GregoryDosh
981f336d5a
All checks were successful
Version Bump Galaxy.yml / Version Bump Galaxy.yml (push) Successful in 4s
80 lines
3.6 KiB
YAML
80 lines
3.6 KiB
YAML
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
# SPDX-FileCopyrightText: 2025 Dosh LLC
|
|
---
|
|
- name: Register absolute paths for binaries
|
|
ansible.builtin.shell: |
|
|
command -v {{ item.bin }}
|
|
ignore_errors: true
|
|
changed_when: false
|
|
register: "_BIN_ABSOLUTE_PATHS"
|
|
with_items:
|
|
- { var: STEP_BIN_ABSOLUTE_PATH, bin: "{{ STEP_BIN_NAME }}" }
|
|
- { var: CURL_BIN_ABSOLUTE_PATH, bin: "curl" }
|
|
- { var: SH_BIN_ABSOLUTE_PATH, bin: "sh" }
|
|
- { var: SSHD_BIN_ABSOLUTE_PATH, bin: "sshd" }
|
|
- { var: HEAD_BIN_ABSOLUTE_PATH, bin: "head" }
|
|
- { var: CUT_BIN_ABSOLUTE_PATH, bin: "cut" }
|
|
- { var: MKTEMP_BIN_ABSOLUTE_PATH, bin: "mktemp" }
|
|
- { var: SERVICE_BIN_ABSOLUTE_PATH, bin: "service" }
|
|
|
|
- ansible.builtin.set_fact:
|
|
STEP_BIN_ABSOLUTE_PATH: "{{ STEP_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[0].stdout) }}"
|
|
CURL_BIN_ABSOLUTE_PATH: "{{ CURL_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[1].stdout) }}"
|
|
SH_BIN_ABSOLUTE_PATH: "{{ SH_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[2].stdout) }}"
|
|
SSHD_BIN_ABSOLUTE_PATH: "{{ SSHD_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[3].stdout) }}"
|
|
HEAD_BIN_ABSOLUTE_PATH: "{{ HEAD_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[4].stdout) }}"
|
|
CUT_BIN_ABSOLUTE_PATH: "{{ CUT_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[5].stdout) }}"
|
|
MKTEMP_BIN_ABSOLUTE_PATH: "{{ MKTEMP_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[6].stdout) }}"
|
|
SERVICE_BIN_ABSOLUTE_PATH: "{{ SERVICE_BIN_ABSOLUTE_PATH | default(_BIN_ABSOLUTE_PATHS.results[7].stdout) }}"
|
|
# Note that putting this on one line and including "" will change new line behavior
|
|
# and cause diffs/changes unexpectedly later in the app. Be cautious refactoring this.
|
|
_cert_san_json: |
|
|
{{ SSL_CERT_SAN | sort | to_json(indent=4) }}
|
|
|
|
- name: Validate required variables defined.
|
|
ansible.builtin.assert:
|
|
that:
|
|
- "STEP_BIN_ABSOLUTE_PATH | length > 0"
|
|
- "CURL_BIN_ABSOLUTE_PATH | length > 0"
|
|
- "SH_BIN_ABSOLUTE_PATH | length > 0"
|
|
- "SSHD_BIN_ABSOLUTE_PATH | length > 0"
|
|
- "HEAD_BIN_ABSOLUTE_PATH | length > 0"
|
|
- "CUT_BIN_ABSOLUTE_PATH | length > 0"
|
|
- "MKTEMP_BIN_ABSOLUTE_PATH | length > 0"
|
|
- "SERVICE_BIN_ABSOLUTE_PATH | length > 0"
|
|
- "STEP_BIN_NAME | length > 0"
|
|
- "STEP_BOOTSTRAP_FINGERPRINT | length > 0"
|
|
- "STEP_BOOTSTRAP_URL | length > 0"
|
|
- "STEP_CERTS_ACME_CA_PROVISIONER | length > 0"
|
|
- "STEP_CERTS_ACME_CRT | length > 0"
|
|
- "STEP_CERTS_ACME_KEY | length > 0"
|
|
- "STEP_CERTS_BUNDLE_CRT | length > 0"
|
|
- "STEP_CERTS_PATH | length > 0"
|
|
- "STEP_CERTS_ROOT_CRT | length > 0"
|
|
- "STEP_CERTS_SSH_HOST_CERT | length > 0"
|
|
- "STEP_CERTS_SSH_PRIVATE_KEY | length > 0"
|
|
- "STEP_CERTS_SSH_PUBLIC_KEY | length > 0"
|
|
- "STEP_CERTS_SSH_ROOT | length > 0"
|
|
- "STEP_CERTS_SSH_TRUSTED_USER_CA_KEYS | length > 0"
|
|
- "STEP_CONFIG_PATH | length > 0"
|
|
- "STEP_GROUP_NAME | length > 0"
|
|
- "STEP_HC_FILE_NAME | length > 0"
|
|
- "STEP_HC_RENEWAL_CRON | length > 0"
|
|
- "STEP_HC_RENEWAL_NAME | length > 0"
|
|
- "STEP_HC_RENEWAL_TAGS | length > 0"
|
|
- "STEP_PATH | length > 0"
|
|
- "STEP_SCRIPTS_PATH | length > 0"
|
|
- "STEP_USER_NAME | length > 0"
|
|
|
|
- name: create config directories
|
|
become: true
|
|
ansible.builtin.file:
|
|
path: "{{ item }}"
|
|
owner: "{{ STEP_USER_NAME }}"
|
|
group: "{{ STEP_GROUP_NAME }}"
|
|
state: directory
|
|
with_items:
|
|
- "{{ STEP_PATH }}"
|
|
- "{{ STEP_CONFIG_PATH }}"
|
|
- "{{ STEP_CERTS_PATH }}"
|
|
- "{{ STEP_SCRIPTS_PATH }}"
|