Premier jet pour un système de peering (#23)
This commit is contained in:
parent
b26a12973e
commit
2b0f2947da
|
@ -1,5 +1,9 @@
|
|||
hostname: fr.tild3.org
|
||||
roles: [ webserver, rust ]
|
||||
peers:
|
||||
- name: tilde.netlib.re
|
||||
client_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEHsVZvvVX3VPj2sWxrb8LJrn3650aoLAZgbY7+CB+NU"
|
||||
server_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUAIuwEhFXTDfOEG+hQ2d/xeUwsgPJQF7oeNYr1ZXnG"
|
||||
packages:
|
||||
debian: [ subversion, mercurial, htop, tmux, vim, emacs, mutt, weechat, elinks, rsync, dnsutils, make, g++, libssl-dev, mosh, gopher ]
|
||||
rust: [ lsd ]
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
Host *
|
||||
HostKeyAlgorithms ssh-ed25519
|
||||
PubkeyAcceptedKeyTypes ssh-ed25519
|
||||
PasswordAuthentication no
|
|
@ -26,6 +26,10 @@
|
|||
|
||||
- include: users.yml
|
||||
|
||||
- name: Activer le peering
|
||||
include: peering/main.yml
|
||||
when: peers is defined
|
||||
|
||||
- name: Exécuter les rôles définis dans la config
|
||||
include_role:
|
||||
name: "{{ current_role }}"
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
- name: Créer le dossier /home/peers
|
||||
file:
|
||||
path: "/home/peers"
|
||||
state: directory
|
||||
|
||||
- stat:
|
||||
path: "/home/peers/self"
|
||||
register: local_peer
|
||||
|
||||
- include: setup_local.yml
|
||||
when: ! local_peer.stat.exists
|
||||
|
||||
- name: Générer les comptes
|
||||
include: setup_peer.yml
|
||||
loop: "{{ peers }}"
|
|
@ -0,0 +1,34 @@
|
|||
- name: Créer un compte peer pour se connecter avec d'autres serveurs
|
||||
user:
|
||||
name: "peer"
|
||||
state: present
|
||||
skeleton: /etc/skel
|
||||
shell: /bin/bash
|
||||
system: no
|
||||
createhome: yes
|
||||
home: "/home/peers/self"
|
||||
|
||||
|
||||
- name: Créer un lien symbolique au hostname du serveur
|
||||
file:
|
||||
src: /home/peers/self
|
||||
dest: "/home/peers/{{ hostname }}"
|
||||
state: link
|
||||
|
||||
- file:
|
||||
path: /home/peers/self/.ssh
|
||||
owner: peer
|
||||
group: peer
|
||||
state: directory
|
||||
|
||||
- name: Générer une clé SSH pour le compte peer
|
||||
become: yes
|
||||
become_user: peer
|
||||
command:
|
||||
creates: /home/peers/self/.ssh/id_ed25519.pub
|
||||
cmd: ssh-keygen -t ed25519 -f /home/peers/self/.ssh/id_ed25519 -N ""
|
||||
|
||||
- name: Configurer SSH en ed25519 depuis le compte peer
|
||||
copy:
|
||||
src: ../files/ssh_config
|
||||
dest: /home/peers/self/.ssh/config
|
|
@ -0,0 +1,23 @@
|
|||
- name: Créer un compte pour le serveur pair
|
||||
user:
|
||||
name: "{{ item.name }}"
|
||||
state: present
|
||||
skeleton: /etc/skel
|
||||
shell: /bin/bash
|
||||
system: no
|
||||
createhome: yes
|
||||
home: "/home/peers/{{ item.name }}"
|
||||
|
||||
- name: Configurer la clé autorisée pour le serveur pair
|
||||
lineinfile:
|
||||
path: "/home/peers/{{ item.name }}/.ssh/authorized_keys"
|
||||
line: "{{ item.client_key }}"
|
||||
create: yes
|
||||
# TODO: dans authorized_keys pour restreindre le compte à SCP
|
||||
# no-port-forwarding,no-pty,command="scp source target" ssh-dss ...
|
||||
# TODO: chroot
|
||||
- name: Configurer le known_hosts du compte peer pour le serveur pair
|
||||
lineinfile:
|
||||
path: /home/peers/self/.ssh/known_hosts
|
||||
create: yes
|
||||
line: "{{ item.name }} {{ item.server_key }}"
|
Loading…
Reference in New Issue