fix: playbook task already has access to inventory-level variables

README.md

@@ -1,35 +1,39 @@
 # SUKAATO Ansible
 
-This repository is for automating the management of the configuration of, and the provisioning of software for, my virtual private servers using [Ansible](https://www.redhat.com/en/ansible-collaborative?intcmp=7015Y000003t7aWQAQ). It's main purpose is to spin up the VPSs, create initial users and groups, import SSH or GPG keys, lock down SSH accessor harden SSH, and then install and configure packages available to the given package manager of the operating system. The `bootstrap` role in here serves to abstract some of these tasks for our main playbook files.
+This repository is for automating the management of the configuration of, and the provisioning of software for, my virtual private servers using [Ansible](https://www.redhat.com/en/ansible-collaborative?intcmp=7015Y000003t7aWQAQ). It's main purpose is to spin up the VPSs, create initial users and groups, import SSH or GPG keys, lock down SSH access or harden SSH, and then install and configure packages available to the given package manager of the operating system. The `bootstrap` role in here serves to abstract some of these tasks for our main playbook files.
 
 ## Variable Names and Their Scopes
 
-To be able to make use of the Ansible playbooks, it is necessary to specify some variables in or at relevant scopes, though some may have some defaults. The relevant scopes variables are defined in for our purposes:
+To be able to make use of the Ansible playbooks, it is necessary to specify some variables in or at relevant scopes, though some may have some defaults. The relevant scopes variables are defined in, for our purposes, are:
 
 - Ansible **inventory scope**: corresponds to variables inside per-hostname files in `group_vars` or `host_vars` directories, or the inventory file itself, i.e. `hosts.ini` or `hosts.yml`. The inventory file has some enforced naming conventions to be covered later or elsewhere.
-- Ansible **role scope**: corresponds to variables found in files inside the `defaults` / `vars` directory in a role directory, or variables found in files inside subdirectory `main` in either `defaults` or `vars` directory of that role directory. There are favored conventional directory structure within which these variables are specified in the aforementioned directories, to be covered later or elsewhere.
+- Ansible **role scope**: corresponds to variables found in files inside the `defaults` / `vars` directory in a role directory, or variables found in files inside subdirectory `main` in either `defaults` or `vars` directory of that role directory. There are favored conventional directory structures within which these variables are specified in the aforementioned directories, to be covered later or elsewhere.
+
+Other variables that tend to have default definitions as is but that may be of interest are those found in Jinja templates of roles, in this case of the role `bootstrap`. Look through the `bootstrap` role's `templates` directory and you will discover them--most of them defined in role tasks or handlers that make reference to them. However, more information may be found elsewhere.
 
 ### Inventory Scope
 
-Herein are listed the relevant variables at or in the *inventory* scope. These must be specified for a specific inventory host or group, typically their corresponding files under `group_vars` or `host_vars`. Some variables must take in a dictionary type to be valid. To save space, there will be more detail on what keys are required or optional for such dictionaries will be provided elsewhere and not here.
+Herein are listed the relevant variables at or in the *inventory* scope. These must be specified for a specific inventory host or group, typically in their corresponding files under `group_vars` or `host_vars`. Some variables must take in a dictionary type to be valid. To save space, there will be more detail on what keys are required or optional for such dictionaries [elsewhere](https://git.sukaato.moe/admin/skato-ansible/wiki/Inventory-Scope) and not here.
 
-name | type | value validity rule | default value | required?
+name | type | value validity rule
----|---|---|---|---
+---|---|---
-`fqdn` | `\<str\>` | fully qualified domain name | none | true
+`fqdn` | `<str>` | fully qualified domain name
-`vps_service` | `\<dict{\<str\>:<str\|bool\|list\>}\>` | valid fields providing data for spinning up new VPS | none | true
+`vps_service` | `<dict{<str>:<str\|bool\|list>}>` | valid fields providing data for spinning up new VPS
-`groups` | `\<dict{$group_name:\<dict\>}\>` | fields/keys that are group names with data configuring that group | none | true
+`groups` | `<dict{$group_name:<dict>}>` | fields/keys that are group names with data configuring that group
-`users` | `\<dict{$user_name:\<dict\>}\>` | fields/keys that are user names with data configuring that user | none | true
+`users` | `<dict{$user_name:<dict>}>` | fields/keys that are user names with data configuring that user
-`keywords` | `\<list[\<str\>]\>` | strings that describe the VPS, useful for applying tags if allowed by API | none | false
+`keywords` | `<list[<str>]>` | strings that describe the VPS, useful for applying tags if allowed by API
-`custom_vars` | `\<dict{\<str\>:\<any\>}\>` | your own custom variables, though there are some reserved variable names for this namespace | none | true (hence the reserved variable names)
+`custom_vars` | `<dict{<str>:<any>}>` | your own custom variables, though there are some reserved variable names for this namespace
 
-## Role Scope
+### Role Scope
 
-Herein are listed the relevant variables at or in the *role* scope. These must be specified for a set of role tasks expected to run in a playbook for the host specified for its play.
+Herein are listed the relevant variables at or in the *role* scope. These must be specified for a set of role tasks expected to run in a playbook for the host specified for its play. Some variables must take in a dictionary type to be valid. To save space, there will be more detail on what keys are required or optional for such dictionaries [elsewhere](https://git.sukaato.moe/admin/skato-ansible/wiki/Role-Scope) and not here.
 
