Create additional SSH-keypair;Configure gitea
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
parent
1746af9b9d
commit
261e91ee2e
@ -13,7 +13,7 @@
|
||||
INSTALL_K3S_EXEC: 'server --cluster-init --disable local-storage'
|
||||
when: ansible_facts.services['k3s.service'] is undefined
|
||||
|
||||
- name: Configure Traefik dashboard ingress
|
||||
- name: Configure traefik dashboard ingress
|
||||
ansible.builtin.template:
|
||||
src: ingressroute.j2
|
||||
dest: /var/lib/rancher/k3s/server/manifests/{{ _template.name }}-manifest.yaml
|
||||
@ -201,16 +201,33 @@
|
||||
|
||||
- name: Retrieve existing gitea configuration
|
||||
ansible.builtin.uri:
|
||||
# url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
|
||||
# url: "{{ item }}"
|
||||
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/repos/search
|
||||
method: GET
|
||||
register: gitea_existing_config
|
||||
# loop:
|
||||
# # - https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
|
||||
# - https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/repos/search
|
||||
# - https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/user/keys
|
||||
|
||||
- debug:
|
||||
var: gitea_existing_config
|
||||
|
||||
- block:
|
||||
|
||||
- name: Register SSH public key
|
||||
ansible.builtin.uri:
|
||||
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/user/keys
|
||||
method: POST
|
||||
headers:
|
||||
Authorization: token {{ gitea_api_token.json.sha1 }}
|
||||
body:
|
||||
key: "{{ gitops_sshkey.public_key }}"
|
||||
read_only: false
|
||||
title: GitOps
|
||||
# Initial testing
|
||||
ignore_errors: yes
|
||||
|
||||
- name: Create organization(s)
|
||||
ansible.builtin.uri:
|
||||
url: https://git.{{ vapp['metacluster.fqdn'] }}/api/v1/orgs
|
||||
|
@ -5,10 +5,12 @@
|
||||
generate_ssh_key: yes
|
||||
ssh_key_bits: 2048
|
||||
ssh_key_file: .ssh/id_rsa
|
||||
|
||||
- name: Save root SSH publickey
|
||||
ansible.builtin.lineinfile:
|
||||
path: /root/.ssh/authorized_keys
|
||||
line: "{{ vapp['guestinfo.rootsshkey'] }}"
|
||||
|
||||
- name: Disable SSH password authentication
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
@ -16,8 +18,18 @@
|
||||
line: "{{ item.line }}"
|
||||
state: "{{ item.state }}"
|
||||
loop:
|
||||
- { regex: '^#PasswordAuthentication', line: 'PasswordAuthentication no', state: present}
|
||||
- { regex: '^PasswordAuthentication yes', line: 'PasswordAuthentication yes', state: absent}
|
||||
- regex: '^#PasswordAuthentication'
|
||||
line: 'PasswordAuthentication no'
|
||||
state: present
|
||||
- regex: '^PasswordAuthentication yes'
|
||||
line: 'PasswordAuthentication yes'
|
||||
state: absent
|
||||
|
||||
- name: Create dedicated SSH keypair
|
||||
community.crypto.openssh_keypair:
|
||||
path: /root/.ssh/git_rsa_id
|
||||
register: gitops_sshkey
|
||||
|
||||
- name: Delete 'ubuntu' user
|
||||
ansible.builtin.user:
|
||||
name: ubuntu
|
||||
|
@ -122,6 +122,7 @@ dependencies:
|
||||
ansible_galaxy_collections:
|
||||
- ansible.posix
|
||||
- ansible.utils
|
||||
- community.crypto
|
||||
- community.general
|
||||
- kubernetes.core
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user