Add initial version of the bank-terminal role

2020-05-24 17:48:47 +02:00 · 2020-05-24 17:48:47 +02:00 · 11270d1584
commit 11270d1584
7 changed files with 65 additions and 0 deletions
--- a/bar.yaml
+++ b/bar.yaml
@ -0,0 +1,4 @@
+---
+- hosts: bar
+  roles:
+    - bank-terminal
--- a/group_vars/all.yaml
+++ b/group_vars/all.yaml
@ -0,0 +1,2 @@
+ansible_user: root
+ansible_python_interpreter: auto_silent
--- a/roles/bank-terminal/defaults/main.yaml
+++ b/roles/bank-terminal/defaults/main.yaml
@ -0,0 +1 @@
+bank_terminal_user: bank-terminal
--- a/roles/bank-terminal/handlers/main.yaml
+++ b/roles/bank-terminal/handlers/main.yaml
@ -0,0 +1,4 @@
+---
+- name: daemon_reload
+  systemd:
+    daemon_reload: yes
--- a/roles/bank-terminal/tasks/main.yaml
+++ b/roles/bank-terminal/tasks/main.yaml
@ -0,0 +1,44 @@
+---
+- name: Client
+  tags: bank_terminal_client
+  block:
+    - name: Add user
+      user:
+        name: bank-terminal
+        home: /home/{{ bank_terminal_user }}
+        shell: /home/{{ bank_terminal_user }}/login
+        generate_ssh_key: yes
+        ssh_key_type: ed25519
+
+    - name: Locate agetty
+      command: which agetty
+      register: agetty_location_cmd
+
+    - name: Set agetty var
+      set_fact: agetty_location="{{ agetty_location_cmd.stdout_lines | join }}"
+
+    - name: Install login script
+      template:
+        src: login
+        dest: /home/{{ bank_terminal_user }}/login
+        owner: bank-terminal
+        group: bank-terminal
+        mode: 0755
+
+    - name: Autologin User
+      template:
+        src: tty_autologin.conf
+        dest: /etc/systemd/system/getty@tty1.service.d/override.conf
+        owner: root
+        group: root
+        mode: 0644
+      notify: daemon_reload
+
+    - name: Read pubkey
+      command: /bin/cat /home/{{ bank_terminal_user }}/.ssh/id_ed25519.pub
+      register: pubkey
+
+    - debug:
+        msg:
+          - Please ensure that the pubkey below is is authorized on the bank server.
+          - "{{ pubkey.stdout_lines | join }}"
--- a/roles/bank-terminal/templates/login
+++ b/roles/bank-terminal/templates/login
@ -0,0 +1,5 @@
+#!/bin/sh
+
+# Managed by Ansible
+
+TERM=xterm-256color ssh bank@bank.bitlair.nl
--- a/roles/bank-terminal/templates/tty_autologin.conf
+++ b/roles/bank-terminal/templates/tty_autologin.conf
@ -0,0 +1,5 @@
+# Managed by Ansible
+
+[Service]
+ExecStart=
+ExecStart=-{{ agetty_location }} --autologin {{ bank_terminal_user }} --noclear %I $TERM