52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
- block:
|
|
|
|
- name: Synchronise service configuration
|
|
copy:
|
|
src: "./filesystem/common/var/lib/_hostname/home/pod-_rproxy/.config/pod-_rproxy/"
|
|
dest: "{{ service_home }}/.config/{{ service_user_name }}"
|
|
directory_mode: 0755
|
|
mode: 0644
|
|
register: rproxy_synchronise
|
|
|
|
- name: Generate Diffie Hellman ephemeral parameters
|
|
command: openssl dhparam --out /{{ service_home }}/.config/{{ service_user_name}}/dhparam.pem 4096
|
|
args:
|
|
creates: "{{ service_home }}/.config/{{ service_user_name }}/dhparam.pem"
|
|
register: dhparam
|
|
|
|
- name: Create the .ssh directory for {{ service_user_name }}
|
|
file:
|
|
path: "{{ service_home }}/.ssh"
|
|
state: directory
|
|
mode: 0700
|
|
|
|
- name: Generate SSH keypair for rsync
|
|
openssh_keypair:
|
|
path: "{{ service_home }}/.ssh/valkyrie-pod-rproxy"
|
|
type: ed25519
|
|
register: rsync_keypair
|
|
|
|
- name: Configure public key on valkyrie
|
|
delegate_to: valkyrie
|
|
become_user: pod-rproxy
|
|
authorized_key:
|
|
user: pod-rproxy
|
|
state: present
|
|
key: "{{ rsync_keypair.public_key }}"
|
|
key_options: command="rsync --server --sender -avz . /var/lib/valkyrie/data/pod-rproxy/etc-letsencrypt/",from="{{ vpn_wg0_address}}",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-x11-forwarding
|
|
|
|
- name: Enable rsync-certificates timer
|
|
systemd:
|
|
name: rsync-certificates.timer
|
|
enabled: yes
|
|
scope: user
|
|
|
|
- name: Record changes
|
|
set_fact:
|
|
service_changed: true
|
|
when:
|
|
rproxy_synchronise is changed or
|
|
dhparam is changed
|
|
|
|
become_user: "{{ service_user_name }}"
|