-
Notifications
You must be signed in to change notification settings - Fork 18
/
setup-control-host.yml
79 lines (68 loc) · 8.42 KB
/
setup-control-host.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
- hosts: control
become: yes
roles:
- git
- hosts: control
tasks:
- set_fact:
sysadmins:
- { name: jonathan, public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTV5Pf3wzhqey7Vkh2oJ6TcnjG7+kA8v72QY0puaAD2" }
- { name: eric, public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDIH9yhmm/hMX3FHK5TAaSwYHGl94CrG56Sy7CQNTymlsq3XFMuP2cWuTUNwj3uN22Mj+id+6AhvcttE5o5h3ASuVWY51CKHsq1NliOAnPUlSN5X9EEWbeYzAN5aWaars4Kwvrhf22TrPqVI7kjiRIF2ikR3j4tSyrX7Bjtn9WIsYzFGTCrGTFCKa8ImjwxKSJkRmiuuVRKoofk4M+517G7vRl9Q/14fpp9SndmSIosQFXUyEVTX66h2Uu3feOKB3XUSps6I8UicVmnXO0ZNS/YpWKK2oiA6RVbVRzPBAZx/RoQYhJ2t8rlMTdadZvOL+8WUGKlKcSMQ6+rLV9Z6FhIiXdxHoQGLA1R2R83CGltN44DmT/G3pa0Jcl3k0YJ1Qyxnb5WOq/BoTscCSIdnfHN9K9pFgICjt4qa1s9sSxg0YgSZhVo2FUMBj7EJZVWmA5dda50hdnmAFPD6TLrcFwi6YHi1S2WYklXATkobUanbov70os87yT8i7xX48sah5rE9vzr7EiiFDuF+9QpH42Nog49JqOo4ypTYiBl7rL0RBpAekHTmUKM0MukPvdNNX8FBdkcDX0kSqlNlosysg/fJkGxsZWRRpfB4pl1Q23q+LDcjswyJOF0Nwta+ILtyQdanx1Zs0peqjiwZjOe1fM9k8hDtXcLIxvMI4qZCdM5cQ==" }
- { name: jac, public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/IHyI7Ohh01Y4lmaGifVcXLdzIHiT+GLzEpYrG7pca" }
- { name: thomas, public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDmEeA6/INHf3eSyTjviBGSkgJwbDZR0ERBXtrOfM6D3dgUmwbu5zYpuAASmRUQIRnq7VKJrNyVZtxIighBD10DrJjyysYmeCEyKcYil6RrWsbMLsSMsYeda0YPdePAQlT+oYEE0j1QL7k2uBaHHMgEDaYpvogUJdXKZdnVdHCPz7fFFsop5b0GtkrlmU/a8WjJrmJw4Yl47woz2ipLGZiaOAuTpj2ZzpxQOVgIJt7Zu0vfcQV8Ivbhbg4epjIbm/eRi2odbw0oyUAwrqu9u23lwXPfzINl5BoO3gERwRYXx5K8R7nQK93rlwnWVYMx5ru7M4wRvDZL/ikOxZAsIZa1AFY0nLL2/AC23s6OYP0PkByn2s3gGi42AgzqvZdzlicHC1mpWSZUFFMq8QWMmkHujRegX9eL1YCJAvOfjdFl5zW7O+eUEsz68raAeWQVnw7Mkc4v7+kLSUx4RRqcUEqOiWG1lMCybbpDoRewvXvYYezFd1eysKVA2HngbAA4o8CLtM0fCdElns9ULYU0spnLHDi03/BO7NZKneyvput/AYtwxECnyx6xu7BHjbWBWqc+3/Uw0oTCJ8ZipCg0pqNPBdFx9SpMCRckoIhcd9ezItVzf+dnH21eML0opcAaM95R323abrSwHG8LRbCcP6cUBi/97hq2h8sVfe7CZVPD5Q==" }
- { name: ocanty, public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6KgSclCW2dhdtPc7AfyvOjr9nL+0pQIMRWGtv2AjMNOXfrCf3aOWhiUug1FbEPC+vjYGPaDc4hplj3Kfb5AaVYsY9XF48v1x9hiBtxiyE/BdFNa7aMzXT4qx3GS/kuw/P9CJaYPTTPplase98hTljU13VQrlveh5t1xM1tLLR7y5/adbl3UyMyFY5V+HT1nWns01qsZMe2m0q4Uvz2UbvIlYD5cN3OjTCrMtfeLQGeBOm/ScpkNTbNxu9nomBa6NW3MOp3g3JjBfut4RRZPgWGXfFj0CKBVKTaXc/OFtf5JlcnWpSY6f8DZbW2V8Ymssasqq4HnT4fhA27iwvHoUF4exmgH5B4jtFRZccRyF1W+t9Rxb8EN/MfgMxh1mHCiSBSaNwGCxeNTMT1ZgkWmDcT2GoCJmkVUdF3JbKk26gjVDTI8gDM/Td8cLbgIwc+iLWNd6MXhOR5jt9OsvrT71RV9t0z0RyT/2KsaxJe8UVrI+48va+TpSRfyBcv+BelAE=" }
- { name: oofsauce, public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHW94S5zZ3xN2r3M7QL8svMgY1pKI+CKHz4FjIkEZtpH zwei-win@DESKTOP-86PGM04" }
