refactored user creation tasks

2022-08-30 14:43:41 +02:00 · 2022-08-30 14:43:41 +02:00 · 91d33c10ad
parent d8cf4364c9
commit 91d33c10ad
11 changed files with 90 additions and 87 deletions
--- a/deploy.yml
+++ b/deploy.yml
@ -4,6 +4,7 @@
  become_method: doas
  roles:
    - basic
+    - users
    - sshd
  post_tasks:
    - name: lbu commit
--- a/roles/basic/tasks/main.yml
+++ b/roles/basic/tasks/main.yml
@ -1,59 +1,3 @@
 - name: install python3
  apk:
    name: python3
-
- name: create group 'rilla'
-  group:
-    name: rilla
-    gid: 1000
-
- name: create user 'rilla'
-  user:
-    name: rilla
-    uid: 1000
-    group: rilla
-    home: /home/rilla
-    groups:
-      - rilla
-      - wheel
-
- name: commit ansible's home to lbu
-  lbu:
-    include:
-      - /home/rilla
-    exclude:
-      - /home/rilla/.ash_history
-  when: ansible_distribution == "Alpine"
-
- name: create group 'ansible'
-  group:
-    name: ansible
-    gid: 501
-
- name: create user 'ansible'
-  user:
-    name: ansible
-    uid: 501
-    group: ansible
-    home: /var/lib/ansible
-    password: "*"  # disabled password but can be accessed with SSH
-    groups:
-      - ansible
-      - wheel
-
- name: make sure ansible owns its home
-  file:
-    state: directory
-    path: /var/lib/ansible
-    owner: ansible
-    group: ansible
-    mode: '2755'
-
- name: commit ansible's home to lbu
-  lbu:
-    include:
-      - /var/lib/ansible
-    exclude:
-      - /var/lib/ansible/.ansible
-      - /var/lib/ansible/.ash_history
-  when: ansible_distribution == "Alpine"
--- a/roles/sshd/tasks/alpine.yml
+++ b/roles/sshd/tasks/alpine.yml
@ -1,15 +1,3 @@
- name: commit rilla's authorized ssh keys
-  lbu:
-    include:
-      - /home/rilla/.ssh/authorized_keys
-  when: rilla_keys.changed
-
- name: commit ansible's authorized ssh keys
-  lbu:
-    include:
-      - /var/lib/ansible/.ssh/authorized_keys
-  when: ansible_keys.changed
-
 - name: install openssh
  apk:
    name: openssh
--- a/roles/sshd/tasks/main.yml
+++ b/roles/sshd/tasks/main.yml
@ -1,22 +1,3 @@
- name: set rilla's authorized key
-  authorized_key:
-    user: rilla
-    key: '{{ item }}'
-    path: /home/rilla/.ssh/authorized_keys
-  with_file:
-    - public_keys/yubikey
-  register: rilla_keys
-
- name: set ansible's authorized keys
-  authorized_key:
-    user: ansible
-    key: '{{ item }}'
-    path: /var/lib/ansible/.ssh/authorized_keys
-  with_file:
-    - public_keys/yubikey
-    - public_keys/ansible
-  register: ansible_keys
-
 - name: set sshd config
  template:
    src: sshd_config.j2
--- a/roles/users/files/public_keys/ansible
+++ b/roles/users/files/public_keys/ansible
--- a/roles/users/files/public_keys/yubikey
+++ b/roles/users/files/public_keys/yubikey
--- a/roles/users/meta/main.yml
+++ b/roles/users/meta/main.yml
--- a/roles/users/tasks/alpine.yml
+++ b/roles/users/tasks/alpine.yml
@ -0,0 +1,16 @@
+- name: commit ansible's home to lbu
+  lbu:
+    include:
+      - /home/rilla
+      - /home/rilla/.ssh/authorized_keys
+    exclude:
+      - /home/rilla/.ash_history
+
+- name: commit ansible's home to lbu
+  lbu:
+    include:
+      - /var/lib/ansible
+      - /var/lib/ansible/.ssh/authorized_keys
+    exclude:
+      - /var/lib/ansible/.ansible
+      - /var/lib/ansible/.ash_history
--- a/roles/users/tasks/ansible.yml
+++ b/roles/users/tasks/ansible.yml
@ -0,0 +1,33 @@
+- name: create group 'ansible'
+  group:
+    name: ansible
+    gid: 501
+
+- name: create user 'ansible'
+  user:
+    name: ansible
+    uid: 501
+    group: ansible
+    home: /var/lib/ansible
+    password: "*"  # disabled password but can be accessed with SSH
+    groups:
+      - ansible
+      - wheel
+
+- name: make sure ansible owns its home
+  file:
+    state: directory
+    path: /var/lib/ansible
+    owner: ansible
+    group: ansible
+    mode: '2755'
+
+- name: set ansible's authorized keys
+  authorized_key:
+    user: ansible
+    key: '{{ item }}'
+    path: /var/lib/ansible/.ssh/authorized_keys
+  with_file:
+    - public_keys/yubikey
+    - public_keys/ansible
+  register: ansible_keys
--- a/roles/users/tasks/main.yml
+++ b/roles/users/tasks/main.yml
@ -0,0 +1,9 @@
+- name: setup user 'rilla'
+  include_tasks: rilla.yml
+
+- name: setup user 'ansible'
+  include_tasks: ansible.yml
+
+- name: commit user's home to alpine lbu
+  include_tasks: alpine.yml
+  when: ansible_distribution == "Alpine"
--- a/roles/users/tasks/rilla.yml
+++ b/roles/users/tasks/rilla.yml
@ -0,0 +1,31 @@
+- name: create group 'rilla'
+  group:
+    name: rilla
+    gid: 1000
+
+- name: create user 'rilla'
+  user:
+    name: rilla
+    uid: 1000
+    group: rilla
+    home: /home/rilla
+    groups:
+      - rilla
+      - wheel
+
+- name: make sure rilla owns its home
+  file:
+    state: directory
+    path: /home/rilla
+    owner: rilla
+    group: rilla
+    mode: '2755'
+
+- name: set rilla's authorized key
+  authorized_key:
+    user: rilla
+    key: '{{ item }}'
+    path: /home/rilla/.ssh/authorized_keys
+  with_file:
+    - public_keys/yubikey
+  register: rilla_keys