Add gpg_auth to FreeBSD.

2022-10-27 01:43:04 -04:00 · 2022-10-27 01:43:04 -04:00 · 22ebc631fc
commit 22ebc631fc
parent eb2ebb6cd6
9 changed files with 76 additions and 0 deletions
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@ -22,3 +22,4 @@
    - emacs
    - firefox
    - devfs
+    - ssh_client
--- a/ansible/roles/ssh_client/files/gpg_auth
+++ b/ansible/roles/ssh_client/files/gpg_auth
@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+#
+# Wrapper to set the SSH auth socket to GPG for services that do not
+# yet support security key ssh keys
+set -euo pipefail
+IFS=$'\n\t'
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+exec env SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh" "$@"
--- a/ansible/roles/ssh_client/tasks/common.yaml
+++ b/ansible/roles/ssh_client/tasks/common.yaml
@ -0,0 +1,14 @@
+- import_tasks: tasks/freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/linux.yaml
+  when: 'os_flavor == "linux"'
+
+- include_tasks:
+    file: tasks/peruser.yaml
+    apply:
+      become: yes
+      become_user: "{{ initialize_user }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
+  loop_control:
+    loop_var: initialize_user
--- a/ansible/roles/ssh_client/tasks/freebsd.yaml
+++ b/ansible/roles/ssh_client/tasks/freebsd.yaml
@ -0,0 +1,16 @@
+- name: Install packages
+  package:
+    name:
+      - libfido2 # u2f support for ssh
+    state: present
+
+- name: Install scripts
+  copy:
+    src: "files/{{ item.src }}"
+    dest: "{{ item.dest }}"
+    mode: 0755
+    owner: root
+    group: wheel
+  loop:
+    - src: gpg_auth
+      dest: /usr/local/bin/gpg_auth
--- a/ansible/roles/ssh_client/tasks/linux.yaml
+++ b/ansible/roles/ssh_client/tasks/linux.yaml
@ -0,0 +1,6 @@
+# - name: Install packages
+#   pacman:
+#     name:
+#       - foo
+#     state: present
+#     update_cache: true
--- a/ansible/roles/ssh_client/tasks/main.yaml
+++ b/ansible/roles/ssh_client/tasks/main.yaml
@ -0,0 +1 @@
+- import_tasks: tasks/common.yaml
--- a/ansible/roles/ssh_client/tasks/peruser.yaml
+++ b/ansible/roles/ssh_client/tasks/peruser.yaml
@ -0,0 +1,29 @@
+- include_role:
+    name: per_user
+
+# - name: Create directories
+#   file:
+#     name: "{{ account_homedir.stdout }}/{{ item }}"
+#     state: directory
+#     mode: 0700
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - ".config/foo"
+
+# - name: Copy files
+#   copy:
+#     src: "files/{{ item.src }}"
+#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
+#     mode: 0600
+#     owner: "{{ account_name.stdout }}"
+#     group: "{{ group_name.stdout }}"
+#   loop:
+#     - src: foo.conf
+#       dest: .config/foo/foo.conf
+
+- import_tasks: tasks/peruser_freebsd.yaml
+  when: 'os_flavor == "freebsd"'
+
+- import_tasks: tasks/peruser_linux.yaml
+  when: 'os_flavor == "linux"'
--- a/ansible/roles/ssh_client/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/ssh_client/tasks/peruser_freebsd.yaml
--- a/ansible/roles/ssh_client/tasks/peruser_linux.yaml
+++ b/ansible/roles/ssh_client/tasks/peruser_linux.yaml