qusal/salt/ansible
Ben Grande 422b01e0f6 feat: remove audiovm setting when unnecessary
Decrease audio attack surface to qubes that will never need to use it.
2024-01-20 19:34:39 +01:00
..
files refactor: move appended states to drop-in rc.local 2023-12-19 22:50:59 +01:00
clone.sls refactor: initial commit 2023-11-13 14:33:28 +00:00
clone.top refactor: initial commit 2023-11-13 14:33:28 +00:00
configure-minion.sls refactor: move appended states to drop-in rc.local 2023-12-19 22:50:59 +01:00
configure-minion.top refactor: initial commit 2023-11-13 14:33:28 +00:00
configure.sls refactor: move appended states to drop-in rc.local 2023-12-19 22:50:59 +01:00
configure.top refactor: initial commit 2023-11-13 14:33:28 +00:00
create.sls feat: remove audiovm setting when unnecessary 2024-01-20 19:34:39 +01:00
create.top refactor: initial commit 2023-11-13 14:33:28 +00:00
init.top refactor: initial commit 2023-11-13 14:33:28 +00:00
install.sls fix: mode ansible linter to correct project 2023-11-20 19:25:52 +00:00
install.top refactor: initial commit 2023-11-13 14:33:28 +00:00
README.md refactor: initial commit 2023-11-13 14:33:28 +00:00

ansible

Ansible environment in Qubes OS.

Table of Contents

Description

Install Ansible and use it on the "ansible" app qube.

Installation

  • Top
qubesctl top.enable ansible
qubesctl --targets=tpl-ansible,ansible,ansible-minion state.apply
qubesctl top.disable ansible
  • State
qubesctl state.apply ansible.create
qubesctl --skip-dom0 --targets=tpl-ansible state.apply ansible.install
qubesctl --skip-dom0 --targets=ansible state.apply ansible.configure,zsh.touch-zshrc
qubesctl --skip-dom0 --targets=ansible-minion state.apply ansible.configure-minion,zsh.touch-zshrc

Usage

Configure the control node ansible:

ssh-keygen -t ed25519 -N "" -f ~/.ssh/id_ansible
qvm-copy ~/.ssh/id_ansible.pub

Select ansible-minion as the target qube for the copy operation.

Configure the minion ansible-minion:

mkdir -m 0700 ~/.ssh
cat ~/QubesIncoming/ansible/id_ansible.pub >> ~/.ssh/authorized_keys

From the control node ansible, test connection to the minion ansible-minion:

ssh minion