openpunk-ansible/roles/git/tasks/main.yml

---
- name: Setup git config
  copy:
    src: .gitconfig
    dest: /root/.gitconfig
    owner: root
    mode: u=rw,g=,o=

# make sure our vps trusts the github.com key signature. we pipe the output
# of ssh-keyscan into .ssh/known_hosts

- name: Scan for SSH host keys
  command: ssh-keyscan github.com 2>/dev/null
  register: ssh_scan
  changed_when: false

- name: Update .ssh/known_hosts
  blockinfile:
    path: /root/.ssh/known_hosts
    block: "{{ ssh_scan.stdout_lines|join('\n') }}"
    insertbefore: BOF
    create: yes
    owner: root
    mode: u=rw,g=,o=

# this keypair is trusted under my github account, so it allows my vps to make pushes
# to the main branch of my openpunk repository. (see roles/deadswitchfiles/imdead.sh)

- name: Install ssh priv key
  copy:
    src: secrets/id_ed25519
    dest: /root/.ssh/id_ed25519
    mode: u=rw,g=,o=

- name: Install ssh pub key
  copy:
    src: secrets/id_ed25519.pub
    dest: /root/.ssh/id_ed25519.pub
Added dead switch 2022-05-31 04:36:55 +00:00			`---`
			`- name: Setup git config`
			`copy:`
switched to roles - all tasks/* have been moved to their own roles in roles/* - each file && template is now oragnized per-role - annotated each task which still isn't idempotent !TODO! 2023-01-14 23:26:17 +00:00			`src: .gitconfig`
Added dead switch 2022-05-31 04:36:55 +00:00			`dest: /root/.gitconfig`
			`owner: root`
			`mode: u=rw,g=,o=`

minor refactoring 2022-08-02 18:49:02 +00:00			`# make sure our vps trusts the github.com key signature. we pipe the output`
			`# of ssh-keyscan into .ssh/known_hosts`

Fixed git setup 2022-05-31 05:13:46 +00:00			`- name: Scan for SSH host keys`
			`command: ssh-keyscan github.com 2>/dev/null`
Added dead switch 2022-05-31 04:36:55 +00:00			`register: ssh_scan`
roles/git: ssh known_hosts is now idempotent - roles/git now uses blockinfile to ensure the github ssh keypairs are trusted, and to allow subsequent ssh keypairs to be trusted and not overwritten by future runs. - this commit marks idempotency for all roles. after a successful run of this playbook, subsequent runs will result in a change=0 !!!!! 2023-01-20 02:50:30 +00:00			`changed_when: false`
Added dead switch 2022-05-31 04:36:55 +00:00
roles/git: ssh known_hosts is now idempotent - roles/git now uses blockinfile to ensure the github ssh keypairs are trusted, and to allow subsequent ssh keypairs to be trusted and not overwritten by future runs. - this commit marks idempotency for all roles. after a successful run of this playbook, subsequent runs will result in a change=0 !!!!! 2023-01-20 02:50:30 +00:00			`- name: Update .ssh/known_hosts`
			`blockinfile:`
			`path: /root/.ssh/known_hosts`
			`block: "{{ ssh_scan.stdout_lines\|join('\n') }}"`
			`insertbefore: BOF`
			`create: yes`
Fixed git setup 2022-05-31 05:13:46 +00:00			`owner: root`
			`mode: u=rw,g=,o=`
Added dead switch 2022-05-31 04:36:55 +00:00
minor refactoring 2022-08-02 18:49:02 +00:00			`# this keypair is trusted under my github account, so it allows my vps to make pushes`
roles/git: ssh known_hosts is now idempotent - roles/git now uses blockinfile to ensure the github ssh keypairs are trusted, and to allow subsequent ssh keypairs to be trusted and not overwritten by future runs. - this commit marks idempotency for all roles. after a successful run of this playbook, subsequent runs will result in a change=0 !!!!! 2023-01-20 02:50:30 +00:00			`# to the main branch of my openpunk repository. (see roles/deadswitchfiles/imdead.sh)`
minor refactoring 2022-08-02 18:49:02 +00:00
Fixed git setup 2022-05-31 05:13:46 +00:00			`- name: Install ssh priv key`
			`copy:`
Added dead switch 2022-05-31 04:36:55 +00:00			`src: secrets/id_ed25519`
Setup git 2022-05-31 04:39:32 +00:00			`dest: /root/.ssh/id_ed25519`
Fixed git setup 2022-05-31 05:13:46 +00:00			`mode: u=rw,g=,o=`
Setup git 2022-05-31 04:39:32 +00:00
Fixed git setup 2022-05-31 05:13:46 +00:00			`- name: Install ssh pub key`
			`copy:`
Setup git 2022-05-31 04:39:32 +00:00			`src: secrets/id_ed25519.pub`
			`dest: /root/.ssh/id_ed25519.pub`