restructure repo
This commit is contained in:
DerLinkman
14
roles/manage-ssh-keys/defaults/main.yml
Normal file
14
roles/manage-ssh-keys/defaults/main.yml
Normal file
@@ -0,0 +1,14 @@
|
||||
---
|
||||
ssh_user: "root"
|
||||
authorized_keys_file: >-
|
||||
{{ "/root/.ssh/authorized_keys" if ssh_user == "root" else "/home/{{ ssh_user }}/.ssh/authorized_keys" }}
|
||||
|
||||
# Liste der erwünschten (Good) Keys
|
||||
good_keys:
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/XwF0Na+YH7lRqGtwEcyIMVGTQZetNDrC9sZ8ofjC5 niklas@Linkman-PC"
|
||||
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINPHSP1qvaoJDwMtka6UV9aOw24cKHBOa2Eyx7JBmhEg dennis@DESKTOP-V99ARL9"
|
||||
|
||||
# Liste der unerwünschten (Bad) Keys
|
||||
bad_keys:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgNIBhFlWa82Q0f2EnPcpHsP5JmmGpxyWVUhfpWV3KLvNkl63aGBRZW1gEoda1P5j/ESkwHntVeen8vHjqlQ/ZB9Bs3XtWwsvtS8gfyCoRqgQVQ31T52KVT3QL8/ep0RYwG+3VbE9yvQgeELJETzpXWoyY9+RrPG1gMdArML5cO1NCizShsxNKgHe75+GjCdEe3HMUuCcfJ23JqxPqgA5HoGW1mGsbI1LnLn1fqgmywSKET5LpkKHtHjrXFtQi2NKEnZ3RNxgh60v4amvMKLsxBk1vAn40X+ZeLJwNMpMHep2IzvO67inlj9iWaY5VXjZznLXzd85zhTO3eDv+yAp9 linkman-pc-2022"
|
||||
# - "ssh-rsa AAAAB3... badkey2"
|
||||
13
roles/manage-ssh-keys/handlers/main.yml
Normal file
13
roles/manage-ssh-keys/handlers/main.yml
Normal file
@@ -0,0 +1,13 @@
|
||||
---
|
||||
- name: Cleanup Comments
|
||||
lineinfile:
|
||||
path: "{{ authorized_keys_file }}"
|
||||
state: absent
|
||||
regexp: '^#.*$'
|
||||
|
||||
- name: Add Comment
|
||||
blockinfile:
|
||||
path: "{{ authorized_keys_file }}"
|
||||
marker: ""
|
||||
block: |
|
||||
# Modified by Ansible on {{ ansible_date_time.date }} at {{ ansible_date_time.time }}
|
||||
11
roles/manage-ssh-keys/tasks/add-goodkeys.yml
Normal file
11
roles/manage-ssh-keys/tasks/add-goodkeys.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
- name: Good Keys hinzufügen
|
||||
lineinfile:
|
||||
path: "{{ authorized_keys_file }}"
|
||||
line: "{{ item }}"
|
||||
create: yes
|
||||
state: present
|
||||
with_items: "{{ good_keys }}"
|
||||
notify:
|
||||
- Cleanup Comments
|
||||
- Add Comment
|
||||
12
roles/manage-ssh-keys/tasks/main.yml
Normal file
12
roles/manage-ssh-keys/tasks/main.yml
Normal file
@@ -0,0 +1,12 @@
|
||||
---
|
||||
# Haupt-Task der Rolle: Modularer Aufbau mit Subtasks
|
||||
- name: Validiere SSH Keys
|
||||
import_tasks: validate-authorized-keys.yml
|
||||
|
||||
- name: Füge Good Keys hinzu
|
||||
import_tasks: add-goodkeys.yml
|
||||
when: good_keys
|
||||
|
||||
- name: Entferne Bad Keys
|
||||
import_tasks: remove-badkeys.yml
|
||||
when: bad_keys
|
||||
10
roles/manage-ssh-keys/tasks/remove-badkeys.yml
Normal file
10
roles/manage-ssh-keys/tasks/remove-badkeys.yml
Normal file
@@ -0,0 +1,10 @@
|
||||
---
|
||||
- name: Bad Keys entfernen
|
||||
lineinfile:
|
||||
path: "{{ authorized_keys_file }}"
|
||||
line: "{{ item }}"
|
||||
state: absent
|
||||
with_items: "{{ bad_keys }}"
|
||||
notify:
|
||||
- Cleanup Comments
|
||||
- Add Comment
|
||||
8
roles/manage-ssh-keys/tasks/validate-authorized-keys.yml
Normal file
8
roles/manage-ssh-keys/tasks/validate-authorized-keys.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
---
|
||||
- name: Stelle sicher, dass das .ssh-Verzeichnis existiert
|
||||
file:
|
||||
path: "{{ authorized_keys_file | dirname }}"
|
||||
state: directory
|
||||
owner: "{{ ssh_user }}"
|
||||
group: "{{ ssh_user }}"
|
||||
mode: '0700'
|
||||
9
roles/os-updates/defaults/main.yml
Normal file
9
roles/os-updates/defaults/main.yml
Normal file
@@ -0,0 +1,9 @@
|
||||
# Standardwerte, die überschrieben werden können
|
||||
os_update_auto_upgrade: true
|
||||
os_also_update_mirror: false
|
||||
os_update_mirrors:
|
||||
# Role needs two mirros to use for the sources.list.j2 Template
|
||||
- "http://mirror.tinc.gmbh/debian" # Enter a main mirror here (not security)
|
||||
- "http://mirror.tinc.gmbh/debian-security" # Enter a security mirror here
|
