# SUKAATO Ansible

This repository is for automating the management of the configuration of, and the provisioning of software for, my virtual private servers using [Ansible](https://www.redhat.com/en/ansible-collaborative?intcmp=7015Y000003t7aWQAQ). It's main purpose is to spin up the VPSs, create initial users and groups, import SSH or GPG keys, lock down SSH accessor harden SSH, and then install and configure packages available to the given package manager of the operating system. The `bootstrap` role in here serves to abstract some of these tasks for our main playbook files.

## Variable Names and Their Scopes

To be able to make use of the Ansible playbooks, it is necessary to specify some variables in or at relevant scopes, though some may have some defaults. The relevant scopes variables are defined in, for our purposes, are:

- Ansible **inventory scope**: corresponds to variables inside per-hostname files in `group_vars` or `host_vars` directories, or the inventory file itself, i.e. `hosts.ini` or `hosts.yml`. The inventory file has some enforced naming conventions to be covered later or elsewhere.
- Ansible **role scope**: corresponds to variables found in files inside the `defaults` / `vars` directory in a role directory, or variables found in files inside subdirectory `main` in either `defaults` or `vars` directory of that role directory. There are favored conventional directory structure within which these variables are specified in the aforementioned directories, to be covered later or elsewhere.

### Inventory Scope

Herein are listed the relevant variables at or in the *inventory* scope. These must be specified for a specific inventory host or group, typically in their corresponding files under `group_vars` or `host_vars`. Some variables must take in a dictionary type to be valid. To save space, there will be more detail on what keys are required or optional for such dictionaries elsewhere and not here.

name | type | value validity rule | default value | required?
---|---|---|---|---
`fqdn` | `\<str\>` | fully qualified domain name | none | true
`vps_service` | `\<dict{\<str\>:<str\|bool\|list\>}\>` | valid fields providing data for spinning up new VPS | none | true
`groups` | `\<dict{$group_name:\<dict\>}\>` | fields/keys that are group names with data configuring that group | none | true
`users` | `\<dict{$user_name:\<dict\>}\>` | fields/keys that are user names with data configuring that user | none | true
`keywords` | `\<list[\<str\>]\>` | strings that describe the VPS, useful for applying tags if allowed by API | none | false
`custom_vars` | `\<dict{\<str\>:\<any\>}\>` | your own custom variables, though there are some reserved variable names for this namespace | none | true (hence the reserved variable names)

## Role Scope

Herein are listed the relevant variables at or in the *role* scope. These must be specified for a set of role tasks expected to run in a playbook for the host specified for its play. Some variables must take in a dictionary type to be valid. To save space, there will be more detail on what keys are required or optional for such dictionaries elsewhere and not here.

name | type | value validity rule | default value | required?
---|---|---|---|---
`software` | `\<dict{\<str\>:\<dict\>}\>` | valid fields providing data for software installations | none | false
`config` | `\<dict{$software_name:\<dict\>}\>` | software name fields providing data for configuring that software | none | false

> **TBC**
> This README is yet unfinished and unverified. Check back later.