- removed backup files

- add .gitignore

- journal entries on slack packages

- add two new ansible playbooks on create/update users

12 files changed, 126 insertions, 208 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e4e5f6c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+*~
\ No newline at end of file
diff --git a/ansible-practice/system/08-playbook-add-gpg-keys.yml~ b/ansible-practice/system/08-playbook-add-gpg-keys.yml~
deleted file mode 100644
index 889d146..0000000
--- a/ansible-practice/system/08-playbook-add-gpg-keys.yml~
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: "08 - custom ansible - add slackware-related gpg keys to users keychain"
-  hosts: localhost
-  roles:
-    - bash_config
\ No newline at end of file
diff --git a/ansible-practice/system/09-playbook-copy-system-files-on-controller.yml~ b/ansible-practice/system/09-playbook-copy-system-files-on-controller.yml~
deleted file mode 100644
index 90ca529..0000000
--- a/ansible-practice/system/09-playbook-copy-system-files-on-controller.yml~
+++ /dev/null
@@ -1,81 +0,0 @@
-# create backup copies of system files on control node
-#
-#   https://www.freekb.net/Article?id=759
-#   https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
-#   https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html
-#   https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
-#   https://phoenixnap.com/kb/ansible-check-if-file-exists
-#   https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#registering-variables
-#   https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html
-#
-#   https://www.howtouselinux.com/post/ansible-copy-module-examples-to-copy-file-to-remote-server
-#   
-#
-#   had to run the command like so:
-#
-#     ansible-playbook 09-playbook-copy-system-files.yml --ask-become-pass
-#     
-#        -or-
-#
-#     ansible-playbook 09-playbook-copy-system-files.yml -K
-#
-#        -or-
-#
-#     ansible-playbook 09-playbook-copy-system-files.yml --become -K
-#
-
----
-- name: "09 - custom ansible - backup system files"
-  hosts: localhost
-  tasks:
-  - name: check backup directory status
-    ansible.builtin.stat:
-      path: "{{ backup_etc_dir }}"
-    register: backup_dir
-    tags: ['backup_dir_status']
-
-  - name: create backup directory if it does not exist
-    ansible.builtin.file:
-      path: "{{ backup_etc_dir }}"
-      state: directory
-    when: backup_dir.stat.isdir is not defined
-    tags: ['create_backup_dir']
-
-#- name: Print a debug message
-#  ansible.builtin.debug:
-#    msg: "isdir isn't defined (path doesn't exist)"
-#  when: backup_dir.stat.islnk is not defined
-
-#  - name: backup '/etc/fstab' 
-#    ansible.builtin.copy:
-#      src: /etc/fstab
-#      remote_src: true
-#      dest: "{{ backup_etc_dir }}/fstab"
-##      backup: true
-#    when: backup_dir.stat.isdir is defined
-#    delegate_to: localhost
-#    run_once: true
-#    tags: ['fstab']
-
-#  - name: backup '/etc/fstab' locally
-#    ansible.builtin.shell: sudo cp -a /etc/fstab {{ backup_etc_dir }}/
-#    delegate_to: localhost
-#    run_once: true
-#    when: backup_dir.stat.isdir is defined
-#    tags: ['fstab']
-
-  - name: backup special '/etc/' files locally
-    ansible.builtin.shell: |
-      sudo cp -a /etc/hosts.allow {{ backup_etc_dir }}/
-           cp -a /etc/hosts.deny {{ backup_etc_dir }}/
-	   cp -a /etc/inetd.conf {{ backup_etc_dir }}/
-	   cp -a /etc/sudoers {{ backup_etc_dir }}/
-	   cp -a /etc/hosts {{ backup_etc_dir }}/
-	   cp -a /etc/fstab {{ backup_etc_dir }}/
-	   cp -a /etc/inittab {{ backup_etc_dir }}/
-      exit 0
-    delegate_to: localhost
-    run_once: true
-    when: backup_dir.stat.isdir is defined
-    tags: ['fstab']
-
diff --git a/ansible-practice/system/09-playbook-copy-system-files.yml~ b/ansible-practice/system/09-playbook-copy-system-files.yml~
deleted file mode 100644
index 17b0f00..0000000
--- a/ansible-practice/system/09-playbook-copy-system-files.yml~
+++ /dev/null
@@ -1,32 +0,0 @@
-# reboot a host
-#   https://www.freekb.net/Article?id=3078
-#   https://www.freekb.net/Article?id=2395
-#   https://docs.ansible.com/ansible/latest/collections/ansible/builtin/reboot_module.html
-#
-#   - will need to find another option for reboot cuz this was a wonky behavior from ansible
-#     - it asked me to enter my passphrase 5 times before actually took properly
-#   
-#   had to run the command like so:
