: "{{ username }}"
+    home: "{{ homedir | default(omit) }}"
+    uid: "{{ uid | default(omit) }}"
+    state: present
+
+# Note: We check whether lingering is already enabled so we show as OK/skipped instead of changed
+- name: Check if user is lingering
+  stat:
+    path: "/var/lib/systemd/linger/{{ username }}"
+  register: user_lingering
+
+- name: Enable session lingering
+  ansible.builtin.command: "loginctl enable-linger {{ username }}"
+  when:
+    - not user_lingering.stat.exists
--- a/ansible/roles/ldap-server/tasks/main.yml
+++ b/ansible/roles/ldap-server/tasks/main.yml
@ -0,0 +1,20 @@
+---
+
+- name: Install OpenLDAP server
+  ansible.builtin.package:
+    name: "{{ install_packages[ansible_os_family] }}"
+    state: present
+  vars:
+    install_packages:
+      Debian:
+        - slapd
+      RedHat:
+        - openldap
+      Suse:
+        - openldap2
+
+- name: Enable and start the OpenLDAP server
+  ansible.builtin.service:
+    name: slapd.service
+    enabled: true
+    state: started
--- a/ansible/roles/postgres-server/handlers/main.yml
+++ b/ansible/roles/postgres-server/handlers/main.yml
@ -0,0 +1,5 @@
+- name: Restart PostgreSQL
+  service:
+    name: postgresql
+    state: restarted
+  listen: "restart postgres"
--- a/ansible/roles/postgres-server/tasks/main.yml
+++ b/ansible/roles/postgres-server/tasks/main.yml
@ -0,0 +1,30 @@
+---
+
+- name: Install PostgreSQL and psycopg2
+  ansible.builtin.package:
+    name: "{{ install_packages[ansible_os_family] }}"
+    state: present
+  vars:
+    install_packages:
+      Debian:
+        - postgresql
+        - python3-psycopg2
+      RedHat:
+        - postgresql
+        - python3-psycopg2
+      Suse:
+        - postgresql
+        - python311-psycopg2
+
+- name: Enable and start the PostgreSQL server
+  ansible.builtin.service:
+    name: postgresql.service
+    enabled: true
+    state: started
+
+- name: Create a PostgreSQL user for root
+  become: true
+  become_user: postgres
+  community.postgresql.postgresql_user:
+    name: root
+    role_attr_flags: SUPERUSER