Merge branch 'main' of git.emacsconf.org:pub/emacsconf-ansible into main

42 files changed, 138 insertions, 0 deletions

diff --git a/roles/base/files/keys/bandali b/roles/base/files/keys/bandali
new file mode 100644
index 0000000..e50d913
--- /dev/null
+++ b/roles/base/files/keys/bandali
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0St/clKIWYQMvrVwxs2f3bKapNnu6DmsRxitFfsGMN bandali@gnu.org
diff --git a/roles/base/files/keys/cairn b/roles/base/files/keys/cairn
new file mode 100644
index 0000000..6bd04bd
--- /dev/null
+++ b/roles/base/files/keys/cairn
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK7g0qqt0yIKwozCc+ogKiTzK5iwA3nXFHnlvhJfiEZUKiCcl9PN0O+50h8+rFrva27NxE8OEhCPCV9Ug+K8+Z4ikVbIYEBbgF4+GOtW6R7Ktota2Y+6c5DZfoq2vFNOI5cL1OkQUrQhVa+fIjb9zh2L9YgJIsBv/850HlYLS4DPMqyWo7SsMNFA2BIm/rL/U/fqjr4IJ/uxGa3cwM6zixqfozQShxULvz6BxVpe+yPp0yj+mau9DJEs18ZNoeC4vqzXq73hsth2RisXq389foWNRKrAMzcajw8EW7MRd4srRnlr6APt2ZH/vQ6EcTBNyWqEv2KJ4KVZLgg0QHyQBb cairn@starfighter
diff --git a/roles/base/files/keys/dragestil b/roles/base/files/keys/dragestil
new file mode 100644
index 0000000..5bc093f
--- /dev/null
+++ b/roles/base/files/keys/dragestil
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvPOtgcm5ptn8l+/YLAJEqVeT801btqFOf9gE9BLGDh yuchen@melb
diff --git a/roles/base/files/keys/opal b/roles/base/files/keys/opal
new file mode 100644
index 0000000..eeb5e3c
--- /dev/null
+++ b/roles/base/files/keys/opal
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChD6zcTYv5hpl9YRSetz1uQzQfOkzOQZNna0Mvzqt5mzptdthe6ZNHKchto5tpby5iVxwGTPiHcWs0VlnnDG/VX/a5p28qs2595MZizv6McqInr1kLj3w+gbJpPRqaL0GGtlCZhIYyv1MRFhkemdSzLAo4/Noj7z3b+z6tsnsIr/qJvpoUt0tdsrgMlHOHkqZsnQICNah+ugQAOQzCkZCW7E3hSMtal412eNIaX8TiB686N2VigMOOUxg6NNbo/dRFq5IMA48hBNJpzeS4zz1gMXv6hSCRPcBJ5aFt+O6T7VOXdTAlC88+zu6c554kacyhVB/4tWGmnf1ZaK4kD8Un ry@nocry
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGTI8v3jrhi/HS9RIudSrVg7WFBcvCiRj90q3Qa8HuwbbrHAkVSrhrpJKVTYMt2tBGdcM9QgU/dy5F0o07Vb23COQG/sqr/ImX8wSnjIvjW/yDHaKtEcy3sbvtqqRXiI8R8wfMctCPjUnl7OhaDPMWDy8sAefApCs1W5InafT6TYkooCg== ry@apollyon
diff --git a/roles/base/files/keys/sachac b/roles/base/files/keys/sachac
new file mode 100644
index 0000000..999b59c
--- /dev/null
+++ b/roles/base/files/keys/sachac
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK0Vg112xS0SAuCutincht2LWs+2jC8EWC19Irotv8M0ztzLf6wmXEw0xoB8D78LKzXGC/gFcIvYzsNezHFpU5PmlxYBRJkdOYH2zYfnlWQFpJKmk1OelTrugaRE4HywXurf6q6Sot5hzbzPmCWgOlBZshnkDXMAyPCfYvL+RcwTRJWiaiGwwDHlfHCkebr4cwypRQ7Nl2kKajdp4wZXwbuP64pPNMmftZEMEM910w3zPnzQTil4IuLSiVC8K7TSk6xsnrsk10Y6zfoaHkZ71OD58rqPPFqeHYDj8SAvp6W4hHwakbf+r8nfRfr8Tc+gtCf0B6a4Y050OI5FxHlmjh
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyMf4V8eCzYNEde8xG4tIJPBv8NwoTzyRG9O5+Bl69osaHV7OZQz81wXil1qZ/xrUu6fc5jMkxq7j5KCCs2MF6gMq12UKe9ESKYe5i+jFL7+V6JNQqcjLcyaEfEFtFCJ95nWCQWpXrMPijvpB3+YxLspFOTz8ZJsGENXU+Rkz5EIdx2VTgHUbddCjE5jndIO58uPKmR4EpMeUWxb20xYLpOwM14aGF/ERVjI++dIwu7mc21kxg42HJjRA/NRV48IxrGl57KKzl7qtMrqwp+ucoLWw4PdqHk4/tApjmrgLiJzLpSZx/4LL3mHTg3I6w9fC5yTgk3k6rJFomb2Jbboxx
diff --git a/roles/base/files/keys/zaeph b/roles/base/files/keys/zaeph
new file mode 100644
index 0000000..33d3fa4
--- /dev/null
