feat: reworked most of the ansible playbooks and roles

2024-06-29 10:26:52 -05:00
parent 0eadf8fba9
commit b885f907db
22 changed files with 524 additions and 365 deletions
--- a/ansible/roles/configure/tasks/debian.yml
+++ b/ansible/roles/configure/tasks/debian.yml
@@ -1,37 +1,54 @@
 ---
- name: "Configure SSH for Public Key Authentication."
-  shell: |
-    sudo sed -i 's/.*PubkeyAuthentication.*/PubkeyAuthentication yes/' /etc/ssh/sshd_config
+# Tasks for setting custom facts.
+- name: "Setting custom facts."
+  set_fact:
+    enable_cloudinit: "{{ enable_cloudinit | default('false') }}"

- name: Creating SSH key regeneration service file
-  ansible.builtin.copy:
-    dest: /etc/systemd/system/regenerate_ssh_host_keys.service
+# Tasks for configuring SSH for public key authentication.
+- name: "Configuring SSH for Public Key Authentication."
+  lineinfile:
+    path: /etc/ssh/sshd_config
+    regexp: '^PubkeyAuthentication'
+    line: 'PubkeyAuthentication yes'
+
+# Tasks for setting the hostname.
+- name: "Setting the hostname."
+  hostname:
+    name: "localhost"
+
+# Tasks for restarting the SSH daemon.
+- name: "Restarting the SSH daemon."
+  systemd:
+    name: ssh
+    state: restarted
+    daemon_reload: true
+
+# Tasks for disabling systemd-tmpfiles.
+- name: "Disabling systemd-tmpfiles."
+  replace:
+    path: /usr/lib/tmpfiles.d/tmp.conf
+    regexp: '^D'
+    replace: '#D'
+
+# Tasks for configuring cloud-init.
+- name: "Configuring cloud-init."
+  block:
+    - name: "Message: Configuring cloud-init"
+      ansible.builtin.debug:
+        msg: "Configuring cloud-init"
+    - ansible.builtin.copy:
+        content: 'datasource_list: [ ConfigDrive, NoCloud ]'
+        dest: /etc/cloud/cloud.cfg.d/90_dpkg.cfg
+  when: enable_cloudinit == 'true'
+
+# Tasks for setting SSH keys to regenerate.
+- name: "Setting SSH keys to regenerate."
+  copy:
+    dest: /etc/rc.local
    content: |
-      [Unit]
-      Description=Regenerate SSH host keys
-      Before=ssh.service
-      ConditionFileIsExecutable=/usr/bin/ssh-keygen
-
-      [Service]
-      Type=oneshot
-      ExecStartPre=-/bin/dd if=/dev/hwrng of=/dev/urandom count=1 bs=4096
-      ExecStartPre=-/bin/sh -c "/bin/rm -f -v /etc/ssh/ssh_host_*_key*"
-      ExecStart=/usr/bin/ssh-keygen -A -v
-      ExecStartPost=/bin/systemctl disable regenerate_ssh_host_keys
-
-      [Install]
-      WantedBy=multi-user.target
-  when: not cloud_init | bool
-
- name: Reload systemd to re-read configurations
-  ansible.builtin.systemd:
-    daemon-reload: true
-  when: not cloud_init | bool
-
- name: Enable regenerate_ssh_host_keys service
-  ansible.builtin.systemd:
-    name: regenerate_ssh_host_keys
-    enabled: true
-  when: not cloud_init | bool
-
-...
+      #!/bin/bash
+      if test -z "$(find /etc/ssh/ -iname 'ssh_host_*_key*')"; then
+          dpkg-reconfigure openssh-server
+      fi
+      exit 0
+    mode: 0755