organize tasks

0700e293 · Paul · 8a0fa2f7 · 0700e293 · 0700e293 · 0700e293
Commit 0700e293 authored 3 years ago by Paul
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@@ -6,6 +6,14 @@ dhcpd_netmask: 255.255.0.0
 ipv4_subnet: 10.130.0.0/16
 ipv6_subnet: 2001:67c:2d50::/48

+
+# add to known_hosts at setup
+ssh_known_hosts:
+  - git.chaotikum.org
+  - github.com
+  - gitlab.com
+
+
 # Some other configs:
 dns_repo_url: "https://git.chaotikum.org/freifunk-luebeck/ffhl-dns.git"
 fastd_keys_repo: "git@git.chaotikum.org:freifunk-luebeck/fastd-keys.git"
--- a/roles/base/tasks/base.yml
+++ b/roles/base/tasks/base.yml
 ---

+- name: copy base configs
+  tags: [base, etc, apt]
+  copy:
+    src: etc/
+    dest: /etc
+
+- name: copy host specific configs
+  tags: [bird]
+  copy:
+    src: host/{{ inventory_hostname }}/etc/
+    dest: /etc
+
 - name: Copy authorized keys file
  ansible.builtin.copy:
    src: authorized_keys
    dest: /root/.ssh/authorized_keys
    owner: root
    group: root
+
+- name: Disable root login with password
+  tags: [base]
+  lineinfile:
+    dest: /etc/ssh/sshd_config
+    regexp: "^#?PermitRootLogin"
+    line: "PermitRootLogin without-password"
+
+
+# configurations and stuff
+- name: set local timezone
+  file:
+    state: link
+    src: /usr/share/zoneinfo/Europe/Berlin
+    dest: /etc/localtime
+
+- name: set locales
+  tags: [base]
+  block:
+    - name: enable en_US locals
+      lineinfile: dest=/etc/locale.gen line="en_US.UTF-8 UTF-8"
+    - name: enable de_DE locals
+      lineinfile: dest=/etc/locale.gen line="de_DE.UTF-8 UTF-8"
+    - name: generate locales
+      command: locale-gen
+
+
+- name: copy scripts
+  tags: [base]
+  copy:
+    src: scripts/
+    dest: /usr/local/lib/ffhl/
+    mode: a+x
+
+- name: add trusted ssh hosts to knonw_hosts
+  loop: "{{ ssh_known_hosts }}"
+  shell:
+    cmd: ssh-keyscan -H {{ item }} >> /root/.ssh/known_hosts
+    creates: /root/.ssh/known_hosts
+
+
+- name: reload sysctl
+  command: sysctl -p --system
--- a/roles/base/tasks/main.yml
+++ b/roles/base/tasks/main.yml
 ---
- name: copy base configs
-  tags: [base, etc, apt]
-  copy:
-    src: etc/
-    dest: /etc

- name: copy scripts
-  tags: [base]
-  copy:
-    src: scripts/
-    dest: /usr/local/lib/ffhl/
-    mode: a+x
-
- name: install packages
-  include: software.yml
-  tags: [base, apt, software]
-
-# configurations and stuff
- name: set local timezone
-  file:
-    state: link
-    src: /usr/share/zoneinfo/Europe/Berlin
-    dest: /etc/localtime
-
- name: set locales
-  tags: [base]
-  block:
-    - name: enable en_US locals
-      lineinfile: dest=/etc/locale.gen line="en_US.UTF-8 UTF-8"
-    - name: enable de_DE locals
-      lineinfile: dest=/etc/locale.gen line="de_DE.UTF-8 UTF-8"
-    - name: generate locales
-      command: locale-gen

 - name: base config
  tags: [base]
@@ -40,15 +8,11 @@
    apply:
      tags: [base]

- name: Disable root login with password
-  tags: [base]
-  lineinfile:
-    dest: /etc/ssh/sshd_config
-    regexp: "^#?PermitRootLogin"
-    line: "PermitRootLogin without-password"

- name: reload sysctl
-  command: sysctl -p --system
+- name: install packages
+  include: software.yml
+  tags: [software, base, apt]
+

 - name: add freifunk routing table
  tags: [network]
@@ -56,11 +20,6 @@
    dest: /etc/iproute2/rt_tables
    line: "42\tfreifunk"

- name: copy host specific configs
-  tags: [bird]
-  copy:
-    src: host/{{ inventory_hostname }}/etc/
-    dest: /etc

 - name: networkd templates
  tags: [systemd-networkd]