+++ b/roles/base/files/keys/zaeph
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxla020OSOgCfbCekmMMEFNmuUicibIo7eotqONcJDB
diff --git a/roles/base/files/sshd_config b/roles/base/files/sshd_config
new file mode 100644
index 0000000..0060c33
--- /dev/null
+++ b/roles/base/files/sshd_config
@@ -0,0 +1,16 @@
+Include /etc/ssh/sshd_config.d/*.conf
+Port 46668
+
+LoginGraceTime 2m
+AllowAgentForwarding yes
+X11Forwarding yes
+PermitRootLogin prohibit-password
+AuthorizedKeysFile	.ssh/authorized_keys
+PasswordAuthentication no
+UsePAM yes
+PrintMotd no
+AcceptEnv LANG LC_*
+
+Subsystem	sftp	/usr/lib/ssh/sftp-server
+
+AllowUsers opalvaults ansible bandali zaeph sachac dragestil cairn
diff --git a/roles/base/files/sudoers.d/10_ansible b/roles/base/files/sudoers.d/10_ansible
new file mode 100644
index 0000000..80053e5
--- /dev/null
+++ b/roles/base/files/sudoers.d/10_ansible
@@ -0,0 +1 @@
+ansible ALL = (ALL) NOPASSWD: ALL
diff --git a/roles/base/files/sudoers.d/20_admin b/roles/base/files/sudoers.d/20_admin
new file mode 100644
index 0000000..71b74c3
--- /dev/null
+++ b/roles/base/files/sudoers.d/20_admin
@@ -0,0 +1 @@
+%admin	ALL=(ALL)	ALL
diff --git a/roles/base/files/sudoers.d/30_org_admin b/roles/base/files/sudoers.d/30_org_admin
new file mode 100644
index 0000000..f855569
--- /dev/null
+++ b/roles/base/files/sudoers.d/30_org_admin
@@ -0,0 +1,3 @@
+sachac ALL=(ALL) /usr/bin/apt
+zaeph ALL=(ALL) /usr/bin/apt
+dragestil ALL=(ALL) /usr/bin/apt
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
new file mode 100644
index 0000000..8d2280b
--- /dev/null
+++ b/roles/base/tasks/main.yml
@@ -0,0 +1,54 @@
+---
+# User & Group Creation
+- name: create groups
+  group:
+    name: "{{ item.value.group }}"
+    state: "{{ item.value.state }}"
+  loop: "{{ init_users | dict2items }}"
+
+- name: create users
+  user:
+    name: "{{ item.value.name }}"
+    group: "{{ item.value.group }}"
+    groups: "{{ item.value.groups }}"
+    create_home: "{{ item.value.create_home }}"
+    state: "{{ item.value.state }}"
+    shell: "{{ item.value.shell }}"
+  loop: "{{ init_users | dict2items }}"
+
+# SSH Initial Setup
+- name: create .ssh dirs
+  file:
+    path: "/home/{{ item.value.name }}/.ssh"
+    state: directory
+    mode: 0700
+    owner: "{{ item.value.name }}"
+    group: "{{ item.value.group }}"
+  loop: "{{ init_users | dict2items }}"
+
+
+- name: Copy keys to users
+  authorized_key:
+    user: "{{ item.value.name }}"
+    state: present
+    key: "{{ lookup('file', 'keys/{{ item.value.name }}') }}"
+  loop: "{{ init_users | dict2items }}"
+
+
+- name: Copy custom sshd_config
+  copy:
+    src: sshd_config
+    dest: "/etc/ssh/sshd_config.d/emacsconf_ssh.conf"
+    mode: 0644
+    owner: root
+    group: root
+
+# Sudoers
+- name: sudoers.d entries
+  copy:
+    src: "sudoers.d/"
+    dest: "/etc/sudoers.d/"
+    mode: 0440
+    owner: root
+    group: root
+    force: no
diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml
new file mode 100644
index 0000000..927d641
--- /dev/null
+++ b/roles/base/vars/main.yml
@@ -0,0 +1,55 @@
+---
+init_users:
+  opal:
+    name: opal
+    group: opal
+    groups: admin,org-admin
+    state: present
