Jose/ansible_samba_tasks
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

refactor ♻️: Refactoring the tasks directory to improve code organization and readability.

Browse Source 
The tasks directory has been refactored to separate different roles into their own directories, making it easier to manage and understand the project structure. This change adheres to the guidelines for maintaining clean and organized codebases.
This commit is contained in:
Jose
2025-10-09 21:12:04 +02:00
parent 46f5852d0c
commit 181f2f9a1b
7 changed files with 7 additions and 270 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
tasks/get_anible_ssh_pub_key.yml
View File

@@ -1,80 +0,0 @@
- name: Read and display local SSH public key with user and host info
hosts: localhost
connection: local
gather_facts: true # Required to access ansible_user and ansible_hostname
vars:
ssh_key_type: "rsa"
public_key_path: "{{ lookup('env', 'HOME') + '/.ssh/id_' + ssh_key_type + '.pub' }}"
tasks:
- name: Check if SSH public key file exists
ansible.builtin.stat:
path: "{{ public_key_path }}"
register: ssh_key_file
tags: [check]
- name: Fail if SSH public key is missing
ansible.builtin.fail:
msg: "Public SSH key not found at {{ public_key_path }}."
when: not ssh_key_file.stat.exists
tags: [fail]
- name: Read SSH public key content
ansible.builtin.slurp:
src: "{{ public_key_path }}"
register: local_public_key
when: ssh_key_file.stat.exists
tags: [read]
- name: Get current user's UID
ansible.builtin.command: id -u
register: user_uid
changed_when: false
tags: [info]
- name: Get current user's GID
ansible.builtin.command: id -g
register: user_gid
changed_when: false
tags: [info]
- name: Get Docker host (default gateway) IP
ansible.builtin.shell: "ip route | awk '/default/ {print $3}'"
register: docker_host_ip
changed_when: false
tags: [host_ip]
- name: Try resolving host.docker.internal
command: getent hosts host.docker.internal
register: docker_dns_host
failed_when: false
changed_when: false
tags: [host_ip]
- name: Display SSH key with user and host information
ansible.builtin.debug:
msg: |
SSH Public Key Info
---------------------
User : {{ ansible_user }}
User : {{ ansible_facts['user_id'] }}
UID : {{ user_uid.stdout }}
GID : {{ user_gid.stdout }}
Host : {{ ansible_hostname }}
IP Addr : {{ ansible_default_ipv4.address }}
IPs : {{ ansible_all_ipv4_addresses }}
Host : {{ ansible_facts['hostname'] }}
Docker Host IP: {{ docker_host_ip.stdout }}
Host.docker.internal resolves to: {{ docker_dns_host.stdout }}
Path : {{ public_key_path }}
Key:
{{ local_public_key.content | b64decode }}
tags: [show]
- name: Set decoded SSH public key as fact
set_fact:
decoded_ssh_key: "{{ local_public_key.content | b64decode }}"
tags: [read, set_fact]

65
tasks/get_ssh_key.sh
View File

@@ -1,65 +0,0 @@
#!/bin/bash
echo "[DEBUG] Script started"
echo "Running as $(whoami)"
echo
# Force use of specific home directory
USER_HOME="/home/semaphore"
# Get current user home directory
# USER_HOME=$(eval echo ~${SUDO_USER:-$USER})
# Define default public key locations
KEY_FILES=(
"$USER_HOME/.ssh/id_rsa.pub"
"$USER_HOME/.ssh/id_ecdsa.pub"
"$USER_HOME/.ssh/id_ed25519.pub"
)
# Loop through each key file to find the first one that exists
for key_file in "${KEY_FILES[@]}"; do
if [ -f "$key_file" ]; then
if [ -r "$key_file" ]; then
echo "✅ Public SSH key found at: $key_file"
echo
cat "$key_file"
exit 0
else
echo "⚠️ Found public key at $key_file, but it's not readable (permission issue)"
fi
fi
done
# If no public key was found, check for private key to regenerate the pub key
PRIVATE_KEY="$USER_HOME/.ssh/id_rsa"
if [ -f "$PRIVATE_KEY" ] && [ ! -f "${PRIVATE_KEY}.pub" ]; then
echo "Public key missing, but private key found. Regenerating .pub file..."
ssh-keygen -y -f "$PRIVATE_KEY" > "${PRIVATE_KEY}.pub"
if [ $? -eq 0 ]; then
echo "Public key regenerated at: ${PRIVATE_KEY}.pub"
echo
cat "${PRIVATE_KEY}.pub"
exit 0
else
echo "Failed to regenerate public key from private key." >&2
exit 1
fi
fi
# If no keys at all, generate new one
echo "No SSH key found. Generating a new SSH key at: $PRIVATE_KEY"
mkdir -p "$USER_HOME/.ssh"
chmod 700 "$USER_HOME/.ssh"
ssh-keygen -t rsa -b 4096 -C "admin@localhost" -f "$PRIVATE_KEY" -N ""
# Output the new key
if [ -f "${PRIVATE_KEY}.pub" ]; then
echo
echo "New SSH key generated at: ${PRIVATE_KEY}.pub"
cat "${PRIVATE_KEY}.pub"
exit 0
else
echo "Failed to generate SSH key." >&2
exit 1
fi

