README.md 2.24 KB
Newer Older
Nico's avatar
Nico committed
1
2
3
4
# Freifunk Stuttgart Ansible

## Setup

Nico's avatar
Nico committed
5
6
7
8
9
### Install ansible

Install ansible from your distribution or use a virtualenv and install from
pip:

Nico's avatar
Nico committed
10
11
12
13
1. Create virtualenv: `python3 -m venv my-venv-directory`
1. Enter virtualenv: `source my-venv-directory/bin/activate`
1. Install ansible: `pip install ansible`

0x4A6F's avatar
0x4A6F committed
14
15
16
17
18
19
20
21
22
23
24
25
#### Using nix

Use `nix-shell` or `nix develop` to use ansible.

Update to newer nixpkgs version (check functionality and add a commit afterwards):

`nix flake update --recreate-lock-file --update-input nixpkgs`

#### Using direnv

Run `mkdir .direnv && direnv allow .` to enable direnv integration with nix flakes.

Nico's avatar
Nico committed
26
27
28
29
30
31
32
33
34
35
36
### SSH Aliases

Some hosts are only reachable through a jumphost, e.g. Containers or VMs on a
proxmox. To access them, this playbook assumes you have configured an SSH alias
in your ssh_config (`~/.ssh/config`) like so:
```
Host *.ffs03
    User root
    ProxyCommand ssh ffs03 -W 10.0.3.$(( $(echo %n | sed -e 's/.ffs03//') - 3000 )):22
```

Nico's avatar
Nico committed
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
## Usage

To deploy everything everywhere:
```
ansible-playbook -v -i inventory/ all.yml
```

To deploy everything on a single host
```
ansible-playbook -v -i inventory/test --limit example.com all.yml
```

where `example.com` denotes the hostname as defined in the inventory directory.

## Roles

### Users

Deploys user accounts on systems and deploys public keys.

#### The user database

The idea is to maintain a global user database in `group_vars/all`. For each
user, we store the UID and a list of public keys there. Example entry for a
user named `johndoe` with UID `1234` and a public key:
```
user_database:
  johndoe:
    uid: 1234
    pubkeys:
      - "ssh-rsa ... john@doe"
```

#### Creating user accounts

Note that this doesn't create the user anywhere. To do so, define a variable
`users` e.g. in `host_vars`. For example adding this somewhere in
`host_vars/example.com/`:
```
users:
  - johndoe
```
will deploy the johndoe user as defined in the `user_database` above on
`example.com`.

### Deploying pubkeys for the root user

Pubkeys defined in the `user_database` can also be deployed for the root user.
This is achieved by adding a user's name to the `users_root` list. For example:
```
users_root:
  - johndoe
```
will deploy all pubkeys defined in the `user_database` for johndoe in the root
account.