From f7032535f59a80e2c53907a15f40e8eb4b76d422 Mon Sep 17 00:00:00 2001
From: Christophe Siraut <csiraut@entrouvert.com>
Date: Tue, 10 Apr 2018 13:33:30 +0200
Subject: [PATCH 3/5] bootstrap.yaml is a playbook for preparing a remote host

---
 bootstrap.yaml | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 group_vars/all |  2 +-
 2 files changed, 58 insertions(+), 1 deletion(-)
 create mode 100644 bootstrap.yaml

diff --git a/bootstrap.yaml b/bootstrap.yaml
new file mode 100644
index 0000000..ef5a491
--- /dev/null
+++ b/bootstrap.yaml
@@ -0,0 +1,57 @@
+---
+- name: Initialize a container for Publik developer installation
+  hosts: all
+  gather_facts: False
+
+  tasks:
+    - raw: dpkg -s python || (apt update && apt install -y python python-simplejson python-apt)
+    - raw: dpkg -s sudo || apt install -y sudo
+    - raw: dpkg -s postgresql || apt install -y postgresql
+    - raw: dpkg -s git || apt install -y git
+
+    - lineinfile:
+          path: /etc/postgresql/9.6/main/pg_hba.conf
+          line: 'local all postgres trust'
+          insertbefore: '# DO NOT DISABLE!'
+
+    - lineinfile:
+          path: /etc/postgresql/9.6/main/pg_hba.conf
+          line: 'local all all peer'
+          insertafter: 'local all postgres trust'
+
+    - raw: systemctl restart postgresql
+
+    - user:
+          name: "{{user}}"
+          groups: sudo
+          append: yes
+          shell: /bin/bash
+
+    # it is strange we need to fix permissions here (ansible 2.4)
+    - file:
+          path: "~{{user}}"
+          state: directory
+          owner: "{{user}}"
+          group: "{{user}}"
+
+    - lineinfile:
+          dest: /etc/sudoers
+          regexp: "^%{{user}}"
+          line: "{{user}} ALL=(ALL) NOPASSWD: ALL"
+          validate: 'visudo -cf %s'
+
+    - file:
+          path: "~{{user}}/.ssh"
+          state: directory
+          owner: "{{user}}"
+          mode: 0700
+    - copy:
+          src: "~/.ssh/id_rsa.pub"
+          dest: "~{{user}}/.ssh/authorized_keys"
+          owner: "{{user}}"
+          mode: 0600
+
+    - lineinfile:
+          path: /etc/hosts
+          regexp: '^127.0.42.1'
+          line: '127.0.42.1 dev-hobo.local.publik agent-combo.local.publik user-combo.local.publik demarches-wcs.local.publik connexion-authentic.local.publik'
diff --git a/group_vars/all b/group_vars/all
index e05bcf7..e65cacf 100644
--- a/group_vars/all
+++ b/group_vars/all
@@ -5,7 +5,7 @@ src_dir: "/home/{{user}}/src"
 ssl_certificate: "/etc/ssl/certs/*.local.publik.crt"
 ssl_certificate_key: "/etc/ssl/private/*.local.publik.key"
 venv: "/home/{{user}}/envs/publik-env"
-user: publik
+user: your_user_name
 apps:
   authentic:
     db_name: authentic_multitenant
-- 
2.11.0