klal

roles/docker/vars/main.yml

@@ -0,0 +1 @@
+mode: cert

roles/init/files/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCjPi74gAHT2GBbKWWmmUrzzrhKQN3mnz3DTWn02KhbgWs6MRLlTrn2fLqB4hkoVEOat29wAOJ2xuY4aEjGfO6nl/3ka3oqslwxW9GqFCRXVHnF3b+Wly+jkn3tbht+gjFK4x0np1WZbpTI/nR7gElWa774LCHy5i4fm5ISoCHzRMsKd3dVF4YOte6QC9Uu4uQQjpZWksYRjANtXAk5EDEOERz+Dh8RDkXbGYW2vx1ihNQGh53z3c6W6bajGq3qx/+G905MtRgutbHWOOYSE8o2q3vaDkCNA6Fjd3P6gHTPcRjFEfoHc8Vxp0vjR9e6ol8X7D+GEL6g6QN656772Zo3/Qka0rJ/zMnT3gZ2S4i0CzmqDoecbzDCX7ywwuwgvlmJGOswgwwOKP/E0/RnWi63BUFV/fU9o5nr9ZXgkiRa9ZCzubHZhxyN6Z7EhcOVnMbvfV1W5Fn/vbj84YudCLmzrk5qvpQ+qVsMXi1GPIEyFwyg/Afu5JTpNE5+4ViFzTM= jd@morefine

roles/init/tasks/main.yml

@@ -0,0 +1,53 @@
+- name: Init
+  become: "{{ 'no' if inventory_hostname in ['sectorq.cloud', 'nas.home.lan'] else 'yes' }}"
+  become_method: su
+  block:
+    - name: Include vault
+      ansible.builtin.include_vars:
+        file: jaydee.yml
+    - name: Change password for jd
+      ansible.builtin.user:
+        name: jd
+        password: "{{ jd_password | password_hash('sha512') }}"
+    - name: Ensure deploy user exists
+      ansible.builtin.user:
+        name: jd
+        shell: /bin/bash
+        groups: sudo
+        append: true
+    - name: Give deploy sudo access
+      ansible.builtin.copy:
+        dest: /etc/sudoers.d/jd
+        content: "jd ALL=(ALL:ALL) ALL\n"
+        owner: root
+        group: root
+        mode: '0440'
+
+    - name: Change password for root
+      ansible.builtin.user:
+        name: root
+        password: "{{ jd_password | password_hash('sha512') }}"
+    - name: Update become password for subsequent tasks
+      ansible.builtin.set_fact:
+        ansible_become_password: "{{ jd_password }}"
+
+    - name: Add authorized SSH key
+      ansible.posix.authorized_key:
+        user: "jd"
+        key: "{{ lookup('file', 'id_rsa.pub') }}"
+        state: present
+
+    - name: Set timezone to Europe/Bratislava
+      ansible.builtin.command:
+        cmd: timedatectl set-timezone Europe/Bratislava
+      args:
+        creates: /etc/timezone
+    - name: Set hostname
+      ansible.builtin.hostname:
+        name: "{{ inventory_hostname }}"
+    - name: Add host entry to /etc/hosts
+      ansible.builtin.lineinfile:
+        path: /etc/hosts
+        regexp: "^127.0.0.1 .*"
+        line: "127.0.0.1 {{ inventory_hostname }} {{ inventory_hostname.split('.')[0] }}"
+        state: present

roles/letsgo/tasks/main.yml

@@ -0,0 +1,11 @@
+- name: Letsgo
+  become: "{{ 'no' if inventory_hostname in ['sectorq.cloud', 'nas.home.lan'] else 'yes' }}"
+  block:
+    - name: Include roles
+      ansible.builtin.include_role:
+        name: "{{ roles_item }}"
+      loop_control:
+        loop_var: roles_item
+      loop:
+        - cert_gen
+        - docker