add init role to every playbook

to be able to configure users separatly
2025-06-29 11:38:45 +03:00 · 2025-06-29 11:38:45 +03:00 · 4f0fe0113f
commit 4f0fe0113f
parent bed64e1256
8 changed files with 94 additions and 4 deletions
--- a/ansible/10_monitoring.yml
+++ b/ansible/10_monitoring.yml
@ -10,6 +10,7 @@
        cache_valid_time: 86400

  roles:
+    - role: roles/init
    - role: roles/fluent_bit
    - role: roles/grafana_loki
    - role: roles/prometheus_server
--- a/ansible/15_postgresql.yml
+++ b/ansible/15_postgresql.yml
@ -10,6 +10,7 @@
        cache_valid_time: 86400

  roles:
+    - role: roles/init
    - role: roles/fluent_bit
    - role: roles/prometheus_node_exporter
    - role: roles/postgresql
--- a/ansible/21_searxng.yml
+++ b/ansible/21_searxng.yml
@ -10,6 +10,7 @@
        cache_valid_time: 86400

  roles:
+    - role: roles/init
    - role: roles/fluent_bit
    - role: roles/prometheus_node_exporter
    - role: roles/searxng
--- a/ansible/30_load_balancer.yml
+++ b/ansible/30_load_balancer.yml
@ -13,6 +13,7 @@
        name: roles/nginx

  roles:
+    - role: roles/init
    - role: roles/fluent_bit
    - role: roles/prometheus_node_exporter
    - role: roles/prometheus_nginx_exporter
--- a/ansible/inventories/dev/group_vars/load_balancers.yml
+++ b/ansible/inventories/dev/group_vars/load_balancers.yml
@ -1,5 +1,27 @@
 ---

+users:
+  - name: admin
+    password_hash: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      30623138653735643561343061356531373430393662383764633038383238383837626636393432
+      3138653539356430306266663864343563616332656131310a343632323363653665646363366437
+      66643430626437333461656231303339656435346261336238313036306431396333643965666631
+      3665393163623266320a373838313538626438623330393533353931336331623464613664633430
+      32303734396634376431383936643431313561303864343930393363623130663236666636353637
+      63613237383666656263316661333031643032323266636464313839653065316138343035346161
+      64313037336666353136383462333832373031623637636630326330313832333265386632343139
+      30306638356434376635346637346134653064613236326333656566383137353166393063333563
+      32623638343263313463313062303465626439356461613235656661623364656138
+    ssh_public_keys: 
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
+    opendoas_settings: "permit persist admin as root"
+  - name: ansible
+    password_hash: ""
+    ssh_public_keys:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
+    opendoas_settings: "permit nopass ansible"
+
 nginx_settings:
  server_tokens: false
  gzip: true
--- a/ansible/inventories/dev/group_vars/monitoring.yml
+++ b/ansible/inventories/dev/group_vars/monitoring.yml
@ -1,5 +1,27 @@
 ---

+users:
+  - name: admin
+    password_hash: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      30623138653735643561343061356531373430393662383764633038383238383837626636393432
+      3138653539356430306266663864343563616332656131310a343632323363653665646363366437
+      66643430626437333461656231303339656435346261336238313036306431396333643965666631
+      3665393163623266320a373838313538626438623330393533353931336331623464613664633430
+      32303734396634376431383936643431313561303864343930393363623130663236666636353637
+      63613237383666656263316661333031643032323266636464313839653065316138343035346161
+      64313037336666353136383462333832373031623637636630326330313832333265386632343139
+      30306638356434376635346637346134653064613236326333656566383137353166393063333563
+      32623638343263313463313062303465626439356461613235656661623364656138
+    ssh_public_keys: 
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
+    opendoas_settings: "permit persist admin as root"
+  - name: ansible
+    password_hash: ""
+    ssh_public_keys:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
+    opendoas_settings: "permit nopass ansible"
+
 prometheus_options:
  global:

--- a/ansible/inventories/dev/group_vars/postgresql.yml
+++ b/ansible/inventories/dev/group_vars/postgresql.yml
@ -1,5 +1,28 @@
 ---

