kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-02 07:38:22 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
computer-playbook/roles/user-root
History
Kevin Veen-Birkenbach e09f561f0b Refactor run-once orchestration and bootstrap Mailu/Mastodon in a single deploy 
- Replace legacy utils/run_once.yml with the new helpers utils/once_flag.yml and utils/once_finalize.yml
- Introduce utils/compose_up.yml to ensure docker-compose stacks are up and to flush handlers safely without coupling to run-once flags
- Migrate all affected roles (desk-*, dev-*, sys-ctl-*, sys-svc-*, web-app-*, web-svc-*, util-*) to the new run-once helpers
- Rework sys-svc-msmtp to auto-load Mailu once per deploy, check reachability, and reuse the running stack instead of requiring multiple playbook passes
- Adjust web-app-mailu to integrate cert deployment, handler flushing, and run-once handling so Mailu is fully initialized in a single deploy
- Improve Matomo, CDN, logout and CSP/health-check related roles to cooperate with the new compose_up / once_* pattern
- Simplify alarm/backup/timer/service orchestration (sys-ctl-alm-*, sys-bkp-provider, sys-timer-cln-bkps, etc.) by moving run-once logic into dedicated 01_core.yml files
- Update integration tests so utils/once_flag.yml and utils/once_finalize.yml are recognised as valid run-once providers, keeping the global run_once_* guarantees consistent
- Align frontend injection and service dependencies so Mastodon- and Mailu-related services can be brought up coherently within a single deployment cycle rather than several iterations
2025-12-01 13:30:50 +01:00
..
meta
tasks
README.md

README.md

Root User

Description

This role manages the generation and handling of an SSH key for the root user on a target system. It ensures that an SSH key is generated if one does not already exist and outputs the public key, enabling secure SSH access for the root user in automated environments.

Overview

Optimized for secure system administration, this role performs the following tasks:

  • Verifies the existence of a root SSH public key.
  • Generates a new RSA 4096-bit SSH key pair for the root user if one is missing.
  • Displays and outputs the generated public SSH key.
  • Ensures that the key generation and display tasks run only once to maintain idempotency.
  • Facilitates secure remote access using best practices for SSH.

Purpose

The primary purpose of this role is to enhance the security of the system by ensuring that a valid SSH key is available for the root user. By automating the generation and output of the public key, it reduces manual intervention and helps maintain a secure configuration for administrative access.

Features

  • SSH Key Verification: Checks whether a root SSH public key exists.
  • SSH Key Generation: Generates a new RSA 4096-bit SSH key pair for the root user if needed.
  • Public Key Output: Displays and outputs the generated public SSH key.
  • Idempotency: Ensures that key generation and output tasks execute only once.
  • Secure Remote Access: Facilitates secure remote access by providing a verified public key for use with SSH.
Reference in New Issue View Git Blame Copy Permalink