Ansible tips and notes.

On client#

1 sudo apt update && sudo apt install ansible -t
2 git clone https://framagit.org/Nemecle/heimdall
3 cd heimdall

to launch:

1 ansible-playbook -i inventory.ini site.yml

ad-hoc command#

1 ansible  -i inventory.ini webservers -m ansible.builtin.file -a "dest=/etc/nginx/sites-available/wiki.nemecl.eu mode=600 owner=www-data group=www-data"  --become

On server#

1 sudo adduser deploy
2 sudo groupadd wheel
3 sudo usermod -aG sudo deploy
4 sudo usermod -aG wheel deploy

Then sudo visudo, add %wheel ALL=(ALL) NOPASSWD: ALL

And edit /etc/shadow to add/edit deploy:!!:[...] for no password

make sure to add user to AllowUsers in sshd_config.


1 sudo service ssh reload

Add ssh key:

1 ssh-copy-id -p <port> -i $HOME/.ssh/id_rsa.pub deploy@nemecl.eu

(unecessary?) then:

1 sudo setfacl -R -m u:deploy:rwx /var/www/