kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-12-07 18:05:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
eca7ffea3613c6b012f4194fdaf1a6dc1b630b0f
computer-playbook/roles/user-root
History
Kevin Veen-Birkenbach 716ebef33b Refactor task includes and update variable handling for Ansible 2.20 migration 
This commit updates multiple roles to ensure compatibility with Ansible 2.20.
Several include paths and task-loading mechanisms required adjustments,
as Ansible 2.20 applies stricter evaluation rules for complex Jinja expressions
and no longer resolves certain relative include paths the way Ansible 2.18 did.

Key changes:
- Replaced legacy once_finalize.yml and once_flag.yml with the new structure
  under tasks/utils/once/finalize.yml and tasks/utils/once/flag.yml.
- Updated all include_tasks statements to use 'path_join' with playbook_dir,
  ensuring deterministic and absolute file resolution across roles.
- Fixed all network helper includes by converting direct relative paths such as
  'roles/docker-compose/tasks/utils/network.yml' to proper Jinja-evaluated paths.
- Normalized MATOMO_* variable names for consistency with the updated variable
  scope behavior in Ansible 2.20.
- Removed deprecated patterns that were implicitly supported in Ansible 2.18
  but break under the more strict variable and path resolution model in 2.20.

These changes are part of the full migration step required to ensure the
infinito-nexus roles remain stable, deterministic, and forward-compatible with
Ansible 2.20.

Details of the discussion and reasoning can be found in this conversation:
https://chatgpt.com/share/69300a8d-24d4-800f-bec0-e895a695618a
2025-12-03 11:02:34 +01:00
..
meta
Replaced .infinito.service and .infinito.timer by SOFTWARE_NAME suffix, optimized LICENSE link and update OIDC Realm and ID conf
2025-08-14 14:39:18 +02:00
tasks
Refactor task includes and update variable handling for Ansible 2.20 migration
2025-12-03 11:02:34 +01:00
README.md
Optimized mds
2025-03-17 05:10:43 +01:00

README.md

Root User

Description

This role manages the generation and handling of an SSH key for the root user on a target system. It ensures that an SSH key is generated if one does not already exist and outputs the public key, enabling secure SSH access for the root user in automated environments.

Overview

Optimized for secure system administration, this role performs the following tasks:

  • Verifies the existence of a root SSH public key.
  • Generates a new RSA 4096-bit SSH key pair for the root user if one is missing.
  • Displays and outputs the generated public SSH key.
  • Ensures that the key generation and display tasks run only once to maintain idempotency.
  • Facilitates secure remote access using best practices for SSH.

Purpose

The primary purpose of this role is to enhance the security of the system by ensuring that a valid SSH key is available for the root user. By automating the generation and output of the public key, it reduces manual intervention and helps maintain a secure configuration for administrative access.

Features

  • SSH Key Verification: Checks whether a root SSH public key exists.
  • SSH Key Generation: Generates a new RSA 4096-bit SSH key pair for the root user if needed.
  • Public Key Output: Displays and outputs the generated public SSH key.
  • Idempotency: Ensures that key generation and output tasks execute only once.
  • Secure Remote Access: Facilitates secure remote access by providing a verified public key for use with SSH.
Reference in New Issue View Git Blame Copy Permalink