diff --git a/globals.yaml b/globals.yaml deleted file mode 100644 index 340827d..000000000 --- a/globals.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -username: jlay # user for 'create-user' role -zfs_disk: /dev/vdb -zfs_arc_size_mb: "{{ (ansible_memtotal_mb * 0.20)|int|abs }}" -zfs_arc_size_bytes: "{{ zfs_arc_size_mb }}000000" -pwgen: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigits,punctuation length=32') }}" diff --git a/play.yml b/play.yml index 31f61e2..740deab 100644 --- a/play.yml +++ b/play.yml @@ -1,14 +1,11 @@ --- - hosts: all - vars_files: - - ./globals.yaml - roles: - {role: bootstrap} - {role: tmp-mount-fix} + - {role: install-packages} - {role: update-packages} - {role: fedora-upgrade} - - {role: install-packages} - {role: create-user} - {role: hardening} # - {role: docker} # TODO: replace me with a generic container role, podman on EL based distros - Docker on Debian/Ubuntu diff --git a/roles/create-user/defaults/main.yml b/roles/create-user/defaults/main.yml new file mode 100644 index 000000000..584bf31 --- /dev/null +++ b/roles/create-user/defaults/main.yml @@ -0,0 +1,3 @@ +--- +create_username: "{{ lookup('env','USER') }}" +create_pwgen: "{{ lookup('password', '/dev/null chars=ascii_letters,digits,hexdigits,punctuation length=32') }}" diff --git a/roles/create-user/tasks/deb.yml b/roles/create-user/tasks/deb.yml index aed0636..ae9fe0d 100644 --- a/roles/create-user/tasks/deb.yml +++ b/roles/create-user/tasks/deb.yml @@ -1,9 +1,9 @@ --- -- name: creating user {{ username }} in sudo group (Debian/Ubuntu) +- name: creating user {{ create_username }} in sudo group (Debian/Ubuntu) user: - name: "{{ username }}" - password: "{{ pwgen | password_hash('sha512') }}" + name: "{{ create_username }}" + password: "{{ create_pwgen | password_hash('sha512') }}" state: present shell: /bin/bash groups: sudo diff --git a/roles/create-user/tasks/el.yml b/roles/create-user/tasks/el.yml index 95000c1..86834e8 100644 --- a/roles/create-user/tasks/el.yml +++ b/roles/create-user/tasks/el.yml @@ -1,9 +1,9 @@ --- -- name: creating user {{ username }} in wheel group (RHEL/CentOS/Fedora) +- name: creating user {{ create_username }} in wheel group (RHEL/CentOS/Fedora) user: - name: "{{ username }}" - password: "{{ pwgen | password_hash('sha512') }}" + name: "{{ create_username }}" + password: "{{ create_pwgen | password_hash('sha512') }}" state: present shell: /bin/bash groups: wheel diff --git a/roles/create-user/tasks/main.yml b/roles/create-user/tasks/main.yml index 8c2eee6..323a3ac 100644 --- a/roles/create-user/tasks/main.yml +++ b/roles/create-user/tasks/main.yml @@ -6,13 +6,13 @@ - include_tasks: el.yml when: ansible_distribution in ["CentOS", "Red Hat Enterprise Linux", "RedHat", "Fedora"] -- name: print generated password for {{ username }} on each host - debug: var=pwgen +- name: print generated password for {{ create_username }} on each host + debug: var=create_pwgen when: user_created is changed -- name: copy current pubkeys to ~{{ username }}/.ssh/authorized_keys +- name: copy current pubkeys to ~{{ create_username }}/.ssh/authorized_keys authorized_key: - user: "{{ username }}" + user: "{{ create_username }}" state: present key: "{{ item }}" with_items: diff --git a/roles/zfs/defaults/main.yml b/roles/zfs/defaults/main.yml index 1ae6c73..1be7c4d 100644 --- a/roles/zfs/defaults/main.yml +++ b/roles/zfs/defaults/main.yml @@ -1,10 +1,12 @@ --- +zfs_disk: /dev/vdb +zfs_arc_size_mb: "{{ (ansible_memtotal_mb * 0.20)|int|abs }}" +zfs_arc_size_bytes: "{{ zfs_arc_size_mb }}000000" EL_ZFS_PKGS: - kernel-devel - "@Development tools" - dkms - zfs - UBUNTU_ZFS_PKGS: - zfsutils-linux - zfs-initramfs