- { name: ciaran, public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDpUsmZIo4cDkDDUe+hZLH0wBc5fnpmiQA9SQB/bomYGZ8GT4ECvGBRBeIHLARatXVnC39noGmZvpp0msmUaLXadYManQDeFXFiXrQJeM2BLkwyA9HUZfWs8XaN9YO278CwHJlY6gzaGSxhWriSsg5/JTWhACD6mtKVXk7LqD21XOC22HP8oN5uTmrQHb8hePeHK4w4z5iUqsRGANam1JDzv69EMf6zbaFq+8AxTFiQSFXSlm50VFAtk+e3HrZYYgyDrN+5ffYQxeiWP3E4tvgBtvp9XwtIUuS3L/B/WvM5e9ZAy3zML9VR5paRcHLTS1SVut2oSXvulrSf8hkQEhd rsa-key-20211224" }
- { name: reece, public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC6ifkMAy38PHhm2bN00lmtwOrYQqpclFIVis6J6V9sV" }
- { name: colm, public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDOJk4xXXqU5CI6h7m/A1Afkk9AHRPITmpY3V/S4Fse5aqvKrARx8g3TQ/cpFZ24gp7IlGegVIaCmfOZOPuFlgySrIrFR7VhcP3I3GWeDgAS/QeInLJCC5tYiEWFhgJLYO6C6s6l1avUBPWttUzniA1lMj9FfHBgrRlhneEVbryvbnT4ldGiF7kQPDqtrjWOKaPyqekFakAuT+t73ohTJzeu7uxMS+K7/VfbEvAaTMNBTTqJkhFitgiydh4Chmqn67KoBVX6/s8gprkSc3W2ZfwNLfoFleptLpTj8+4OF+hg0uXau/EnIzBiFJ5D/R7smgS1IopFR+uGH6NS80Ap7txWMLe4YoglL85jLmZ5DQnjEjMcDIFFWhhoWCCvJT3s3OsMTM51lSAmfTlb1Bh2cqX8rM9Iu0Qhe9JdN7bez1KQGMWEfaT1igDjDwdTUBS6xP/s9PZ+VhNihJuvS/Es0KYnFoYNZG4WLbP6agbdfWZ8toq1vss6Mxbffi1WfxXGvs= colm@pop-os" }
- { name: max, public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1IpwXwefHIZpFyXVTdvFUUuMAizWMBKN3rZRSvQrDP max"}
- { name: meabh, public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpaZI30OkhPqdzug8c4ejR3cZI0+nSkaofHxSfhB78qN6H+9AX7fa+7aEt/9VmSD+MfnVn+A6G9cRVEkYXZ+KVMD880ZGUkPdmDH/mZPhjfZIT8oEj4sm4aQu1skWkSXhSwEpZU2NG8A3tFDPvjXsCvbR9URFddKYEcJkez1bsd+LdOUOkLm/l0DtLJ3KNNe9lVXtSFyGEB2sKO5zvLKfeq6Q3065sLJS27kuR7IkhPJ14hH2YZo5ln0LmiriacDGr8+auWEIYCOX5TvD3W7MCGc5s4IXj5fx6JkFUMCEfVRm/kEu9Nv3Q9xk51TUjZAPZ4iRnOoZSChJlzS0nCCeWiMhPY8o/1wgfGFpK+ZtEarrTTEhoiQoNvHxKQzjgBFHeColJoiZn24Qp1X3cxziZVi/V5UIPFPi7uzv265+745gOorwfBJPDAf9sYAFUk0Z87rpr7w1pfRf2crIpHeRcM8CqH8yW3Rb8F3maIhA4tkVQjZK8V5rmZ+2Q3t1yzk0Y82CxU9zCjfLUz6aEH5yRbDII9Jn+moxuH7KXSui29sy/bP3e0arqd7XZToa7mM4ipoDgX81P6sLW80z8d9XEHyOpXPEXAI0+6bow5mE8cLN3PMyRMsgk/bALZp5vgr6HRR5k6P3UmACRHE5k7sDlcfbdZrlBPApB67h0WDDdAQ==" }
- { name: Dolan, public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC2Zsh6oW47sGOq6xuIuPZ2vg24OtcwWapWzNXbfrFJ/ed7A1BGc3CU59C2bdU5mnJarUm/Dk78C7SaPMtmRCXKcFZ+bHqRz5x/a0aMKwc97rR2USF60EQyLwyBgHXdPr+KeIFRHKQPPkf2CHiZuQ7+9Yma5EyJD8u1tOmGsV6/U4kmK/op09OqZcQ5BU3bBxyUuz3hAlNbAtzLW+kLZRS93q9BDeaMJHXiDfhRTSV6rfbR3rcrmYlSr/0QpWAfmevjfjMsTkT0YDJZRLWkcMtgqPTZ3Qla0mg6xaZlECBUJHeqC29ODFcg6gotn6FPmR3I3TwDdC94yw5lgTjVTbZ7jHqPADuJkaFEgQsQrSeh5iA/SkbFs8MPq1CDmPmbGDGXC8DxMooDdXBcXz2WOjGwF8v7gB8whYpj4hbaGvyWvyXd0pB+/GVvVAjB8tkgqdzF+8WRpWUFqMRm+ZAXsLkoNPtXqiD6e/08L9fwTMP1XObKLXUvcBwAmvWzF9p54RCCu1Wp5By/+5ORiU56UIyAEeSZmSSSpKB+U5JODbYhDenBDMhfAEzOYng9890LsDx85tEdPs+nDQ1P5G/e9kOd8HyheWBNtIR94NUJ9vLNephwG1dadMC5PXtbC5u3+m8iJrOf4TkX4q9CcSql+aycOnVFlxYf1reo4KwR+slN5w=="}
