summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSacha Chua <sacha@sachachua.com>2022-10-16 18:11:09 -0400
committerSacha Chua <sacha@sachachua.com>2022-10-16 18:11:09 -0400
commit12c465a8f6e127a599b0477094552fc90c7e2ce0 (patch)
tree81abef4c2a2d0230ca403eed1133815f2e37a740
parent84ccb907a14bd8bd06afec7b5ac836fa7a0883f6 (diff)
parent54af5163644ef58a641e86288c7af8653970a319 (diff)
downloademacsconf-ansible-12c465a8f6e127a599b0477094552fc90c7e2ce0.tar.xz
emacsconf-ansible-12c465a8f6e127a599b0477094552fc90c7e2ce0.zip
Merge branch 'main' of git.emacsconf.org:pub/emacsconf-ansible into main
-rw-r--r--roles/base/files/keys/bandali1
-rw-r--r--roles/base/files/keys/cairn1
-rw-r--r--roles/base/files/keys/dragestil1
-rw-r--r--roles/base/files/keys/opal2
-rw-r--r--roles/base/files/keys/sachac2
-rw-r--r--roles/base/files/keys/zaeph1
-rw-r--r--roles/base/files/sshd_config16
-rw-r--r--roles/base/files/sudoers.d/10_ansible1
-rw-r--r--roles/base/files/sudoers.d/20_admin1
-rw-r--r--roles/base/files/sudoers.d/30_org_admin3
-rw-r--r--roles/base/tasks/main.yml54
-rw-r--r--roles/base/vars/main.yml55
-rw-r--r--roles/pad-proxy/defaults/main.yml (renamed from pad-proxy/defaults/main.yml)0
-rw-r--r--roles/pad-proxy/handlers/main.yml (renamed from pad-proxy/handlers/main.yml)0
-rw-r--r--roles/pad-proxy/tasks/main.yml (renamed from pad-proxy/tasks/main.yml)0
-rw-r--r--roles/pad-proxy/templates/etherpad.nginx.conf (renamed from pad-proxy/templates/etherpad.nginx.conf)0
-rw-r--r--roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf (renamed from pad-proxy/templates/wikimedia.etherpad.nginx.conf)0
-rw-r--r--roles/pad/README.md (renamed from pad/README.md)0
-rw-r--r--roles/pad/defaults/main.yml (renamed from pad/defaults/main.yml)0
-rw-r--r--roles/pad/tasks/loadtest.yml (renamed from pad/tasks/loadtest.yml)0
-rw-r--r--roles/pad/tasks/main.yml (renamed from pad/tasks/main.yml)0
-rw-r--r--roles/pad/tasks/mariadb.yml (renamed from pad/tasks/mariadb.yml)0
-rwxr-xr-xroles/pad/templates/etherpad.init.d (renamed from pad/templates/etherpad.init.d)0
-rw-r--r--roles/pad/templates/etherpad.service (renamed from pad/templates/etherpad.service)0
-rw-r--r--roles/pad/templates/loadtest.settings.json (renamed from pad/templates/loadtest.settings.json)0
-rw-r--r--roles/pad/templates/settings.json (renamed from pad/templates/settings.json)0
-rw-r--r--roles/pad/vars/main.yml (renamed from pad/vars/main.yml)0
-rw-r--r--roles/wiki-edit/defaults/main.yml (renamed from wiki-edit/defaults/main.yml)0
-rw-r--r--roles/wiki-edit/tasks/main.yaml (renamed from wiki-edit/tasks/main.yaml)0
-rw-r--r--roles/wiki-edit/templates/emacsconf-edit.el (renamed from wiki-edit/templates/emacsconf-edit.el)0
-rw-r--r--roles/wiki-publish/defaults/main.yml (renamed from wiki-publish/defaults/main.yml)0
-rw-r--r--roles/wiki-publish/tasks/main.yml (renamed from wiki-publish/tasks/main.yml)0
-rw-r--r--roles/wiki-publish/templates/emacsconf-config.el (renamed from wiki-publish/templates/emacsconf-config.el)0
-rw-r--r--roles/wiki/defaults/main.yml (renamed from wiki/defaults/main.yml)0
-rw-r--r--roles/wiki/tasks/docker.yml (renamed from wiki/tasks/docker.yml)0
-rw-r--r--roles/wiki/tasks/main.yml (renamed from wiki/tasks/main.yml)0