||||
os_update_major_version: false # Can either be true or false | To toggle if systems need to be upgraded to newer codename
|
||||
os_update_version_codename: "{{ ansible_distribution_release }}" # KEEP UNTOUCHED!! | Used for jinja2 Template fill in as it determines the current codename of system where ansible is run on
|
||||
11
roles/os-updates/handlers/main.yml
Normal file
11
roles/os-updates/handlers/main.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
- name: apt cleanup
|
||||
apt:
|
||||
clean: yes
|
||||
autoclean: yes
|
||||
|
||||
- name: Reboot system
|
||||
command: /sbin/reboot
|
||||
async: 1
|
||||
poll: 0
|
||||
ignore_errors: true
|
||||
when: reboot_required.stdout == "yes"
|
||||
12
roles/os-updates/tasks/main.yml
Normal file
12
roles/os-updates/tasks/main.yml
Normal file
@@ -0,0 +1,12 @@
|
||||
- name: Update mirrors if necessary
|
||||
when: os_also_update_mirror |bool
|
||||
include_tasks: update_mirrors.yml
|
||||
ignore_errors: true
|
||||
|
||||
- name: Upgrade to new major version if enabled
|
||||
when: os_update_major_version
|
||||
include_tasks: update_major_version.yml
|
||||
ignore_errors: true
|
||||
|
||||
- name: Upgrade all packages
|
||||
include_tasks: upgrade_packages.yml
|
||||
34
roles/os-updates/tasks/update_major_version.yml
Normal file
34
roles/os-updates/tasks/update_major_version.yml
Normal file
@@ -0,0 +1,34 @@
|
||||
- name: Backup existing sources in /etc/apt
|
||||
copy:
|
||||
src: "{{ item }}"
|
||||
dest: "{{ item }}.bak"
|
||||
remote_src: yes
|
||||
loop: "{{ lookup('ansible.builtin.fileglob', '/etc/apt/sources.list.d/*.list') + ['/etc/apt/sources.list'] }}"
|
||||
when: item | file
|
||||
|
||||
- name: Update sources.list for new major version
|
||||
template:
|
||||
src: sources.list.j2
|
||||
dest: /etc/apt/sources.list
|
||||
vars:
|
||||
os_update_version_codename: "{{ new_version_codename }}" # Variable gets passed by main.yml task
|
||||
|
||||
- name: Update additional repositories in /etc/apt/sources.list.d
|
||||
lineinfile:
|
||||
path: "{{ item }}"
|
||||
regexp: '^(deb .* )({{ os_update_version_codename }})'
|
||||
line: '\1{{ new_version_codename }}'
|
||||
loop: "{{ lookup('ansible.builtin.fileglob', '/etc/apt/sources.list.d/*.list') }}"
|
||||
when: item | file
|
||||
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
|
||||
- name: Perform distribution upgrade
|
||||
apt:
|
||||
upgrade: yes
|
||||
allow_unauthenticated: yes
|
||||
notify:
|
||||
- Reboot system
|
||||
- apt cleanup
|
||||
16
roles/os-updates/tasks/update_mirrors.yml
Normal file
16
roles/os-updates/tasks/update_mirrors.yml
Normal file
@@ -0,0 +1,16 @@
|
||||
- name: Backup existing sources.list
|
||||
copy:
|
||||
src: /etc/apt/sources.list
|
||||
dest: /etc/apt/sources.list.bak
|
||||
remote_src: yes
|
||||
force: yes
|
||||
|
||||
|
||||
- name: Update sources.list with new mirrors
|
||||
template:
|
||||
src: sources.list.j2
|
||||
dest: /etc/apt/sources.list
|
||||
|
||||
- name: Update apt cache
|
||||
apt:
|
||||
update_cache: yes
|
||||
23
roles/os-updates/tasks/upgrade_packages.yml
Normal file
23
roles/os-updates/tasks/upgrade_packages.yml
Normal file
@@ -0,0 +1,23 @@
|
||||
- name: Upgrade all installed packages
|
||||
apt:
|
||||
upgrade: full
|
||||
update_cache: yes
|
||||
notify:
|
||||
- apt cleanup
|
||||
|
||||
- name: Check if a kernel update is available
|
||||
shell: |
|
||||
dpkg -l | grep -E 'linux-image-[0-9]' | awk '{print $2}' | sort | tail -n 1
|
||||
register: latest_kernel
|
||||
|
||||
- name: Check if running kernel matches the latest installed kernel
|
||||
shell: uname -r | grep -c "{{ latest_kernel.stdout }}"
|
||||
register: kernel_match
|
||||
changed_when: false
|
||||
|
||||
- name: Mark reboot required if a new kernel is installed
|
||||
set_fact:
|
||||
reboot_required: "yes"
|
||||
notify:
|
||||
- Reboot system
|
||||
when: kernel_match.stdout == "0"
|
||||
Reference in New Issue
Block a user