Tending to the infrastructure garden of Sequoia Fabrica.
A beloved collection of pets. No cattle here.
___
_,-'"" """"`--.
,-' __,,-- \
,' __,--""""dF )
/ .-"Hb_,--""dF /
,' _Hb ___dF"-._,-'
,' _,-"""" ""--..__
( ,-' `.
`._,' _ _ ;
,' ,' `-'Hb-.___..._,-'
\ ,'"Hb.-'HH`-.dHF"
`--' "Hb HH dF"
"Hb HH dF
"HbHHdF
|HHHF
|HHH|
|HHH|
|HHH|
|HHH|
dHHHb
.dFd|bHb. o
o .dHFdH|HbTHb. o /
\ Y | \__,dHHFdHH|HHhoHHb.______| Y
##########################################
- Add to GitHub Organization: First, the user must be added to the Sequoia Fabrica GitHub organization. This is required because their SSH public keys will be pulled from their GitHub account.
- Update Ansible Configuration: Add the user to the
sequoia_fabrica_userslist inansible/inventory/group_vars/all.yml - Run Ansible: Execute
make ansibleto provision the user account on all managed hosts. This will:- Create the user account with sudo access
- Pull their SSH public keys from GitHub
- Configure their shell environment
- Set up appropriate permissions
Note: The username field is the system username that will be created on the servers, while github_username is their GitHub account name (used to fetch SSH keys).
- Ask a member of the networking grove for the vault password file. This should not be shared with anyone outside the network grove ever.
- Place the vault password in it's own file in your home directory. Do not commit this file to version control. e.g.
echo "PASSWORD" > ~/.sequoia_fabrica_ansible_vault - Use that file as an argument for
ansible-vault. Example:ansible-vault encrypt_string --vault-password-file ~/.sequoia_fabrica_ansible_vault 'SECRET_KEY' --name 'authentik_api_token'