This is an ansible setup I use to manage my own machine(s).
I've tried to make it generic enough that you can clone it and use it too.
The playbooks in the playbooks/
directory are separated out by user -- each
user keeps their own scripts there with no particular structure. The
roles/
dir has shared roles, some of which do different things for
different users based on the presence of vars. See
roles/mail/client/tasks/main.yml
for an example.
I use pass
to store the Ansible Vault password, which is used to
encrypt/decrypt the various passwords for each host in
inventory/host_vars/hostname
.
You can generate the primary vault password by running pass generate sys/ansible/vault 32
. Then you can add something like ansible_sudo_pass: 'foobar'
to inventory/host_vars/127.0.0.1
.