mirror of
https://github.com/CPunch/openpunk-ansible.git
synced 2024-11-14 20:00:05 +00:00
CPunch
e8fe024b77
- roles/git now uses blockinfile to ensure the github ssh keypairs are trusted, and to allow subsequent ssh keypairs to be trusted and not overwritten by future runs. - this commit marks idempotency for all roles. after a successful run of this playbook, subsequent runs will result in a change=0 !!!!!
38 lines
962 B
YAML
38 lines
962 B
YAML
---
|
|
- name: Setup git config
|
|
copy:
|
|
src: .gitconfig
|
|
dest: /root/.gitconfig
|
|
owner: root
|
|
mode: u=rw,g=,o=
|
|
|
|
# make sure our vps trusts the github.com key signature. we pipe the output
|
|
# of ssh-keyscan into .ssh/known_hosts
|
|
|
|
- name: Scan for SSH host keys
|
|
command: ssh-keyscan github.com 2>/dev/null
|
|
register: ssh_scan
|
|
changed_when: false
|
|
|
|
- name: Update .ssh/known_hosts
|
|
blockinfile:
|
|
path: /root/.ssh/known_hosts
|
|
block: "{{ ssh_scan.stdout_lines|join('\n') }}"
|
|
insertbefore: BOF
|
|
create: yes
|
|
owner: root
|
|
mode: u=rw,g=,o=
|
|
|
|
# this keypair is trusted under my github account, so it allows my vps to make pushes
|
|
# to the main branch of my openpunk repository. (see roles/deadswitchfiles/imdead.sh)
|
|
|
|
- name: Install ssh priv key
|
|
copy:
|
|
src: secrets/id_ed25519
|
|
dest: /root/.ssh/id_ed25519
|
|
mode: u=rw,g=,o=
|
|
|
|
- name: Install ssh pub key
|
|
copy:
|
|
src: secrets/id_ed25519.pub
|
|
dest: /root/.ssh/id_ed25519.pub |