Initial commit

ansible.cfg

@@ -0,0 +1,152 @@
+# config file for ansible -- http://ansible.com/
+# ==============================================
+
+# nearly all parameters can be overridden in ansible-playbook 
+# or with command line flags. ansible will read ANSIBLE_CONFIG,
+# ansible.cfg in the current working directory, .ansible.cfg in
+# the home directory or /etc/ansible/ansible.cfg, whichever it
+# finds first
+
+[defaults]
+
+# some basic default values...
+
+hostfile       = /etc/ansible/hosts
+library        = /usr/share/ansible
+remote_tmp     = $HOME/.ansible/tmp
+pattern        = *
+forks          = 5
+poll_interval  = 15
+sudo_user      = root
+#ask_sudo_pass = True
+#ask_pass      = True
+transport      = smart
+remote_port    = 22
+
+# additional paths to search for roles in, colon seperated
+#roles_path    = /etc/ansible/roles
+
+# uncomment this to disable SSH key host checking
+#host_key_checking = False
+
+# change this for alternative sudo implementations
+sudo_exe = sudo
+
+# what flags to pass to sudo
+#sudo_flags = -H
+
+# SSH timeout
+timeout = 10
+
+# default user to use for playbooks if user is not specified
+# (/usr/bin/ansible will use current user as default)
+#remote_user = root
+
+# logging is off by default unless this path is defined
+# if so defined, consider logrotate
+#log_path = /var/log/ansible.log
+
+# default module name for /usr/bin/ansible
+#module_name = command
+
+# use this shell for commands executed under sudo
+# you may need to change this to bin/bash in rare instances
+# if sudo is constrained
+#executable = /bin/sh
+
+# if inventory variables overlap, does the higher precedence one win
+# or are hash values merged together?  The default is 'replace' but
+# this can also be set to 'merge'.
+#hash_behaviour = replace
+
+# How to handle variable replacement - as of 1.2, Jinja2 variable syntax is
+# preferred, but we still support the old $variable replacement too.
+# Turn off ${old_style} variables here if you like.
+#legacy_playbook_variables = yes
+
+# list any Jinja2 extensions to enable here:
+#jinja2_extensions = jinja2.ext.do,jinja2.ext.i18n
+
+# if set, always use this private key file for authentication, same as 
+# if passing --private-key to ansible or ansible-playbook
+#private_key_file = /path/to/file
+
+# format of string {{ ansible_managed }} available within Jinja2 
+# templates indicates to users editing templates files will be replaced.
+# replacing {file}, {host} and {uid} and strftime codes with proper values.
+ansible_managed = Ansible managed: {file} modified on %Y-%m-%d %H:%M:%S by {uid} on {host}
+
+# by default, ansible-playbook will display "Skipping [host]" if it determines a task
+# should not be run on a host.  Set this to "False" if you don't want to see these "Skipping" 
+# messages. NOTE: the task header will still be shown regardless of whether or not the 
+# task is skipped.
+#display_skipped_hosts = True
+
+# by default (as of 1.3), Ansible will raise errors when attempting to dereference 
+# Jinja2 variables that are not set in templates or action lines. Uncomment this line
+# to revert the behavior to pre-1.3.
+#error_on_undefined_vars = False
+
+# set plugin path directories here, seperate with colons
+action_plugins     = /usr/share/ansible_plugins/action_plugins
+callback_plugins   = /usr/share/ansible_plugins/callback_plugins
+connection_plugins = /usr/share/ansible_plugins/connection_plugins
+lookup_plugins     = /usr/share/ansible_plugins/lookup_plugins
+vars_plugins       = /usr/share/ansible_plugins/vars_plugins
+filter_plugins     = /usr/share/ansible_plugins/filter_plugins
+
+# don't like cows?  that's unfortunate.
+# set to 1 if you don't want cowsay support or export ANSIBLE_NOCOWS=1 
+#nocows = 1
+
+# don't like colors either?
+# set to 1 if you don't want colors, or export ANSIBLE_NOCOLOR=1
+#nocolor = 1
+
+[paramiko_connection]
+
+# uncomment this line to cause the paramiko connection plugin to not record new host
+# keys encountered.  Increases performance on new host additions.  Setting works independently of the
+# host key checking setting above.
+#record_host_keys=False
+
+# by default, Ansible requests a pseudo-terminal for commands executed under sudo. Uncomment this
+# line to disable this behaviour.
+#pty=False
+
+[ssh_connection]
+
+# ssh arguments to use
+# Leaving off ControlPersist will result in poor performance, so use 
+# paramiko on older platforms rather than removing it
+#ssh_args = -o ControlMaster=auto -o ControlPersist=60s
+
+# The path to use for the ControlPath sockets. This defaults to
+# "%(directory)s/ansible-ssh-%%h-%%p-%%r", however on some systems with
+# very long hostnames or very long path names (caused by long user names or 
+# deeply nested home directories) this can exceed the character limit on
+# file socket names (108 characters for most platforms). In that case, you 
+# may wish to shorten the string below.
+# 
+# Example: 
+# control_path = %(directory)s/%%h-%%r
+#control_path = %(directory)s/ansible-ssh-%%h-%%p-%%r
+
+# Enabling pipelining reduces the number of SSH operations required to 
+# execute a module on the remote server. This can result in a significant 
+# performance improvement when enabled, however when using "sudo:" you must 
+# first disable 'requiretty' in /etc/sudoers
+#
+# By default, this option is disabled to preserve compatibility with
+# sudoers configurations that have requiretty (the default on many distros).
+# 
+#pipelining = False
+
+# if True, make ansible use scp if the connection type is ssh 
+# (default is sftp)
+#scp_if_ssh = True
+
+[accelerate]
+accelerate_port = 5099
+accelerate_timeout = 30
+accelerate_connect_timeout = 5.0

