#SPDX-License-Identifier: MIT-0 --- # tasks file for roles/init-vps # @NOTE server deployment method is based on task tags compiled herein - name: Finding SSH public keys for root delegate_facts: true delegate_to: localhost ansible.builtin.find: paths: "{{ local_facts['user_dir'] | default(lookup('env', 'HOME')) }}/.ssh" # @TODO define 'cnode_homedir' in playbook patterns: "{{ ['^'] | product(ssh_keys) | map('join') | list }}" file_type: file use_regex: true register: ssh_keypairs - name: Reducing SSH key-pair results to list of SSH public key paths ansible.builtin.set_fact: root_pubkey_paths: "{{ ssh_keypairs.files | selectattr('path', 'search', '\\.pub$') | map(attribute='path') | list }}" - name: Converting SSH public key paths to their file contents ansible.builtin.set_fact: root_pubkeys: "{{ root_pubkeys | default([]) + [lookup('file', item)] }}" loop: "{{ root_pubkey_paths }}" - name: Bootstrapping VPS block: - name: Creating VPS via Linode VPS service API block: - name: Creating the VPS linode.cloud.instance: api_token: "{{ token }}" label: "{{ instance }}" type: g6-standard-2 image: "{{ operating_system }}" disk_encryption: enabled region: "{{ origin }}" private_ip: true root_pass: "{{ password }}" authorized_keys: "{{ root_pubkeys }}" state: present register: new_instance - name: Waiting for that VPS to come online delegate_to: "{{ item }}" delegate_facts: true ansible.builtin.wait_for_connection: delay: 20 timeout: 300 vars: ansible_ssh_private_key_file: "{{ chosen_privkey | default(ssh_keypairs.files | rejectattr('path', 'search', '\\.pub$') | map(attribute='path') | list | random) }}" # @TODO define 'chosen_privkey'in playbook ansible_user: root loop: "{{ new_instance.instance[ip_pref] }}" tags: - linode tags: - vps - name: Bootstrapping homeserver block: - name: Installing operating system or distro in server when: operating_system != None block: - name: Creating a server block: [] tags: - unimplemented - name: Waiting for that server to come online delegate_to: "{{ item }}" delegate_facts: true remote_user: root when: item is ansible.utils['ip_pref'] ansible.builtin.wait_for_connection: delay: 20 timeout: 300 vars: ansible_user: root loop: "{{ groups[instance] | default(hostvars[instance]) }}" - name: Checking if that server has required operating system delegate_to: "{{ item }}" delegate_facts: true remote_user: root when: ansible_facts["system"] != "Linux" and item is ansible.utils['ip_pref'] ansible.builtin.fail: msg: Unsupported operating system found vars: ansible_user: root loop: "{{ groups[instance] | default(hostvars[instance]) }}" - name: Checking if that server has required Linux distro delegate_to: "{{ item }}" delegate_facts: true remote_user: root when: ansible_facts["system"] == "Linux" and ansible_facts["os_family"] != "Debian" and item is ansible.utils['ip_pref'] ansible.builtin.fail: msg: Unsupported Linux distro found vars: ansible_user: root loop: "{{ groups[instance] | default(hostvars[instance]) }}" - name: Providing authorized keys for server root account delegate_to: "{{ item[0] }}" delegate_facts: true remote_user: root ansible.posix.authorized_key: user: "{{ ansible_user }}" key: "{{ lookup('file', item[1]) }}" state: present vars: ansible_user: root loop: "{{ (groups[instance] | default(hostvars[instance])) | product(root_pubkey_paths) }}" tags: - lan