6
tasks/hostname.yml Normal file
View File

@@ -0,0 +1,6 @@
- hosts: localhost
gather_facts: yes
tasks:
- name: Show the local hostname
ansible.builtin.debug:
msg: "The hostname of this machine is {{ ansible_hostname }}"

79
tasks/rapbian_desktop_prov.yml
View File

@@ -1,79 +0,0 @@
---
- name: Install LDAP client and Bitwarden Extension on Raspbian Desktop
hosts: pi5
become: true
become_user: root
gather_facts: true
vars:
# System detection
is_raspbian_desktop: false
pre_tasks:
- name: Check if Raspbian Desktop (GUI) is installed
ansible.builtin.shell: dpkg -l | grep raspberrypi-ui-mods
register: raspbian_desktop_check
changed_when: false
failed_when: false
tags: [system_check]
- name: Check if Chromium is installed
ansible.builtin.shell: which chromium-browser || which chromium
register: chromium_check
changed_when: false
failed_when: false
tags: [system_check]
- name: Set fact if host is Raspbian Desktop
ansible.builtin.set_fact:
is_raspbian_desktop: true
when:
- ansible_distribution | lower in ['raspbian', 'debian']
- raspbian_desktop_check.rc == 0
- chromium_check.rc == 0
tags: [system_check]
- name: Verify LDAP password is set
assert:
that: ldap_bind_pw is defined
fail_msg: "ldap_bind_pw must be defined in vault file"
success_msg: "LDAP password verification successful"
when: is_raspbian_desktop
tags: [always]
roles:
- role: bitwarden_chromium
when: is_raspbian_desktop
tags: [bitwarden]
- role: ldap-client
vars:
enable_auth: true
vault_ldap_password: "{{ ldap_bind_pw }}"
nss_services:
- passwd
- group
- shadow
when: is_raspbian_desktop
tags: [ldap]
# post_tasks:
# - name: Verify LDAP authentication
# block:
# - name: Test LDAP user lookup
# ansible.builtin.command: id "{{ test_ldap_user | default('testuser') }}"
# register: ldap_test
# changed_when: false
# failed_when: false
# - name: Show LDAP test results
# debug:
# msg: "LDAP user lookup {{ 'successful' if ldap_test.rc == 0 else 'failed' }}"
# when:
# - is_raspbian_desktop
# - enable_auth | default(true)
# tags: [test, ldap]
# TODO
# - install pavucontrol

23
tasks/test_remote.yml
View File

@@ -1,23 +0,0 @@
- name: Gather and print relevant system facts
hosts: all
gather_facts: false # disable default full fact gathering
tasks:
- name: Gather only selected facts
ansible.builtin.setup:
filter:
- ansible_hostname
- ansible_distribution
- ansible_distribution_version
- ansible_kernel
- ansible_architecture
- ansible_default_ipv4
- name: Show relevant facts
ansible.builtin.debug:
msg:
- "Hostname: {{ ansible_facts['hostname'] }}"
- "OS: {{ ansible_facts['distribution'] }} {{ ansible_facts['distribution_version'] }}"
- "Kernel: {{ ansible_facts['kernel'] }}"
- "Architecture: {{ ansible_facts['architecture'] }}"
- "IP Address: {{ ansible_facts['default_ipv4']['address'] }}"

22
tasks/update_roles.sh
View File

@@ -1,22 +0,0 @@
#!/bin/bash
# Exit on any error
set -euo pipefail
# Define project root (one level up from tasks/)
PROJECT_ROOT="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
REQUIREMENTS_FILE="$PROJECT_ROOT/requirements.yml"
ROLES_DIR="$PROJECT_ROOT/roles"
# ANSIBLE_CFG="$PROJECT_ROOT/ansible.cfg"
echo "🔧 [INFO] Running deployment from: $PROJECT_ROOT"
echo "📦 [INFO] Installing roles from: $REQUIREMENTS_FILE"
# Step 1: Install roles
ansible-galaxy install -r "$REQUIREMENTS_FILE" -p "$ROLES_DIR"
# # Step 2: Run playbook
# echo "🚀 [INFO] Running playbook: $PLAYBOOK_FILE"
# ANSIBLE_CONFIG="$ANSIBLE_CFG" ansible-playbook "$PLAYBOOK_FILE" -i "$INVENTORY_DIR"
echo "✅ [SUCCESS] Roles updated successfully from requirements."