107 lines
4.1 KiB
YAML
107 lines
4.1 KiB
YAML
#SPDX-License-Identifier: MIT-0
|
|
---
|
|
# tasks file for roles/init-vps
|
|
# @NOTE server deployment method is based on task tags compiled herein
|
|
- name: Finding SSH public keys for root
|
|
delegate_facts: true
|
|
delegate_to: localhost
|
|
ansible.builtin.find:
|
|
paths: "{{ local_facts['user_dir'] }}/.ssh" # @TODO define 'cnode_homedir' in playbook
|
|
patterns: "{{ ['^'] | product(ssh_keys) | map('join') | list }}"
|
|
file_type: file
|
|
use_regex: true
|
|
register: ssh_keypairs
|
|
- name: Reducing SSH key-pair results to list of SSH public key paths
|
|
ansible.builtin.set_fact:
|
|
root_pubkey_paths: "{{ ssh_keypairs.files | selectattr('path', 'search', '\\.pub$') | map(attribute='path') | list }}"
|
|
- name: Converting SSH public key paths to their file contents
|
|
ansible.builtin.set_fact:
|
|
root_pubkeys: "{{ root_pubkeys | default([]) + [lookup('file', item)] }}"
|
|
loop: "{{ root_pubkey_paths }}"
|
|
- name: Bootstrapping VPS
|
|
block:
|
|
- name: Creating VPS via Linode VPS service API
|
|
block:
|
|
- name: Creating the VPS
|
|
linode.cloud.instance:
|
|
api_token: "{{ token }}"
|
|
label: "{{ instance }}"
|
|
type: g6-standard-2
|
|
image: "{{ operating_system }}"
|
|
disk_encryption: enabled
|
|
region: "{{ origin }}"
|
|
private_ip: true
|
|
root_pass: "{{ password }}"
|
|
authorized_keys: "{{ root_pubkeys }}"
|
|
state: present
|
|
register: new_instance
|
|
- name: Waiting for that VPS to come online
|
|
delegate_to: "{{ item }}"
|
|
delegate_facts: true
|
|
ansible.builtin.wait_for_connection:
|
|
delay: 20
|
|
timeout: 300
|
|
vars:
|
|
ansible_ssh_private_key_file: "{{ chosen_privkey | default(ssh_keypairs.files | rejectattr('path', 'search', '\\.pub$') | map(attribute='path') | list | random) }}" # @TODO define 'chosen_privkey'in playbook
|
|
ansible_user: root
|
|
loop: "{{ new_instance.instance[ip_pref] }}"
|
|
tags:
|
|
- linode
|
|
tags:
|
|
- vps
|
|
- name: Bootstrapping homeserver
|
|
block:
|
|
- name: Installing operating system or distro in server
|
|
when: operating_system != None
|
|
block:
|
|
- name: Creating a server
|
|
block: []
|
|
tags:
|
|
- unimplemented
|
|
- name: Waiting for that server to come online
|
|
delegate_to: "{{ item }}"
|
|
delegate_facts: true
|
|
remote_user: root
|
|
when: item is ansible.utils['ip_pref']
|
|
ansible.builtin.wait_for_connection:
|
|
delay: 20
|
|
timeout: 300
|
|
vars:
|
|
ansible_user: root
|
|
loop: "{{ groups[instance] | default(hostvars[instance]) }}"
|
|
- name: Checking if that server has required operating system
|
|
delegate_to: "{{ item }}"
|
|
delegate_facts: true
|
|
remote_user: root
|
|
when: ansible_facts["system"] != "Linux" and item is ansible.utils['ip_pref']
|
|
ansible.builtin.fail:
|
|
msg: Unsupported operating system found
|
|
vars:
|
|
ansible_user: root
|
|
loop: "{{ groups[instance] | default(hostvars[instance]) }}"
|
|
- name: Checking if that server has required Linux distro
|
|
delegate_to: "{{ item }}"
|
|
delegate_facts: true
|
|
remote_user: root
|
|
when: ansible_facts["system"] == "Linux" and ansible_facts["os_family"] != "Debian" and item is ansible.utils['ip_pref']
|
|
ansible.builtin.fail:
|
|
msg: Unsupported Linux distro found
|
|
vars:
|
|
ansible_user: root
|
|
loop: "{{ groups[instance] | default(hostvars[instance]) }}"
|
|
# @TODO find way to incorporate use of 'groups[instance] | default(hostvars[instance]' for
|
|
# looping without loop nesting in below task
|
|
- name: Providing authorized keys for server root account
|
|
delegate_to: "{{ (groups[instance] | default(hostvars[instance]))[0] }}"
|
|
delegate_facts: true
|
|
remote_user: root
|
|
ansible.posix.authorized_key:
|
|
user: "{{ ansible_user }}"
|
|
key: "{{ lookup('file', item) }}"
|
|
state: present
|
|
vars:
|
|
ansible_user: root
|
|
loop: "{{ root_pubkey_paths }}"
|
|
tags:
|
|
- lan
|