tony/homelab
1
0
Fork 0
Code Issues 12 Pull Requests Actions Packages Projects Releases Wiki Activity
homelab/ansible/wings.yml

76 lines
2.1 KiB
YAML
Raw Blame History

---
- name: Preparation
hosts: vpn
pre_tasks:
- name: Verify only one embassy
ansible.builtin.assert:
that: >
groups['embassy'] | length == 1 and
groups['vpn_server'] | length == 1 and
groups['vpn_server'] | intersect(groups['embassy']) | length == 1
msg: Expected only one embassy host
- name: Verify ipv6_subnet is set
when: inventory_hostname == groups['embassy'][0]
ansible.builtin.assert:
that: ipv6_subnet is defined
msg: >
Expected ipv6_subnet to be defined.
This should have been done in Terraform or otherwise.
tasks:
# As mentioned in the other file, if I set this statically on group_vars,
# things seem to break.
- set_fact:
public_ipv6_subnet: "{{ hostvars[groups['embassy'][0]].ipv6_subnet }}"
- name: Prepare embassy
hosts: embassy
become: true
tasks:
- name: Disable password-based authentication
lineinfile:
path: "/etc/ssh/sshd_config"
regexp: '^()PasswordAuthentication yes()$'
line: 'PasswordAuthentication no'
register: passwordauthentication
- name: Enable public key authentication in SSH
lineinfile:
path: "/etc/ssh/sshd_config"
regexp: '^()PubkeyAuthentication()$'
line: 'PubkeyAuthentication yes'
register: publickeyauthentication
- name: Restart SSH
service:
name: ssh
state: restarted
when: passwordauthentication.changed or publickeyauthentication.changed
- name: Set up VPN
hosts: vpn
become: true
roles:
- githubixx.ansible_role_wireguard
# - name: Install wings
# hosts: moirai_wings
# remote_user: ubuntu
# # Don't forget to create a new disk if creating new wings. This is
# # purposefully manual to give more fine-grained control
# vars:
# pv_disks:
# - /dev/sda
# vg_name: vg1
# lv_name: pvs
# lv_size: +100%FREE
# fs_type: ext4
# mount_path: /var/lib/pterodactyl
# extra_docker_daemon_options: |
# "dns": ["10.0.123.123"],
# roles:
# - dns-client
# - lvm
# - docker
# - wings
Reference in New Issue View Git Blame Copy Permalink