# Freifunk Stuttgart Ansible

## Setup

### Install ansible

Install ansible from your distribution or use a virtualenv and install from
pip:

1. Create virtualenv: `python3 -m venv my-venv-directory`
1. Enter virtualenv: `source my-venv-directory/bin/activate`
1. Install ansible: `pip install ansible`

#### Using nix

Use `nix-shell` or `nix develop` to use ansible.

Update to newer nixpkgs version (check functionality and add a commit afterwards):

`nix flake update --recreate-lock-file --update-input nixpkgs`

#### Using direnv

Run `mkdir .direnv && direnv allow .` to enable direnv integration with nix flakes.

### SSH Aliases

Some hosts are only reachable through a jumphost, e.g. Containers or VMs on a
proxmox. To access them, this playbook assumes you have configured an SSH alias
in your ssh_config (`~/.ssh/config`) like so:
```
Host *.ffs03
    User root
    ProxyCommand ssh ffs03 -W 10.0.3.$(( $(echo %n | sed -e 's/.ffs03//') - 3000 )):22
```

## Usage

To deploy everything everywhere:
```
ansible-playbook -v -i inventory/ all.yml
```

To deploy everything on a single host
```
ansible-playbook -v -i inventory/test --limit example.com all.yml
```

where `example.com` denotes the hostname as defined in the inventory directory.

## Roles

### Users

Deploys user accounts on systems and deploys public keys.

#### The user database

The idea is to maintain a global user database in `group_vars/all`. For each
user, we store the UID and a list of public keys there. Example entry for a
user named `johndoe` with UID `1234` and a public key:
```
user_database:
  johndoe:
    uid: 1234
    pubkeys:
      - "ssh-rsa ... john@doe"
```

#### Creating user accounts

Note that this doesn't create the user anywhere. To do so, define a variable
`users` e.g. in `host_vars`. For example adding this somewhere in
`host_vars/example.com/`:
```
users:
  - johndoe
```
will deploy the johndoe user as defined in the `user_database` above on
`example.com`.

### Deploying pubkeys for the root user

Pubkeys defined in the `user_database` can also be deployed for the root user.
This is achieved by adding a user's name to the `users_root` list. For example:
```
users_root:
  - johndoe
```
will deploy all pubkeys defined in the `user_database` for johndoe in the root
account.