-#
-#     ansible-playbook 11-playbook-reboot.yml --ask-become-pass
-#
-#        -or-
-#
-#     ansible-playbook 11-playbook-reboot.yml -K
-#
-#        -or-
-#
-#     ansible-playbook 11-playbook-reboot.yml --become -K
-#
-
----
-- name: "08 - custom ansible - backup system files"
-  hosts: all
-  tasks:
-    - name: reboot a host
-      ansible.builtin.reboot:
-        msg: "reboot initiated by ansible"
-        connect_timeout: 5
-        post_reboot_delay: 30
-      become: yes
-...
\ No newline at end of file
diff --git a/ansible-practice/system/10-playbook-copy-system-files-on-node.yml~ b/ansible-practice/system/10-playbook-copy-system-files-on-node.yml~
deleted file mode 100644
index 460dd21..0000000
--- a/ansible-practice/system/10-playbook-copy-system-files-on-node.yml~
+++ /dev/null
@@ -1,25 +0,0 @@
-# create backup copies of system files on control node
-#
-#   https://www.freekb.net/Article?id=759
-#   https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
-#   https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html
-#   https://docs.ansible.com/ansible/latest/collections/ansible/builtin/copy_module.html
-#   https://phoenixnap.com/kb/ansible-check-if-file-exists
-#   https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html#registering-variables
-#   https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_conditionals.html
-#
-#   https://www.howtouselinux.com/post/ansible-copy-module-examples-to-copy-file-to-remote-server
-#   
-#
-#   had to run the command like so:
-#
-#     ansible-playbook 10-playbook-copy-system-files-on-node.yml --ask-become-pass
-#     
-#        -or-
-#
-#     ansible-playbook 10-playbook-copy-system-files-on-node.yml -K
-#
-#        -or-
-#
-#     ansible-playbook 10-playbook-copy-system-files-on-node.yml --become -K
-#
diff --git a/ansible-practice/system/11-playbook-herd-new-host.yml~ b/ansible-practice/system/11-playbook-herd-new-host.yml~
deleted file mode 100644
index 6ffe1ea..0000000
--- a/ansible-practice/system/11-playbook-herd-new-host.yml~
+++ /dev/null
@@ -1,5 +0,0 @@
----
-- name: "11 - custom ansible - herd new host"
-  hosts: localhost
-  roles:
-    - bash_config
\ No newline at end of file
diff --git a/ansible-practice/system/12-replace-text.yml~ b/ansible-practice/system/12-replace-text.yml~
deleted file mode 100644
index 1848ea6..0000000
--- a/ansible-practice/system/12-replace-text.yml~
+++ /dev/null
@@ -1,15 +0,0 @@
----
-- name: "12 - custom ansible - replace text"
-  hosts: dev
-  tasks:
-  - name: update slackpg blacklist
-    ansible.builtin.replace:
-      path: "{{ backup_etc_dir }}/blacklist"
-  #    regexp: '^#(kernel-.+)$'
-  #    replace: '\1'
-      regexp: "kernel"
-      replace: "kerneldaryll"
-      owner: root
-      group: root
-      backup: yes
-      tags: ['slackpkg_blacklist']
diff --git a/ansible-practice/system/13-create-update-user.yml~ b/ansible-practice/system/13-create-update-user.yml~
deleted file mode 100644
index d7fc422..0000000
--- a/ansible-practice/system/13-create-update-user.yml~
+++ /dev/null
@@ -1,8 +0,0 @@
-#
-# https://www.howtouselinux.com/post/create-user-with-ansible
-#
----
-- name: "13 - custom ansible - create/update user"
-  hosts: dev
-  become: yes  # Run tasks with root/sudo privileges
-  tasks:
diff --git a/ansible-practice/system/13_1-create-update-user-with-prompt.yml b/ansible-practice/system/13_1-create-update-user-with-prompt.yml
new file mode 100644
index 0000000..7bd0760
--- /dev/null
+++ b/ansible-practice/system/13_1-create-update-user-with-prompt.yml
@@ -0,0 +1,73 @@
+#
+# https://www.howtouselinux.com/post/create-user-with-ansible
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html
+# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_variables.html
+# https://docs.ansible.com/ansible/latest/collections/community/crypto/openssh_keypair_module.html
+# https://www.codesandnotes.be/2020/01/13/generate-ssh-keys-using-ansible/
+# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
+#
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/file_module.html
+# https://docs.ansible.com/ansible/latest/collections/ansible/builtin/find_module.html
+#
+# https://stackoverflow.com/questions/4411457/how-do-i-verify-check-test-validate-my-ssh-passphrase
+#
+# - an issue i found while trying to update a user's ssh key
+#   - although the docs state that this can be done...it did not work for me !