-rw-r--r--roles/wiki/templates/Scrubber.pm (renamed from wiki/templates/Scrubber.pm)0
-rw-r--r--roles/wiki/templates/copyright.pm (renamed from wiki/templates/copyright.pm)0
-rw-r--r--roles/wiki/templates/emacsconf.setup (renamed from wiki/templates/emacsconf.setup)0
-rwxr-xr-xroles/wiki/templates/htmlscrubber.pm (renamed from wiki/templates/htmlscrubber.pm)0
-rw-r--r--roles/wiki/templates/license.pm (renamed from wiki/templates/license.pm)0
-rw-r--r--roles/wiki/templates/supervisord.conf (renamed from wiki/templates/supervisord.conf)0
42 files changed, 138 insertions, 0 deletions
diff --git a/roles/base/files/keys/bandali b/roles/base/files/keys/bandali
new file mode 100644
index 0000000..e50d913
--- /dev/null
+++ b/roles/base/files/keys/bandali
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA0St/clKIWYQMvrVwxs2f3bKapNnu6DmsRxitFfsGMN bandali@gnu.org
diff --git a/roles/base/files/keys/cairn b/roles/base/files/keys/cairn
new file mode 100644
index 0000000..6bd04bd
--- /dev/null
+++ b/roles/base/files/keys/cairn
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK7g0qqt0yIKwozCc+ogKiTzK5iwA3nXFHnlvhJfiEZUKiCcl9PN0O+50h8+rFrva27NxE8OEhCPCV9Ug+K8+Z4ikVbIYEBbgF4+GOtW6R7Ktota2Y+6c5DZfoq2vFNOI5cL1OkQUrQhVa+fIjb9zh2L9YgJIsBv/850HlYLS4DPMqyWo7SsMNFA2BIm/rL/U/fqjr4IJ/uxGa3cwM6zixqfozQShxULvz6BxVpe+yPp0yj+mau9DJEs18ZNoeC4vqzXq73hsth2RisXq389foWNRKrAMzcajw8EW7MRd4srRnlr6APt2ZH/vQ6EcTBNyWqEv2KJ4KVZLgg0QHyQBb cairn@starfighter
diff --git a/roles/base/files/keys/dragestil b/roles/base/files/keys/dragestil
new file mode 100644
index 0000000..5bc093f
--- /dev/null
+++ b/roles/base/files/keys/dragestil
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBvPOtgcm5ptn8l+/YLAJEqVeT801btqFOf9gE9BLGDh yuchen@melb
diff --git a/roles/base/files/keys/opal b/roles/base/files/keys/opal
new file mode 100644
index 0000000..eeb5e3c
--- /dev/null
+++ b/roles/base/files/keys/opal
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQChD6zcTYv5hpl9YRSetz1uQzQfOkzOQZNna0Mvzqt5mzptdthe6ZNHKchto5tpby5iVxwGTPiHcWs0VlnnDG/VX/a5p28qs2595MZizv6McqInr1kLj3w+gbJpPRqaL0GGtlCZhIYyv1MRFhkemdSzLAo4/Noj7z3b+z6tsnsIr/qJvpoUt0tdsrgMlHOHkqZsnQICNah+ugQAOQzCkZCW7E3hSMtal412eNIaX8TiB686N2VigMOOUxg6NNbo/dRFq5IMA48hBNJpzeS4zz1gMXv6hSCRPcBJ5aFt+O6T7VOXdTAlC88+zu6c554kacyhVB/4tWGmnf1ZaK4kD8Un ry@nocry
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGTI8v3jrhi/HS9RIudSrVg7WFBcvCiRj90q3Qa8HuwbbrHAkVSrhrpJKVTYMt2tBGdcM9QgU/dy5F0o07Vb23COQG/sqr/ImX8wSnjIvjW/yDHaKtEcy3sbvtqqRXiI8R8wfMctCPjUnl7OhaDPMWDy8sAefApCs1W5InafT6TYkooCg== ry@apollyon
diff --git a/roles/base/files/keys/sachac b/roles/base/files/keys/sachac
new file mode 100644
index 0000000..999b59c
--- /dev/null
+++ b/roles/base/files/keys/sachac
@@ -0,0 +1,2 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDK0Vg112xS0SAuCutincht2LWs+2jC8EWC19Irotv8M0ztzLf6wmXEw0xoB8D78LKzXGC/gFcIvYzsNezHFpU5PmlxYBRJkdOYH2zYfnlWQFpJKmk1OelTrugaRE4HywXurf6q6Sot5hzbzPmCWgOlBZshnkDXMAyPCfYvL+RcwTRJWiaiGwwDHlfHCkebr4cwypRQ7Nl2kKajdp4wZXwbuP64pPNMmftZEMEM910w3zPnzQTil4IuLSiVC8K7TSk6xsnrsk10Y6zfoaHkZ71OD58rqPPFqeHYDj8SAvp6W4hHwakbf+r8nfRfr8Tc+gtCf0B6a4Y050OI5FxHlmjh