-name | type | value validity rule | default value | required?
+name | type | value validity rule
----|---|---|---|---
+---|---|---
-`software` | `\<dict{\<str\>:\<dict\>}\>` | valid fields providing data for software installations | none | false
+`software` | `<dict{<str>:<dict>}>` | valid fields providing data for software installations
-`config` | `\<dict{$software_name:\<dict\>}\>` | software name fields providing data for configuring that software | none | false
+`config` | `<dict{$software_name:<dict>}>` | software name fields providing data for configuring that software
+
+## Installation
 
 > **TBC**
 > This README is yet unfinished and unverified. Check back later.

host_vars/vps1

@@ -2,7 +2,7 @@
 ---
 # vars file
 custom_vars:
-  generality:
+  shared:
     ssh_authorized_keys:
       - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIO0sbFLwfgSWpWwn4cy4cddKvV74efUMZVYTTjX2vnjAAAABHNzaDo= rika@hikiki
       - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHJqHHMplgqm8yiq4Qwisk67p9+f9sLM8tIAzuw2qkwpAAAABHNzaDo= rika@hikiki
@@ -55,7 +55,8 @@ groups:
   # @NOTE key/field names SHOULD match value of 'group_name' key or field of its object
   remote:
     group_name: remote
-    type: system 
+    type: system
+    id: ~
 users:
   # @NOTE key/field names MUST match value of 'username' key or field of its object
   senpai:
@@ -81,8 +82,8 @@ users:
       - sudo
       - "{{ groups.remote.group_name }}"
     services: [sshd]
-    ssh_authorized_keys: "{{ custom_vars.generality.ssh_authorized_keys }}" 
+    ssh_authorized_keys: "{{ custom_vars['shared']['ssh_authorized_keys'] }}" 
-    ssh_private_key_paths: "{{ custom_vars.generality.ssh_private_key_paths }}"
+    ssh_private_key_paths: "{{ custom_vars['shared']['ssh_private_key_paths'] }}"
     ssh_private_key_path_pref: 0
     gpg_keys:
       - id: 558041D5CF2AB23B # @NOTE professional
@@ -128,8 +129,8 @@ users:
     groups:
       - "{{ groups.remote.group_name }}"
     services: [proftpd,sftp,ftps]
-    ssh_authorized_keys: "{{ custom_vars.generality.ssh_authorized_keys }}" 
+    ssh_authorized_keys: "{{ custom_vars['shared']['ssh_authorized_keys'] }}" 
-    ssh_private_key_paths: "{{ custom_vars.generality.ssh_private_key_paths }}"
+    ssh_private_key_paths: "{{ custom_vars['shared']['ssh_private_key_paths'] }}"
     ssh_private_key_path_pref: 0
     gpg_keys: []
     gpg_keyid_pref: 0

init_env

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+SKATO_ANSIBLE_ROOT=$(dirname "$0")
+set -o allexport
+source "${SKATO_ANSIBLE_ROOT}/standard_paths"
+set +o allexport

playbooks/init.yml

@@ -13,7 +13,7 @@
         private_ip: true
         region: "{{ vps_service.region }}"
         root_pass: "{{ vps_service.password }}"
-        tags: "{{ hostvars[inventory_hostname].keywords }}" 
+        tags: "{{ keywords }}" 
         state: "{{ 'present' if vps_service.exists else 'absent' }}"
       tags:
         - vps_step

standard_paths

@@ -0,0 +1,28 @@
+# SKATO_ANSIBLE_ROOT=
+
+# Relative directory paths for role templates/files
+SKANSIBLE_ARIA="aria2"
+SKANSIBLE_PROFTPD="proftpd"
+SKANSIBLE_PROFTPD_CONFS="${SKANSIBLE_PROFTPD}/conf.d"
+# @NOTE below 4 filepaths have filenames that must correspond to 
+# the filenames in role ProFTPd templates'/files' Display settings 
+SKANSIBLE_PROFTPD_CONFS_WELCOME="${SKANSIBLE_PROFTPD}/conf.d/WELCOME.txt"
+SKANSIBLE_PROFTPD_CONFS_BANNER="${SKANSIBLE_PROFTPD}/conf.d/BANNER.txt"
+SKANSIBLE_PROFTPD_CONFS_SUCCESS="${SKANSIBLE_PROFTPD}/conf.d/SUCCESS.txt"
+SKANSIBLE_PROFTPD_CONFS_EXIT="${SKANSIBLE_PROFTPD}/conf.d/BYE.txt"
+SKANSIBLE_SSHD_CONFS="sshd_config.d"
+SKANSIBLE_SYSTEMD="systemd"
+SKANSIBLE_SYSTEMD_USER_UNITS="${SKANSIBLE_SYSTEMD}/user"
+SKANSIBLE_FAIL2BAN="fail2ban"
+SKANSIBLE_FAIL2BAN_JAILS="${SKANSIBLE_FAIL2BAN}/jail.d"
+SKANSIBLE_FAIL2BAN_FILTERS="${SKANSIBLE_FAIL2BAN}/filter.d"
+SKANSIBLE_GITCONFIG_CONFS="gitconfig.d"
+# @NOTE files in here must have extension "key" with IDs in  
+# "gpg_keys" inventory variable list as basenames.
+SKANSIBLE_GPG="gnupg"
+# @NOTE files in path below must have extensions "key" (private), 
+# "crt" (signed), or "pem" (public) with inventory host FQDN as basename
+SKANSIBLE_SSL="ca-certificates"
+
+# Other directories
+SKANSIBLE_SECRETS="${SKATO_ANSIBLE_ROOT}/.secrets"