+#   - the only thing that worked was to remove previous keys and then add new ones
+#
+#
+---
+- name: "13.1 -- custom ansible - create/update user with a prompt"
+  hosts: dev
+  become: yes  # Run tasks with root/sudo privileges
+  vars:
+    username: testuser1
+
+  vars_prompt:
+    - name: "passphrase"
+      prompt: "enter the passphrase for the ssh key"
+
+  tasks:
+#    - name: backup users ssh keys
+#      ansible.builtin.shell: |
+#        sudo mv /home/{{ username }}/.ssh/id_ed25519 /home/{{ username }}/.ssh/id_ed25519_BAK 
+#             mv /home/{{ username }}/.ssh/id_ed25519.pub /home/{{ username }}/.ssh/id_ed25519.pub_BAK 
+#        exit 0
+#      tags: ['backup_ssh_files']
+
+    - name: find files to delete w/ wildcard
+      ansible.builtin.find:
+        path: /home/{{ username }}/.ssh
+        patterns: 'id_ed25519*'
+      register: ssh_keys      
+
+    - name: remove users ssh keys
+      ansible.builtin.file:
+        path: "{{ item.path  }}"
+        state: absent
+      with_items: "{{ ssh_keys.files }}"
+      tags: ['remove_ssh_files']
+
+    - name: update user
+      ansible.builtin.user:
+        name: "{{ username }}"
+        state: present                                         # ensure the user is present
+        generate_ssh_key: true
+        force: true
+        ssh_key_type: ed25519
+        ssh_key_passphrase: "{{ passphrase }}"
+        ssh_key_file: .ssh/id_ed25519
+      tags: ['update_user']
+
+#
+# received the following when running this playbook:
+#
+#   TASK [create user] *************************************************
+#  
+#   [DEPRECATION WARNING]: Encryption using the Python crypt module is
+#   deprecated. The Python crypt module is deprecated and will be removed
+#   from Python 3.13. Install the passlib library for continued encryption
+#   functionality. This feature will be removed in version
+#   2.17. Deprecation warnings can be disabled by setting
+#   deprecation_warnings=False in ansible.cfg.
+# 
diff --git a/ansible-practice/system/13_2-create-update-user-authorized_key.yml b/ansible-practice/system/13_2-create-update-user-authorized_key.yml
new file mode 100644
index 0000000..c046fe9
--- /dev/null
+++ b/ansible-practice/system/13_2-create-update-user-authorized_key.yml
@@ -0,0 +1,29 @@
+#
+# https://www.codesandnotes.be/2020/01/13/generate-ssh-keys-using-ansible/
+# https://docs.ansible.com/ansible/latest/collections/ansible/posix/authorized_key_module.html
+# https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_lookups.html
+#
+# - i couldnt really understand why we would use this module 'after' we created the
+#   'testuser' w/ an ssh key.
+#
+#   tldr; you don't !!!!
+#
+#   - the correct way to use this is if u have a list of users and their public keys
+#     stored on the controller node.  then when you create a managed node
+#     you can loop thru creating new users on it and add their public keys to that
+#     new node in a playbook.
+#
+---
+- name: "13.2 -- custom ansible - create/update user with a prompt"
+  hosts: dev
+  become: yes  # Run tasks with root/sudo privileges
+  vars:
+    username: testuser1
+    ssh_path: "keys/{{ username }}/id_ed25519.pub"
+
+  tasks:
+    - name: set authorized key taken from file
+      ansible.posix.authorized_key:
+        user: "{{ username }}"
+        state: present                                         # ensure the user is present
+        key: "{{ lookup('file', ssh_path) }}"
diff --git a/ansible-practice/system/14-verify-user.yml~ b/ansible-practice/system/14-verify-user.yml~
deleted file mode 100644
index 4be4c36..0000000
--- a/ansible-practice/system/14-verify-user.yml~
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# https://www.howtouselinux.com/post/create-user-with-ansible
-#
----
-- name: "14 - custom ansible - verifyl user"
-  hosts: dev
-  become: yes  # Run tasks with root/sudo privileges
-
-  tasks:
-    - name: check if user exists
-      ansible.builtin.shell:
-      register: user_check
-      ignore_errors: true
-
-    - name: display user information
-      ansible.builtin.debug:
-        msg: "user '{{ username  }}' exists !"
-	when: user_check.rc == 0
-
diff --git a/ansible_stuff.org b/ansible_stuff.org
index 400958f..3b7cf61 100644
--- a/ansible_stuff.org
+++ b/ansible_stuff.org
@@ -2,7 +2,7 @@
 #+TITLE: my scrappy ansible notes
 #+AUTHOR: blizzack
 
