Minimal shell setup for colo server.

2023-05-27 23:10:44 -04:00 · 2023-05-27 23:10:44 -04:00 · 6691cca055
parent d5a9ba5a84
commit 6691cca055
9 changed files with 23 additions and 41 deletions
--- a/ansible/environments/colo/host_vars/mrmanager
+++ b/ansible/environments/colo/host_vars/mrmanager
@ -0,0 +1,4 @@
+os_flavor: "freebsd"
+zfs_snapshot_datasets:
+  - zroot/freebsd/main/be
+sshd_enabled: true
--- a/ansible/environments/colo/hosts
+++ b/ansible/environments/colo/hosts
@ -0,0 +1,2 @@
+[server]
+mrmanager ansible_user=root ansible_host=74.80.180.138
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@ -1,4 +1,4 @@
- hosts: all:!jail:!vm
+- hosts: all:!jail:!vm:!server
  vars:
    ansible_become: True
  roles:
@ -61,3 +61,17 @@
  roles:
    - portshaker
    - poudriere
+
+- hosts: mrmanager
+  vars:
+    ansible_become: True
+  roles:
+    - sudo
+    - doas
+    - users
+    - package_manager
+    - zfs
+    - zrepl
+    - zsh
+    - network
+    - sshd
--- a/ansible/roles/doas/tasks/common.yaml
+++ b/ansible/roles/doas/tasks/common.yaml
@ -9,13 +9,3 @@

 - import_tasks: tasks/linux.yaml
  when: 'os_flavor == "linux"'
-
- include_tasks:
-    file: tasks/peruser.yaml
-    apply:
-      become: yes
-      become_user: "{{ initialize_user }}"
-  when: users is defined
-  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
-  loop_control:
-    loop_var: initialize_user
--- a/ansible/roles/doas/tasks/peruser.yaml
+++ b/ansible/roles/doas/tasks/peruser.yaml
@ -1,29 +0,0 @@
- include_role:
-    name: per_user
-
-# - name: Create directories
-#   file:
-#     name: "{{ account_homedir.stdout }}/{{ item }}"
-#     state: directory
-#     mode: 0700
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - ".config/foo"
-
-# - name: Copy files
-#   copy:
-#     src: "files/{{ item.src }}"
-#     dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
-#     mode: 0600
-#     owner: "{{ account_name.stdout }}"
-#     group: "{{ group_name.stdout }}"
-#   loop:
-#     - src: foo.conf
-#       dest: .config/foo/foo.conf
-
- import_tasks: tasks/peruser_freebsd.yaml
-  when: 'os_flavor == "freebsd"'
-
- import_tasks: tasks/peruser_linux.yaml
-  when: 'os_flavor == "linux"'
--- a/ansible/roles/doas/tasks/peruser_freebsd.yaml
+++ b/ansible/roles/doas/tasks/peruser_freebsd.yaml
--- a/ansible/roles/doas/tasks/peruser_linux.yaml
+++ b/ansible/roles/doas/tasks/peruser_linux.yaml
--- a/ansible/roles/users/defaults/main.yaml
+++ b/ansible/roles/users/defaults/main.yaml
@ -9,4 +9,3 @@ users:
      - yubikey
      - main_fido
      - backup_fido
-      - homeassistant
--- a/ansible/run.bash
+++ b/ansible/run.bash
@ -28,6 +28,8 @@ elif [ "$target" = "jail_homeserver_nat_dhcp" ]; then
    ansible-playbook -v -i environments/jail playbook.yaml --diff --limit homeserver_nat_dhcp "${@}"
 elif [ "$target" = "vm_poudriereodo" ]; then
    ansible-playbook -v -i environments/vm playbook.yaml --diff --limit poudriereodo "${@}"
+elif [ "$target" = "mrmanager" ]; then
+    ansible-playbook -v -i environments/colo playbook.yaml --diff --limit mrmanager "${@}"
 else
    die 1 "Unrecognized target"
 fi