+    shell: /bin/bash
+    create_home: true
+  bandali:
+    name: bandali
+    group: bandali
+    groups: admin,org-admin
+    state: present
+    shell: /bin/bash
+    create_home: true
+  sachac:
+    name: sachac
+    group: sachac
+    groups: org-admin
+    state: present
+    shell: /bin/bash
+    create_home: true
+  zaeph:
+    name: zaeph
+    group: zaeph
+    groups: org-admin
+    state: present
+    shell: /bin/bash
+    create_home: true
+  cairn:
+    name: cairn
+    group: cairn
+    groups: org-admin
+    state: present
+    shell: /bin/bash
+    create_home: true
+  dragestil:
+    name: dragestil
+    group: dragestil
+    groups: org-admin
+    state: present
+    shell: /bin/bash
+    create_home: true
+
+sudoers_files:
+  - sudoers.d/10_ansible
+  - sudoers.d/20_org_admin
+  - sudoers.d/30_admin
+
+packages:
+  - git
+  - vim
+  - emacs
+  - nano
diff --git a/pad-proxy/defaults/main.yml b/roles/pad-proxy/defaults/main.yml
index cec03da..cec03da 100644
--- a/pad-proxy/defaults/main.yml
+++ b/roles/pad-proxy/defaults/main.yml
diff --git a/pad-proxy/handlers/main.yml b/roles/pad-proxy/handlers/main.yml
index e01a9d0..e01a9d0 100644
--- a/pad-proxy/handlers/main.yml
+++ b/roles/pad-proxy/handlers/main.yml
diff --git a/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml
index 8de72df..8de72df 100644
--- a/pad-proxy/tasks/main.yml
+++ b/roles/pad-proxy/tasks/main.yml
diff --git a/pad-proxy/templates/etherpad.nginx.conf b/roles/pad-proxy/templates/etherpad.nginx.conf
index 90a7c1c..90a7c1c 100644
--- a/pad-proxy/templates/etherpad.nginx.conf
+++ b/roles/pad-proxy/templates/etherpad.nginx.conf
diff --git a/pad-proxy/templates/wikimedia.etherpad.nginx.conf b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf
index 2288c65..2288c65 100644
--- a/pad-proxy/templates/wikimedia.etherpad.nginx.conf
+++ b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf
diff --git a/pad/README.md b/roles/pad/README.md
index 7ddc2d4..7ddc2d4 100644
--- a/pad/README.md
+++ b/roles/pad/README.md
diff --git a/pad/defaults/main.yml b/roles/pad/defaults/main.yml
index 9d2e294..9d2e294 100644
--- a/pad/defaults/main.yml
+++ b/roles/pad/defaults/main.yml
diff --git a/pad/tasks/loadtest.yml b/roles/pad/tasks/loadtest.yml
index 28deefc..28deefc 100644
--- a/pad/tasks/loadtest.yml
+++ b/roles/pad/tasks/loadtest.yml
diff --git a/pad/tasks/main.yml b/roles/pad/tasks/main.yml
index 01b2da7..01b2da7 100644
--- a/pad/tasks/main.yml
+++ b/roles/pad/tasks/main.yml
diff --git a/pad/tasks/mariadb.yml b/roles/pad/tasks/mariadb.yml
index ec81430..ec81430 100644
--- a/pad/tasks/mariadb.yml
+++ b/roles/pad/tasks/mariadb.yml
diff --git a/pad/templates/etherpad.init.d b/roles/pad/templates/etherpad.init.d
index 420ae27..420ae27 100755
--- a/pad/templates/etherpad.init.d
+++ b/roles/pad/templates/etherpad.init.d
diff --git a/pad/templates/etherpad.service b/roles/pad/templates/etherpad.service
index f8e947d..f8e947d 100644
--- a/pad/templates/etherpad.service
+++ b/roles/pad/templates/etherpad.service
diff --git a/pad/templates/loadtest.settings.json b/roles/pad/templates/loadtest.settings.json
index 4e64cba..4e64cba 100644