-* <2023-10-23 Mon>
+* <2023-10-23 Mon> ---------------------------------------------------------
 
 - installing ansible via pip
 
@@ -303,7 +303,7 @@ bash-5.2$
 bash-5.2$
 bash-5.2$
 
-* <2023-10-24 Tue>
+* <2023-10-24 Tue> ---------------------------------------------------------
 
 decided it would be nice to have another host to play around with so
 i dusted off 'bbox' and logged into it from 'boom2'
@@ -391,7 +391,7 @@ Connection to 192.168.0.220 closed.
 
       https://www.educba.com/ansible-hosts-file/
 
-* <2023-10-29 Sun>
+* <2023-10-29 Sun> ---------------------------------------------------------
 
 - created '~/.ansible/hosts' file like so:
 
@@ -447,7 +447,7 @@ ansible dev -m ping
 	      msg: Hello Ansible World
     #+end_src
 
-* <2023-10-30 Mon>
+* <2023-10-30 Mon> ---------------------------------------------------------
 
 - make sure to setup my path correctly so that the ansible executable
   can be found
@@ -491,14 +491,14 @@ bash-5.2$ echo $PATH
 - seems i dont understand YAML well enuf
   https://docs.ansible.com/ansible/latest/reference_appendices/YAMLSyntax.html
 
-* <2023-11-02 Thu>
+* <2023-11-02 Thu> ---------------------------------------------------------
 
 some definitions of things:
 
 - control node    =  my ansible server
 - managed node(s) = target systems
 
-* <2023-11-22 Wed>
+* <2023-11-22 Wed> ---------------------------------------------------------
 
 did a lil research on more resources
 
@@ -630,7 +630,7 @@ playbook: 12-playbook-copy-directory.yml
 
         ansible-playbook -l dev-stations 12-playbook-copy-directory.yml
 
-* <2023-11-30 Thu>
+* <2023-11-30 Thu> ---------------------------------------------------------
 
 researching 'roles' and how to use them.
 
@@ -696,7 +696,7 @@ https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.htm
       - localhost.yml
       - other_hosts.yml
 
-* <2023-12-04 Mon>
+* <2023-12-04 Mon> ---------------------------------------------------------
 
 - experimented w/ using the 'inventory_hostname' above by using an
   example from here:
@@ -711,7 +711,7 @@ https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.htm
   https://github.com/cesarvr/ansible-role-hello-world
   - the inet needs more simple examples like this !!
 