+users:
+  - name: admin
+    password_hash: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      30623138653735643561343061356531373430393662383764633038383238383837626636393432
+      3138653539356430306266663864343563616332656131310a343632323363653665646363366437
+      66643430626437333461656231303339656435346261336238313036306431396333643965666631
+      3665393163623266320a373838313538626438623330393533353931336331623464613664633430
+      32303734396634376431383936643431313561303864343930393363623130663236666636353637
+      63613237383666656263316661333031643032323266636464313839653065316138343035346161
+      64313037336666353136383462333832373031623637636630326330313832333265386632343139
+      30306638356434376635346637346134653064613236326333656566383137353166393063333563
+      32623638343263313463313062303465626439356461613235656661623364656138
+    ssh_public_keys: 
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
+    opendoas_settings: "permit persist admin as root"
+  - name: ansible
+    password_hash: ""
+    ssh_public_keys:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
+    opendoas_settings: "permit nopass ansible"
+
+
 postgresql_global_config_options:
  - option: unix_socket_directories
    value: '{{ postgresql_unix_socket_directories | join(",") }}'
@ -14,12 +37,10 @@ postgresql_hba_entries:
  - {type: local, database: all, user: postgres, auth_method: peer}
  - {type: host, database: all, user: all, address: '127.0.0.1/32', auth_method: "{{ postgresql_auth_method }}"}
  - {type: host, database: forgejo_db, user: forgejo, address: '192.168.0.20/32', auth_method: "{{ postgresql_auth_method }}"}
-  - {type: host, database: test_db, user: test, address: '0.0.0.0/0', auth_method: "{{ postgresql_auth_method }}"}

 postgresql_databases:
  - name: forgejo_db
    owner: forgejo
-    # state: absent

 postgresql_users:
  - name: forgejo
@ -37,14 +58,12 @@ postgresql_users:
      63303735393638336137666234383363383764313533323031303533343562336230613434316432
      383632343762373735633664313431613064
    encrypted: true
-    # state: absent

 postgresql_privs:
  - db: forgejo_db
    roles: forgejo
    privs: ALL
    type: database
-    # state: absent

 postgres_users_no_log: false

--- a/ansible/inventories/dev/group_vars/searxng.yml
+++ b/ansible/inventories/dev/group_vars/searxng.yml
@ -1,5 +1,28 @@
 ---

+users:
+  - name: admin
+    password_hash: !vault |
+      $ANSIBLE_VAULT;1.1;AES256
+      30623138653735643561343061356531373430393662383764633038383238383837626636393432
+      3138653539356430306266663864343563616332656131310a343632323363653665646363366437
+      66643430626437333461656231303339656435346261336238313036306431396333643965666631
+      3665393163623266320a373838313538626438623330393533353931336331623464613664633430
+      32303734396634376431383936643431313561303864343930393363623130663236666636353637
+      63613237383666656263316661333031643032323266636464313839653065316138343035346161
+      64313037336666353136383462333832373031623637636630326330313832333265386632343139
+      30306638356434376635346637346134653064613236326333656566383137353166393063333563
+      32623638343263313463313062303465626439356461613235656661623364656138
+    ssh_public_keys: 
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
+    opendoas_settings: "permit persist admin as root"
+  - name: ansible
+    password_hash: ""
+    ssh_public_keys:
+      - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKNzJdo6/c7uXrg0lqVwyXOhcNxO/BnylyJeqoBe4rAO5fhjwWLsvMAeCEmYa/3i8ITSvurFEou7BELo25vM58dNfGQHig52LrA/GU/jwDAhHyTXP3AvqqgIFa0ysMaHasYny6oqXi+eb2w/KimtgOhe5/oUdNBe/KgqZ+hP3qlTchxBl5MEzZIKgXTXQeYJpYYrnFb0l/R8qSkFBJv2xzxVJxEamN71SG7OIsi9m14D6hd2pNDHDDqHgKBVbN5irxDuJAzHN5upzfziXiYCOusud23tX6/nNv8t03CbB7FW0OxaCGhAjbavTFAf164L9GM7j76BGsLwWSh2HhG9G9lKs2bEI3IQudllMc6p9N6j2FhMOCKK6YYekdAOVc3ozTFc73VLkXtN8pnTC8OCSavthSt5jOUd0qTsQGH91lWlEkVe0bWi+s9nggfeWFM7HMVmqsR1jYlOXoi5s7xYwKLUdeUjRk3/rkzIFoOxquE5sVVuNDRNCaqcpPVY4k0gE= openpgp:0x8880F3E0"
+    opendoas_settings: "permit nopass ansible"
+
+
 searxng_homedir: /opt/searxng

 searxng_git_commit: e52e9bb4b699e39d9ce51874ea339d4773717389