data/config/chris-vimrc

@@ -0,0 +1,17 @@
+syntax on
+
+set background=dark
+
+if has("autocmd")
+  au BufReadPost * if line("'\"") > 0 && line("'\"") <= line("$")
+    \| exe "normal g'\"" | endif
+endif
+
+set showmatch
+set ignorecase
+set incsearch
+
+highlight ExtraWhitespace ctermbg=red guibg=red
+match ExtraWhitespace /\s\+$/
+
+au BufNewFile,BufRead *.less set filetype=less

data/keys/chris/active/chromebook

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJbPRZ5oqGCxJTn/2WtU5IBXBf6KcH7e82fHOzNnmVVuWGORvhNe+dUER3FyJzwDNzlnG1ik4xcs+yZfeVLMDY2ikBqNb7vDBPASaa7faSHa8u/32WcvWQAQkGLkOh9TqTFigsl69ODA2sDdpzMY+frlJRRsnrq44CUWQNpZb2RtA1l5f7peGEItgt2sIeBk7FtvaoKAij9V6lUoqglRW17LF+PiGVANCPJl2kaS27Cm+hSFknUMKAYnWvKBOcBuVWjcKH5ikrs7w5KVhYxq8w6A1+VfZZEuUfOY2Poj02vLo/xQyPNQetKH1XNEeLavq+nENpyCNrgEkB06Z14LkB chris@chromebook

data/keys/chris/active/home-linux-desktop

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC0EjgJUjHePLdeGW5/r09qe3b3i6NdPZ+PtQXuwMoLIARa3Dg4CAmfQOZ0Dz9oh32ZTFX/oXBjSy6rmWT8xEDRA0bYtvJYaBi2B8jYRzakL8QTIPRLd+s+R0EIm0KvQMs+fHxyTrJK0Y4+mLhI/wPynGKMJx4HOsXWsnVutfy9IALnmaOyw2AKlcbFSMKWJB86EQSNMhUaWsEnYZzEhAFz727FQj4yO1BFKfwWfl6H0wVO50Yt+bz+xANIhbJSlYzZI5T4V46gxdtSlvmZcgM9JBfdFyLVgoVORqyZnUpyAvf1eP0HelN9bwzTbpA1kzuR41xmC4/r7e4fVxZEBQ5R chris@Quark

data/keys/chris/active/home-windows-desktop

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA3ahIcxEaFUdkUqa3hddgw+hAtcNFyeRbumgRwbOmRygSOFhnrvUf8i6OLVBpdayGzqO+12Apl1g/+KHHKywreuCJuJW5AFlfjX5aTekwGGxaqEyREREIVNiujfQ+Zpze9GDkYicn7CceFRP5PwotI0k8n8OIEdvwsgd93bpqcTntqQqWNGW4bYD7EH4okK3KC0nCPtnA/pUnpR3BzqhKGb9GVunbnoiIsd6twf8+Zif2Ufmx55nK+cLePnrxhARbcbnuhJq6q0aLwm6OOz8+CjLaqVny6rL6edBM0IhihoFznOtuYOxxx35tSBOZW9XNyBRT5dTRQYrD+pt0mUJi7Q== rsa-key-20130918

data/keys/chris/active/windows-laptop

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAn51mDhJedm9F/fpwGjJu5gl3WP1fRRUgIBg6Qb2EfBZUzUsfY/ak0cjKUR1H9dgnYdYHdrk7Fms/ZvUvBKsLhs+GVOpEDRSLKbeV7bQ+lyQXVTLmqlsOO6806u5dp5yId9GDZtLYPH8SThfxyocol3TVk00aWe1HuHAD6pNlkxc= Laptop

data/keys/chris/active/work-desktop

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyQZjA5sS4X/MaNNvh+03YEbYVGm9lR3pZVSQ/Z2WHGxJq7smQ/0qKiuVdLQFoC+I0Nf6UdVz7fpEkF7gWxRjoy+D7vHPMo0BRAq254i/7rw2FqX7Di5swY6n/NA6vmZiOoMhJPqy4DZgGlS6ry7Jxm0BjthixPr54xcwoJMn4Nbn+8V/6RAc03o5sUsrRsyVYpwjjvtZ0m55ZsiMzYwhuuKig5dNLb7Vdkh9Io9RQYiVUTe3uupI7MaOAZgC5w7+cokeAfAV99C376l/a733u1dWldCzODb59GYG+Lrx+UHBVrHk+nBgyAVZU1F2x45zXGsPa+Fr1F6Fa8k5+TBQV cjs@panem.lon.corp.google.com