-* <2023-12-05 Tue>
+* <2023-12-05 Tue> ---------------------------------------------------------
 
 - How to Use Ansible Roles to Abstract your Infrastructure Environment
    https://www.digitalocean.com/community/tutorials/how-to-use-ansible-roles-to-abstract-your-infrastructure-environment
@@ -733,7 +733,7 @@ https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.htm
   https://stackoverflow.com/questions/53253879/ansible-vars-files-vs-include-vars
   https://stackoverflow.com/questions/36134552/use-multiple-var-files-in-ansible-role
 
-* <2023-12-07 Thu>
+* <2023-12-07 Thu> ---------------------------------------------------------
 
 - worked w/ 'var_files' and that did not do what i expected
 - playing w/ 'group_vars' directory
@@ -775,7 +775,7 @@ https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.htm
   - so...this explains why trying to add different variablse for the
     hosts in roles was painful...its bcuz its in the wrong place
 
-* <2023-12-08 Fri>
+* <2023-12-08 Fri> ---------------------------------------------------------
 
 - continued my tests of copying files and found the correct way is to
   use hosts and/or group vars that can be kept in the playbook or w/
@@ -820,14 +820,14 @@ https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_reuse_roles.htm
   'ansible.builtin.command'
   https://stackoverflow.com/questions/56663332/difference-between-shell-and-command-in-ansible
 
-* <2023-12-12 Tue>
+* <2023-12-12 Tue> ---------------------------------------------------------
 
 today i learned that ansible makes it a lil difficult to copy/move
 files around on the controller node.  they make it very apparent that
 ansible is for contolling managed nodes not necessarily controlling
 the control node.
 
-* <2023-12-13 Wed>
+* <2023-12-13 Wed> ---------------------------------------------------------
 
 looking at examples to update a file on a managed host
 
@@ -840,7 +840,7 @@ https://docs.ansible.com/ansible/latest/collections/ansible/builtin/lineinfile_m
 - an online python regex syntax checker
   https://pythex.org/
 
-* <2023-12-14 Thu>
+* <2023-12-14 Thu> ---------------------------------------------------------
 
 copy 'rc.firewall' from bbox to boom2:
 
@@ -848,7 +848,7 @@ rsync --progress -avzhr --delete -e 'ssh -i ~/.ssh/20231024bbox' dpierre@192.168
 
 https://chmod-calculator.com/
 
-* <2023-12-15 Fri>
+* <2023-12-15 Fri> ---------------------------------------------------------
 
 lol..learned of a lil abnormality w/ ansible today.  while testing
 replacing contents of a file w/ the 'ansible.builtin.replace' module
@@ -943,7 +943,7 @@ https://www.pythontutorial.net/python-regex/python-regex-backreferences/
 ansible replace examples:
 - https://www.linuxtechi.com/replace-strings-lines-with-ansible/
 
-* <2023-12-16 Sat>
+* <2023-12-16 Sat> ---------------------------------------------------------
 
 just pointing out another case of weirdness that occured as a result
 of the 'command' vs. 'shell' in a playbook.
@@ -1018,8 +1018,7 @@ while the same object under the shell command returns a string, like so:
 just documenting this fact here cuz i have a feeling this weirdness
 will bite me in the ass someday.
 
-
-* <2023-12-19 Tue>
+* <2023-12-19 Tue> ---------------------------------------------------------
 
 - slackpkg module
 
@@ -1038,6 +1037,12 @@ will bite me in the ass someday.
   there does not seem to be a module for this since it is considered
   'unofficial'
 
+- interesting i see an example of using a template w/in a template here:
+  https://medium.com/@chandrapal/managing-linux-users-ssh-keys-using-ansible-39ee2fc24c16
+
+  - i've seen references online that say this does not work well.
+    will need to test this
+
 * references
 2023-12-16 -- the following is a lists of ansible related URLs compiled so far.