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyMf4V8eCzYNEde8xG4tIJPBv8NwoTzyRG9O5+Bl69osaHV7OZQz81wXil1qZ/xrUu6fc5jMkxq7j5KCCs2MF6gMq12UKe9ESKYe5i+jFL7+V6JNQqcjLcyaEfEFtFCJ95nWCQWpXrMPijvpB3+YxLspFOTz8ZJsGENXU+Rkz5EIdx2VTgHUbddCjE5jndIO58uPKmR4EpMeUWxb20xYLpOwM14aGF/ERVjI++dIwu7mc21kxg42HJjRA/NRV48IxrGl57KKzl7qtMrqwp+ucoLWw4PdqHk4/tApjmrgLiJzLpSZx/4LL3mHTg3I6w9fC5yTgk3k6rJFomb2Jbboxx
diff --git a/roles/base/files/keys/zaeph b/roles/base/files/keys/zaeph
new file mode 100644
index 0000000..33d3fa4
--- /dev/null
+++ b/roles/base/files/keys/zaeph
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxla020OSOgCfbCekmMMEFNmuUicibIo7eotqONcJDB
diff --git a/roles/base/files/sshd_config b/roles/base/files/sshd_config
new file mode 100644
index 0000000..0060c33
--- /dev/null
+++ b/roles/base/files/sshd_config
@@ -0,0 +1,16 @@
+Include /etc/ssh/sshd_config.d/*.conf
+Port 46668
+
+LoginGraceTime 2m
+AllowAgentForwarding yes
+X11Forwarding yes
+PermitRootLogin prohibit-password
+AuthorizedKeysFile .ssh/authorized_keys
+PasswordAuthentication no
+UsePAM yes
+PrintMotd no
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/ssh/sftp-server
+
+AllowUsers opalvaults ansible bandali zaeph sachac dragestil cairn
diff --git a/roles/base/files/sudoers.d/10_ansible b/roles/base/files/sudoers.d/10_ansible
new file mode 100644
index 0000000..80053e5
--- /dev/null
+++ b/roles/base/files/sudoers.d/10_ansible
@@ -0,0 +1 @@
+ansible ALL = (ALL) NOPASSWD: ALL
diff --git a/roles/base/files/sudoers.d/20_admin b/roles/base/files/sudoers.d/20_admin
new file mode 100644
index 0000000..71b74c3
--- /dev/null
+++ b/roles/base/files/sudoers.d/20_admin
@@ -0,0 +1 @@
+%admin ALL=(ALL) ALL
diff --git a/roles/base/files/sudoers.d/30_org_admin b/roles/base/files/sudoers.d/30_org_admin
new file mode 100644
index 0000000..f855569
--- /dev/null
+++ b/roles/base/files/sudoers.d/30_org_admin
@@ -0,0 +1,3 @@
+sachac ALL=(ALL) /usr/bin/apt
+zaeph ALL=(ALL) /usr/bin/apt
+dragestil ALL=(ALL) /usr/bin/apt
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
new file mode 100644
index 0000000..8d2280b
--- /dev/null
+++ b/roles/base/tasks/main.yml
@@ -0,0 +1,54 @@
+---
+# User & Group Creation
+- name: create groups
+ group:
+ name: "{{ item.value.group }}"
+ state: "{{ item.value.state }}"
+ loop: "{{ init_users | dict2items }}"
+
+- name: create users
+ user:
+ name: "{{ item.value.name }}"
+ group: "{{ item.value.group }}"
+ groups: "{{ item.value.groups }}"
+ create_home: "{{ item.value.create_home }}"
+ state: "{{ item.value.state }}"
+ shell: "{{ item.value.shell }}"
+ loop: "{{ init_users | dict2items }}"
+
+# SSH Initial Setup
+- name: create .ssh dirs
+ file:
+ path: "/home/{{ item.value.name }}/.ssh"
+ state: directory
+ mode: 0700
+ owner: "{{ item.value.name }}"
+ group: "{{ item.value.group }}"
+ loop: "{{ init_users | dict2items }}"
+
+
+- name: Copy keys to users
+ authorized_key:
+ user: "{{ item.value.name }}"
+ state: present
+ key: "{{ lookup('file', 'keys/{{ item.value.name }}') }}"
+ loop: "{{ init_users | dict2items }}"
+
+
+- name: Copy custom sshd_config
+ copy:
+ src: sshd_config
+ dest: "/etc/ssh/sshd_config.d/emacsconf_ssh.conf"
+ mode: 0644
+ owner: root
+ group: root
+
+# Sudoers
+- name: sudoers.d entries
+ copy:
+ src: "sudoers.d/"
+ dest: "/etc/sudoers.d/"
+ mode: 0440
+ owner: root
+ group: root
+ force: no
