switched to roles

- all tasks/* have been moved to their own roles in roles/* - each file && template is now oragnized per-role - annotated each task which still isn't idempotent !TODO!
2025-10-28 03:10:06 +00:00 · 2023-01-14 17:26:17 -06:00
parent d435ab80ac
commit abaa4c9639
23 changed files with 33 additions and 24 deletions
--- a/roles/git/files/.gitconfig
+++ b/roles/git/files/.gitconfig
@@ -0,0 +1,7 @@
+[user]
+        email = openpunk@proton.me
+        name = OpenPunk
+[core]
+        editor = nano
+[pull]
+        rebase = true
--- a/roles/git/tasks/main.yml
+++ b/roles/git/tasks/main.yml
@@ -0,0 +1,37 @@
+---
+- name: Setup git config
+  copy:
+    src: .gitconfig
+    dest: /root/.gitconfig
+    owner: root
+    mode: u=rw,g=,o=
+
+# make sure our vps trusts the github.com key signature. we pipe the output
+# of ssh-keyscan into .ssh/known_hosts
+
+# TODO: make idempotent
+- name: Scan for SSH host keys
+  command: ssh-keyscan github.com 2>/dev/null
+  register: ssh_scan
+
+- name: Update known_hosts
+  copy:
+    content: "{{ ssh_scan.stdout_lines|join('\n')  }}"
+    dest: /root/.ssh/known_hosts
+    owner: root
+    mode: u=rw,g=,o=
+    force: no # if we already have a known_hosts file, ignore!
+
+# this keypair is trusted under my github account, so it allows my vps to make pushes
+# to the main branch of my openpunk repository. (for my deadswitch: see static/blog/imdead.sh)
+
+- name: Install ssh priv key
+  copy:
+    src: secrets/id_ed25519
+    dest: /root/.ssh/id_ed25519
+    mode: u=rw,g=,o=
+
+- name: Install ssh pub key
+  copy:
+    src: secrets/id_ed25519.pub
+    dest: /root/.ssh/id_ed25519.pub