From 633f231b26a662120de62b368b3c20c79076ea9e Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Tue, 2 May 2023 17:32:11 -0500 Subject: [PATCH] Catching up config with known state --- roles/IRC/tasks/daemon.yml | 7 +++ roles/IRC/templates/inspircd/inspircd.conf.j2 | 2 +- roles/ShadowArch/tasks/archlinux-network.yml | 12 ++--- roles/ShadowArch/tasks/main.yml | 52 ++++++++++--------- 4 files changed, 41 insertions(+), 32 deletions(-) diff --git a/roles/IRC/tasks/daemon.yml b/roles/IRC/tasks/daemon.yml index 05f9952..9713204 100644 --- a/roles/IRC/tasks/daemon.yml +++ b/roles/IRC/tasks/daemon.yml @@ -27,6 +27,13 @@ group: ircd mode: 0640 + - name: Add ircd user to ssl + become: yes + user: + name: ircd + groups: ssl + append: yes + - name: Copy service file become: yes register: servicesfile diff --git a/roles/IRC/templates/inspircd/inspircd.conf.j2 b/roles/IRC/templates/inspircd/inspircd.conf.j2 index 893c8b0..489d4f3 100644 --- a/roles/IRC/templates/inspircd/inspircd.conf.j2 +++ b/roles/IRC/templates/inspircd/inspircd.conf.j2 @@ -58,7 +58,7 @@ pingfreq="120" port="6697" recvq="8192" - requiressl="on" + requiressl="off" resolvehostnames="on" softsendq="8192" threshold="25" diff --git a/roles/ShadowArch/tasks/archlinux-network.yml b/roles/ShadowArch/tasks/archlinux-network.yml index 200de31..98ebeff 100644 --- a/roles/ShadowArch/tasks/archlinux-network.yml +++ b/roles/ShadowArch/tasks/archlinux-network.yml @@ -9,35 +9,35 @@ - name: Static ArchLinux network config become: yes - when: static and not tap + when: static is defined and not tap is defined template: src: netctl-static.j2 dest: "/etc/netctl/{{ ipinterface }}" - name: Tap ArchLinux network config become: yes - when: tap and not static + when: tap is defined and not static is defined template: - src: netctl-tap.j2 + src: netctl-tap is defined.j2 dest: "/etc/netctl/{{ ipinterface }}" - name: Bridge ArchLinux network config become: yes - when: tap and not static + when: tap is defined and not static is defined template: src: netctl-bond.j2 dest: "/etc/netctl/br0" - name: Tunnel ArchLinux network config become: yes - when: tap and not static + when: tap is defined and not static is defined copy: src: netctl-tun dest: "/etc/netctl/tun0" - name: Dynamic ArchLinux network config become: yes - when: not static and not tap + when: not static is defined and not tap is defined template: src: netctl-dhcp.j2 dest: "/etc/netctl/{{ ipinterface }}" diff --git a/roles/ShadowArch/tasks/main.yml b/roles/ShadowArch/tasks/main.yml index 1761b76..7258bb4 100644 --- a/roles/ShadowArch/tasks/main.yml +++ b/roles/ShadowArch/tasks/main.yml @@ -3,6 +3,33 @@ # This role installs the basic package and host setup for AniNIX operations. # This is an AniNIX convention to allow password management by Ansible. + + - name: Test root password + ignore_errors: yes + register: root_password_test + vars: + ansible_become_user: "{{ item }}" + ansible_become_method: su + ansible_become_password: "{{ passwords[inventory_hostname] }}" + become: yes + command: id + loop: + - root + - "{{ ansible_user_id }}" + + - name: Define passwords + ignore_errors: yes + vars: + ansible_become_user: "root" + ansible_become_password: "{{ passwords[inventory_hostname] }}" + become: yes + when: root_password_test.rc is not defined or root_password_test.rc != 0 + command: + cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' | chpasswd {{ item }}" + loop: + - root + - "{{ ansible_user_id }}" + - name: Base packages vars: ansible_become_method: su @@ -54,31 +81,6 @@ regexp: "includedir /etc/sudoers.d" line: "#includedir /etc/sudoers.d" - - name: Test root password - ignore_errors: yes - register: root_password_test - vars: - ansible_become_user: "{{ item }}" - ansible_become_method: su - ansible_become_password: "{{ passwords[inventory_hostname] }}" - become: yes - command: id - loop: - - root - - "{{ ansible_user_id }}" - - - name: Define passwords - vars: - ansible_become_user: "root" - ansible_become_password: "{{ passwords[inventory_hostname] }}" - become: yes - when: root_password_test.rc is not defined or root_password_test.rc != 0 - command: - cmd: /bin/bash -l -c "echo '{{item}}:{{ passwords[inventory_hostname] }}' | chpasswd {{ item }}" - loop: - - root - - "{{ ansible_user_id }}" - - name: Set up pacman.conf vars: ansible_become_password: "{{ passwords[inventory_hostname] }}"