--- a/pad/templates/loadtest.settings.json
+++ b/roles/pad/templates/loadtest.settings.json
diff --git a/pad/templates/settings.json b/roles/pad/templates/settings.json
index 08b46dc..08b46dc 100644
--- a/pad/templates/settings.json
+++ b/roles/pad/templates/settings.json
diff --git a/pad/vars/main.yml b/roles/pad/vars/main.yml
index 981efa9..981efa9 100644
--- a/pad/vars/main.yml
+++ b/roles/pad/vars/main.yml
diff --git a/wiki-edit/defaults/main.yml b/roles/wiki-edit/defaults/main.yml
index ea0fbdb..ea0fbdb 100644
--- a/wiki-edit/defaults/main.yml
+++ b/roles/wiki-edit/defaults/main.yml
diff --git a/wiki-edit/tasks/main.yaml b/roles/wiki-edit/tasks/main.yaml
index f77535f..f77535f 100644
--- a/wiki-edit/tasks/main.yaml
+++ b/roles/wiki-edit/tasks/main.yaml
diff --git a/wiki-edit/templates/emacsconf-edit.el b/roles/wiki-edit/templates/emacsconf-edit.el
index 78e11a8..78e11a8 100644
--- a/wiki-edit/templates/emacsconf-edit.el
+++ b/roles/wiki-edit/templates/emacsconf-edit.el
diff --git a/wiki-publish/defaults/main.yml b/roles/wiki-publish/defaults/main.yml
index c6ca568..c6ca568 100644
--- a/wiki-publish/defaults/main.yml
+++ b/roles/wiki-publish/defaults/main.yml
diff --git a/wiki-publish/tasks/main.yml b/roles/wiki-publish/tasks/main.yml
index 897cecc..897cecc 100644
--- a/wiki-publish/tasks/main.yml
+++ b/roles/wiki-publish/tasks/main.yml
diff --git a/wiki-publish/templates/emacsconf-config.el b/roles/wiki-publish/templates/emacsconf-config.el
index 53ffe64..53ffe64 100644
--- a/wiki-publish/templates/emacsconf-config.el
+++ b/roles/wiki-publish/templates/emacsconf-config.el
diff --git a/wiki/defaults/main.yml b/roles/wiki/defaults/main.yml
index 421427c..421427c 100644
--- a/wiki/defaults/main.yml
+++ b/roles/wiki/defaults/main.yml
diff --git a/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml
index 1a759a4..1a759a4 100644
--- a/wiki/tasks/docker.yml
+++ b/roles/wiki/tasks/docker.yml
diff --git a/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
index 35c297d..35c297d 100644
--- a/wiki/tasks/main.yml
+++ b/roles/wiki/tasks/main.yml
diff --git a/wiki/templates/Scrubber.pm b/roles/wiki/templates/Scrubber.pm
index 2efaa10..2efaa10 100644
--- a/wiki/templates/Scrubber.pm
+++ b/roles/wiki/templates/Scrubber.pm
diff --git a/wiki/templates/copyright.pm b/roles/wiki/templates/copyright.pm
index 16acacc..16acacc 100644
--- a/wiki/templates/copyright.pm
+++ b/roles/wiki/templates/copyright.pm
diff --git a/wiki/templates/emacsconf.setup b/roles/wiki/templates/emacsconf.setup
index 7ab3916..7ab3916 100644
--- a/wiki/templates/emacsconf.setup
+++ b/roles/wiki/templates/emacsconf.setup
diff --git a/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm
index 4cbf300..4cbf300 100755
--- a/wiki/templates/htmlscrubber.pm
+++ b/roles/wiki/templates/htmlscrubber.pm
diff --git a/wiki/templates/license.pm b/roles/wiki/templates/license.pm
index 651c039..651c039 100644
--- a/wiki/templates/license.pm
+++ b/roles/wiki/templates/license.pm
diff --git a/wiki/templates/supervisord.conf b/roles/wiki/templates/supervisord.conf
index 4df613a..4df613a 100644
--- a/wiki/templates/supervisord.conf
+++ b/roles/wiki/templates/supervisord.conf