ansible-edda/playbooks/tasks/services/service/03-pod.d/lrproxy.yml

51 lines
1.7 KiB
YAML
Raw Normal View History

- block:
- name: Create service configuration directory for {{ service_user_name }}
file:
path: "{{ service_home }}/.config/{{ service_user_name }}"
state: directory
mode: 0755
- name: Synchronise service configuration
copy:
src: "./filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/"
dest: "{{ service_home }}/.config/{{ service_user_name }}"
directory_mode: 0755
mode: 0644
register: rproxy_synchronise
- name: Generate Diffie Hellman ephemeral parameters
command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096
args:
creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem"
register: dhparam
- name: Create the .ssh directory for {{ service_user_name }}
file:
path: "{{ service_home }}/.ssh"
state: directory
mode: 0700
- name: Generate SSH keypair for rsync
openssh_keypair:
path: "{{ service_home }}/.ssh/valkyrie-pod-rproxy"
type: ed25519
register: rsync_keypair
- name: Configure public key on valkyrie
delegate_to: valkyrie
become_user: pod-rproxy
authorized_key:
user: pod-rproxy
state: present
key: "{{ rsync_keypair.public_key }}"
key_options: command="rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc_letsencrypt/_data/",from="{{ vpn_wg0_address}}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding
- name: Record changes
set_fact:
service_changed: true
when:
rproxy_synchronise is changed or
dhparam is changed
become_user: "{{ service_user_name }}"