diff --git a/roles/base/vars/main.yml b/roles/base/vars/main.yml
new file mode 100644
index 0000000..927d641
--- /dev/null
+++ b/roles/base/vars/main.yml
@@ -0,0 +1,55 @@
+---
+init_users:
+ opal:
+ name: opal
+ group: opal
+ groups: admin,org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ bandali:
+ name: bandali
+ group: bandali
+ groups: admin,org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ sachac:
+ name: sachac
+ group: sachac
+ groups: org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ zaeph:
+ name: zaeph
+ group: zaeph
+ groups: org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ cairn:
+ name: cairn
+ group: cairn
+ groups: org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+ dragestil:
+ name: dragestil
+ group: dragestil
+ groups: org-admin
+ state: present
+ shell: /bin/bash
+ create_home: true
+
+sudoers_files:
+ - sudoers.d/10_ansible
+ - sudoers.d/20_org_admin
+ - sudoers.d/30_admin
+
+packages:
+ - git
+ - vim
+ - emacs
+ - nano
diff --git a/pad-proxy/defaults/main.yml b/roles/pad-proxy/defaults/main.yml
index cec03da..cec03da 100644
--- a/pad-proxy/defaults/main.yml
+++ b/roles/pad-proxy/defaults/main.yml
diff --git a/pad-proxy/handlers/main.yml b/roles/pad-proxy/handlers/main.yml
index e01a9d0..e01a9d0 100644
--- a/pad-proxy/handlers/main.yml
+++ b/roles/pad-proxy/handlers/main.yml
diff --git a/pad-proxy/tasks/main.yml b/roles/pad-proxy/tasks/main.yml
index 8de72df..8de72df 100644
--- a/pad-proxy/tasks/main.yml
+++ b/roles/pad-proxy/tasks/main.yml
diff --git a/pad-proxy/templates/etherpad.nginx.conf b/roles/pad-proxy/templates/etherpad.nginx.conf
index 90a7c1c..90a7c1c 100644
--- a/pad-proxy/templates/etherpad.nginx.conf
+++ b/roles/pad-proxy/templates/etherpad.nginx.conf
diff --git a/pad-proxy/templates/wikimedia.etherpad.nginx.conf b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf
index 2288c65..2288c65 100644
--- a/pad-proxy/templates/wikimedia.etherpad.nginx.conf
+++ b/roles/pad-proxy/templates/wikimedia.etherpad.nginx.conf
diff --git a/pad/README.md b/roles/pad/README.md
index 7ddc2d4..7ddc2d4 100644
--- a/pad/README.md
+++ b/roles/pad/README.md
diff --git a/pad/defaults/main.yml b/roles/pad/defaults/main.yml
index 9d2e294..9d2e294 100644
--- a/pad/defaults/main.yml
+++ b/roles/pad/defaults/main.yml
diff --git a/pad/tasks/loadtest.yml b/roles/pad/tasks/loadtest.yml
index 28deefc..28deefc 100644
--- a/pad/tasks/loadtest.yml
+++ b/roles/pad/tasks/loadtest.yml
diff --git a/pad/tasks/main.yml b/roles/pad/tasks/main.yml
index 01b2da7..01b2da7 100644
--- a/pad/tasks/main.yml
+++ b/roles/pad/tasks/main.yml
diff --git a/pad/tasks/mariadb.yml b/roles/pad/tasks/mariadb.yml
index ec81430..ec81430 100644
--- a/pad/tasks/mariadb.yml
+++ b/roles/pad/tasks/mariadb.yml
diff --git a/pad/templates/etherpad.init.d b/roles/pad/templates/etherpad.init.d
index 420ae27..420ae27 100755
--- a/pad/templates/etherpad.init.d
+++ b/roles/pad/templates/etherpad.init.d
diff --git a/pad/templates/etherpad.service b/roles/pad/templates/etherpad.service
index f8e947d..f8e947d 100644
--- a/pad/templates/etherpad.service
+++ b/roles/pad/templates/etherpad.service
diff --git a/pad/templates/loadtest.settings.json b/roles/pad/templates/loadtest.settings.json