data/keys/chris/revoked/home-linux-desktop-old

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA7SAkh+r7kOBwkQi39ouHwy+LJuT9DN3wgtd2ZbfLKhi593LPYOizAXh3wu2lxuWouUMCbwPra9In29AEHuvJjp5KsoQu4RFtqVKDEO939VJAYqEakWYsRx6M+Zg7hIrZDymwPsKpDD1exNMQUSEbQu/2A4RFUEM0L2Mo3VrqRcVw/bcY/+J6YoBVibTrnDQtUWQNSB4mi0qoRiZwFb7LH8NGMWiI2KxTDRm3J+HaOQIepSyD1NcL1s7CzdM2rt84E8jUu4NiRE70Yg00+tddAcsiw9k0ZD59D6n7frRiRyLnwVhYmtXMQP2WZEjRZaLRSNG2uhtS4N+S8bVthIC5qw== chris@odo

data/keys/chris/revoked/linux-laptop-old

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxoRSC+VKV9QEla9x+jgSwDfbVtfD/weO2g431KCnwz03vxVzTrDNZrwch5VpSAOJHRRbP6QQGxhFgwi7dqcOQEwMoGD6qbWKqBwKalxZqtCI5UUS/4tkyAgIFR1A9f+OpB5hYqgerua9LAqi/MiluWKi9xttNa/iU8WkUnr4626QnEC7YveWH49ugUfRKt/B9nkyihseoifTKX1X/BawI809J76QEv22S7YXFEByfDfAbfIXaHOP/ffZCFJdKE+fcJ4XgHppxsYcOS+c/svmtWo2KRWzZbgM4sZAEsBTz+9kFjwhB3DAmc3QcYSHYvD6kKBIl8doXLuA60Lb8Y6BEQ== chris@chris-laptop

data/keys/chris/root/home-linux-desktop

@@ -0,0 +1 @@
+../active/home-linux-desktop

data/keys/chris/root/home-windows-desktop

@@ -0,0 +1 @@
+../active/home-windows-desktop

data/keys/chris/root/work-desktop

@@ -0,0 +1 @@
+../active/work-desktop

hosts

@@ -0,0 +1,32 @@
+# This is the default ansible 'hosts' file.
+#
+# It should live in /etc/ansible/hosts
+#
+#   - Comments begin with the '#' character
+#   - Blank lines are ignored
+#   - Groups of hosts are delimited by [header] elements
+#   - You can enter hostnames or ip addresses
+#   - A hostname/ip can be a member of multiple groups
+
+[dmdirc]
+grok.dmdirc.com
+renji.org.uk
+
+[dmdirc-buildagents]
+grok.dmdirc.com
+
+[chris-owned]
+grok.dmdirc.com
+do1.chameth.com
+
+[digitalocean]
+grok.dmdirc.com
+do1.chameth.com
+
+[chris-access:children]
+dmdirc
+chris-owned
+
+[chris-root:children]
+dmdirc
+chris-owned

playbooks/chris-root.yml

@@ -0,0 +1,8 @@
+---
+# Adds SSH keys for root access
+
+- hosts: chris-root
+  user: root
+  tasks:
+
+  - include: includes/ssh-keys user=root type=root key_dir=chris

playbooks/chris-user.yml

@@ -0,0 +1,21 @@
+---
+# Ensures that an appropriate 'Chris' user is created
+
+- hosts: chris-access
+  user: root
+  tasks:
+
+  - name: create chris user
+    user: name=chris
+
+  - include: includes/ssh-keys user=chris key_dir=chris
+
+  - name: deploy vimrc
+    remote_user: chris
+    copy: dest=~/.vimrc
+          src=/etc/ansible/data/config/chris-vimrc
+
+  - include: includes/install-fish
+
+  - name: set default shell to fish
+    user: name=chris shell=/usr/bin/fish

playbooks/includes/install-fish

@@ -0,0 +1,11 @@
+---
+# Adds the fish-shell release PPA and installs fish.
+
+- name: install python-pycurl (needed to add fish PPA)
+  apt: pkg=python-pycurl
+
+- name: add fish PPA
+  apt_repository: repo='ppa:fish-shell/release-2' update_cache=yes
+
+- name: install fish
+  apt: pkg=fish

playbooks/includes/ssh-keys

@@ -0,0 +1,15 @@
+---
+# Maintains a set of SSH keys
+
+- name: add authorized keys
+  authorized_key: user={{ user }}
+                  key="{{ lookup('file', item) }}"
+  with_fileglob:
+    - /etc/ansible/data/keys/{{ key_dir }}/{{ type | default(active) }}/*
+
+- name: revoke old authorized keys
+  authorized_key: user={{ user }}
+                  key="{{ lookup('file', item) }}"
+                  state=absent
+  with_fileglob:
+    - /etc/ansible/data/keys/{{ key_dir }}/revoked/*