- { name: shang, public_key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCV1uY+Y6pzN8xp2Z8axn72zxW4DqjXUeiVyQoWkQk2OHRGJ6nipnEo2AVtWdz1WSoXw7QehNa41Tik078daxBUsgbU8F7+6eic16FGeYTRnFV67yPgq0mzSAxQ1K+wleRmNTC5UigDU9wkGh8q8QjGheMxuIAwhjiq2rE+EeO8HmVn4htNlGSEtyTNmx+DDLBGh4GH4evr7o0zUMmBmckO0c4mwv1uJCGovVLYq0W0o9AsKZj08J67+Src0y+zKkUxkO7Qk3BrLfWMx2vOBrs+6gasFvxMurCtV5Ym+mpguJJG7WG7v5WO7kU0MS3OpkDHiMWzhxuohKcTv9JEF4xJh3x91O+d4mcXt+pnj1OeTmil6bQTarlsnUIEWmVYo6pwxDZNRLBFmjBvDR73t+EUiFX92h9+7rSkqT9nhiHYQyC/cOdZD4/wZjR+WMD7XTMb5o0OQ+9tDCrj0RKAhAZ/+DMgMgrf0i4E5EkUyc27VG0S7EOfQ+pxSDveob0ayGiOrkFJLFDQwaHFWDQwg5YL6vaSFYWG7IqcWOFCjtcMEviKkoNSkm7DHoswdrbv7BH3xt0hWhvrUDhwZzhkmWtAWux7XpWfFYQSXHPjLbRWyJ/084TZlevDnKLGa8tADHoTSs2aTa92p92GHOIncRi6MNp6OJMPl1cc/4seOYulXQ=="}
- { name: victor, public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNBark29wr9F9lR/PqwhnWzRFiE8HNx1f/0iazzogW"}
- { name: aleksy, public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+gipoXcQyEB8Vel+P7benQW1s/gH2KJ3jNk+a5P20H"}
- { name: oscar, public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPrNX0agEXpO1rzoBMw1ZyRvbypYENT9cdYABiDtOswR"}
# User used by github action deployments:
- { name: github, public_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDSRDNj4SupDnA/1fjJ23GGVVpYF0rL8op/ExrQYQAtI" }
- name: Setup SysAdmin accounts
hosts: control
tasks:
- name: Create netsoc_sysadmin Linux group
group:
name: netsoc_sysadmin
state: present
- name: Create SysAdmin Linux accounts
user:
name: "{{ item.name }}"
state: present
group: netsoc_sysadmin
create_home: yes
with_items: "{{ sysadmins }}"
- name: Authorize SysAdmin SSH keys
authorized_key:
user: "{{ item.name }}"
key: "{{ item.public_key }}"
state: present
with_items: "{{ sysadmins }}"
- name: Add SysAdmins to sudo
lineinfile:
path: /etc/sudoers
regexp: "%admins ALL=(ALL) ALL"
line: "%netsoc_sysadmin ALL=(ALL) ALL"
- name: Create netsoc_sysadmin Proxmox group (if it doesn't exist) and give it admin role
shell: |
pveum group list --output-format=json | jq .[].groupid | grep netsoc_sysadmin || pveum group add netsoc_sysadmin -comment 'Netsoc SysAdmins'
pveum aclmod / -group netsoc_sysadmin -role Administrator
- name: Create Proxmox-PAM users for Netsoc SysAdmin Linux accounts (if they don't exist)
shell: |
pveum user list --output-format=json | jq .[].userid | grep {{ item.name }}@pam || pveum user add {{ item.name }}@pam --groups netsoc_sysadmin
with_items: "{{ sysadmins }}"
- name: Create `netsoc_cloud` Proxmox Resource Pool (id it doesn't exist)
shell: |
pvesh ls /pools --output-format=json | jq .[].name | grep "netsoc_cloud" || pvesh create /pools --poolid netsoc_cloud --comment "User Containers & VMs"
- name: Clone NaC onto github account
hosts: control
tasks:
- git:
repo: 'https://github.com/UCCNetsoc/NaC.git'
dest: /home/github/NaC