Separate from Kubernetes repo

2024-08-12 21:36:48 +03:00
commit 55f95641ca
14 changed files with 1080 additions and 0 deletions
--- a/update-ssh-config.yaml
+++ b/update-ssh-config.yaml
@@ -0,0 +1,74 @@
+# This playbook updates known_hosts and ssh_config files in this repository
+# and authorized keys on target machines
+---
+- name: Collect servers SSH public keys to known_hosts
+  hosts: localhost
+  connection: local
+  vars:
+    targets: "{{ hostvars[groups['all']] }}"
+  tasks:
+    - name: Generate ssh_config
+      ansible.builtin.copy:
+        dest: ssh_config
+        content: |
+          # Use `ansible-playbook update-ssh-config.yml` to update this file
+          # Use `ssh -F ssh_config ...` to connect to target machine or
+          # Add `Include ~/path/to/ansible/ssh_config` in your ~/.ssh/config
+          {% for host in groups['all'] | sort %}
+          Host {{ [host, hostvars[host].get('ansible_host', host)] | unique | join(' ') }}
+              User root
+              Hostname {{ hostvars[host].get('ansible_host', host) }}
+              Port {{ hostvars[host].get('ansible_port', 22) }}
+              GlobalKnownHostsFile known_hosts
+              UserKnownHostsFile /dev/null
+              ControlMaster auto
+              ControlPersist 8h
+          {% endfor %}
+    - name: Generate known_hosts
+      ansible.builtin.copy:
+        dest: known_hosts
+        content: |
+          # Use `ansible-playbook update-ssh-config.yml` to update this file
+          {% for host in groups['all'] | sort %}
+          {{ lookup('ansible.builtin.pipe', 'ssh-keyscan -p %d -t ecdsa %s' % (
+              hostvars[host].get('ansible_port', 22),
+              hostvars[host].get('ansible_host', host))) }} # {{ host }}
+          {% endfor %}
+
+- name: Pull authorized keys from Gitea
+  hosts: localhost
+  connection: local
+  vars:
+    targets: "{{ hostvars[groups['all']] }}"
+  tasks:
+    - name: Download https://git.k-space.ee/user.keys
+      loop:
+        - arti
+        - eaas
+        - lauri
+        - rasmus
+      ansible.builtin.get_url:
+        url: https://git.k-space.ee/{{ item }}.keys
+        dest: "./{{ item }}.keys"
+
+- name: Push authorized keys to targets
+  hosts:
+    - misc
+    - kubernetes
+    - doors
+  tasks:
+    - name: Generate /root/.ssh/authorized_keys
+      ansible.builtin.copy:
+        dest: "/root/.ssh/authorized_keys"
+        owner: root
+        group: root
+        mode: '0644'
+        content: |
+          # Use `ansible-playbook update-ssh-config.yml` from https://git.k-space.ee/k-space/ansible/ to update this file
+          {% for user in admins | unique | sort %}
+          {% for line in lookup("ansible.builtin.file", user + ".keys").split("\n") %}
+          {% if line.startswith("sk-") %}
+          {{ line }} # {{ user }}
+          {% endif %}
+          {% endfor %}
+          {% endfor %}