index 4e64cba..4e64cba 100644
--- a/pad/templates/loadtest.settings.json
+++ b/roles/pad/templates/loadtest.settings.json
diff --git a/pad/templates/settings.json b/roles/pad/templates/settings.json
index 08b46dc..08b46dc 100644
--- a/pad/templates/settings.json
+++ b/roles/pad/templates/settings.json
diff --git a/pad/vars/main.yml b/roles/pad/vars/main.yml
index 981efa9..981efa9 100644
--- a/pad/vars/main.yml
+++ b/roles/pad/vars/main.yml
diff --git a/wiki-edit/defaults/main.yml b/roles/wiki-edit/defaults/main.yml
index ea0fbdb..ea0fbdb 100644
--- a/wiki-edit/defaults/main.yml
+++ b/roles/wiki-edit/defaults/main.yml
diff --git a/wiki-edit/tasks/main.yaml b/roles/wiki-edit/tasks/main.yaml
index f77535f..f77535f 100644
--- a/wiki-edit/tasks/main.yaml
+++ b/roles/wiki-edit/tasks/main.yaml
diff --git a/wiki-edit/templates/emacsconf-edit.el b/roles/wiki-edit/templates/emacsconf-edit.el
index 78e11a8..78e11a8 100644
--- a/wiki-edit/templates/emacsconf-edit.el
+++ b/roles/wiki-edit/templates/emacsconf-edit.el
diff --git a/wiki-publish/defaults/main.yml b/roles/wiki-publish/defaults/main.yml
index c6ca568..c6ca568 100644
--- a/wiki-publish/defaults/main.yml
+++ b/roles/wiki-publish/defaults/main.yml
diff --git a/wiki-publish/tasks/main.yml b/roles/wiki-publish/tasks/main.yml
index 897cecc..897cecc 100644
--- a/wiki-publish/tasks/main.yml
+++ b/roles/wiki-publish/tasks/main.yml
diff --git a/wiki-publish/templates/emacsconf-config.el b/roles/wiki-publish/templates/emacsconf-config.el
index 53ffe64..53ffe64 100644
--- a/wiki-publish/templates/emacsconf-config.el
+++ b/roles/wiki-publish/templates/emacsconf-config.el
diff --git a/wiki/defaults/main.yml b/roles/wiki/defaults/main.yml
index 421427c..421427c 100644
--- a/wiki/defaults/main.yml
+++ b/roles/wiki/defaults/main.yml
diff --git a/wiki/tasks/docker.yml b/roles/wiki/tasks/docker.yml
index 1a759a4..1a759a4 100644
--- a/wiki/tasks/docker.yml
+++ b/roles/wiki/tasks/docker.yml
diff --git a/wiki/tasks/main.yml b/roles/wiki/tasks/main.yml
index 35c297d..35c297d 100644
--- a/wiki/tasks/main.yml
+++ b/roles/wiki/tasks/main.yml
diff --git a/wiki/templates/Scrubber.pm b/roles/wiki/templates/Scrubber.pm
index 2efaa10..2efaa10 100644
--- a/wiki/templates/Scrubber.pm
+++ b/roles/wiki/templates/Scrubber.pm
diff --git a/wiki/templates/copyright.pm b/roles/wiki/templates/copyright.pm
index 16acacc..16acacc 100644
--- a/wiki/templates/copyright.pm
+++ b/roles/wiki/templates/copyright.pm
diff --git a/wiki/templates/emacsconf.setup b/roles/wiki/templates/emacsconf.setup
index 7ab3916..7ab3916 100644
--- a/wiki/templates/emacsconf.setup
+++ b/roles/wiki/templates/emacsconf.setup
diff --git a/wiki/templates/htmlscrubber.pm b/roles/wiki/templates/htmlscrubber.pm
index 4cbf300..4cbf300 100755
--- a/wiki/templates/htmlscrubber.pm
+++ b/roles/wiki/templates/htmlscrubber.pm
diff --git a/wiki/templates/license.pm b/roles/wiki/templates/license.pm
index 651c039..651c039 100644
--- a/wiki/templates/license.pm
+++ b/roles/wiki/templates/license.pm
diff --git a/wiki/templates/supervisord.conf b/roles/wiki/templates/supervisord.conf
index 4df613a..4df613a 100644
--- a/wiki/templates/supervisord.conf
+++ b/roles/wiki/templates/supervisord.conf