rilla
/
ansible
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactored user creation tasks

main
Ricard Illa 2022-08-30 14:43:41 +02:00
parent d8cf4364c9
commit 91d33c10ad
11 changed files with 90 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
deploy.yml
View File

@ -4,6 +4,7 @@
become_method: doas become_method: doas
roles: roles:
- basic - basic
- users
- sshd - sshd
post_tasks: post_tasks:
- name: lbu commit - name: lbu commit

56
roles/basic/tasks/main.yml
View File

@ -1,59 +1,3 @@
- name: install python3 - name: install python3
apk: apk:
name: python3 name: python3
- name: create group 'rilla'
group:
name: rilla
gid: 1000
- name: create user 'rilla'
user:
name: rilla
uid: 1000
group: rilla
home: /home/rilla
groups:
- rilla
- wheel
- name: commit ansible's home to lbu
lbu:
include:
- /home/rilla
exclude:
- /home/rilla/.ash_history
when: ansible_distribution == "Alpine"
- name: create group 'ansible'
group:
name: ansible
gid: 501
- name: create user 'ansible'
user:
name: ansible
uid: 501
group: ansible
home: /var/lib/ansible
password: "*" # disabled password but can be accessed with SSH
groups:
- ansible
- wheel
- name: make sure ansible owns its home
file:
state: directory
path: /var/lib/ansible
owner: ansible
group: ansible
mode: '2755'
- name: commit ansible's home to lbu
lbu:
include:
- /var/lib/ansible
exclude:
- /var/lib/ansible/.ansible
- /var/lib/ansible/.ash_history
when: ansible_distribution == "Alpine"

12
roles/sshd/tasks/alpine.yml
View File

@ -1,15 +1,3 @@
- name: commit rilla's authorized ssh keys
lbu:
include:
- /home/rilla/.ssh/authorized_keys
when: rilla_keys.changed
- name: commit ansible's authorized ssh keys
lbu:
include:
- /var/lib/ansible/.ssh/authorized_keys
when: ansible_keys.changed
- name: install openssh - name: install openssh
apk: apk:
name: openssh name: openssh

19
roles/sshd/tasks/main.yml
View File

@ -1,22 +1,3 @@
- name: set rilla's authorized key
authorized_key:
user: rilla
key: '{{ item }}'
path: /home/rilla/.ssh/authorized_keys
with_file:
- public_keys/yubikey
register: rilla_keys
- name: set ansible's authorized keys
authorized_key:
user: ansible
key: '{{ item }}'
path: /var/lib/ansible/.ssh/authorized_keys
with_file:
- public_keys/yubikey
- public_keys/ansible
register: ansible_keys
- name: set sshd config - name: set sshd config
template: template:
src: sshd_config.j2 src: sshd_config.j2

0
roles/sshd/files/public_keys/ansible → roles/users/files/public_keys/ansible
View File

0
roles/sshd/files/public_keys/yubikey → roles/users/files/public_keys/yubikey
View File

0
roles/basic/meta/main.yml → roles/users/meta/main.yml
View File

16
roles/users/tasks/alpine.yml Normal file
View File

@ -0,0 +1,16 @@
- name: commit ansible's home to lbu
lbu:
include:
- /home/rilla
- /home/rilla/.ssh/authorized_keys
exclude:
- /home/rilla/.ash_history
- name: commit ansible's home to lbu
lbu:
include:
- /var/lib/ansible
- /var/lib/ansible/.ssh/authorized_keys
exclude:
- /var/lib/ansible/.ansible
- /var/lib/ansible/.ash_history

33
roles/users/tasks/ansible.yml Normal file
View File

@ -0,0 +1,33 @@
- name: create group 'ansible'
group:
name: ansible
gid: 501
- name: create user 'ansible'
user:
name: ansible
uid: 501
group: ansible
home: /var/lib/ansible
password: "*" # disabled password but can be accessed with SSH
groups:
- ansible
- wheel
- name: make sure ansible owns its home
file:
state: directory
path: /var/lib/ansible
owner: ansible
group: ansible
mode: '2755'
- name: set ansible's authorized keys
authorized_key:
user: ansible
key: '{{ item }}'
path: /var/lib/ansible/.ssh/authorized_keys
with_file:
- public_keys/yubikey
- public_keys/ansible
register: ansible_keys

9
roles/users/tasks/main.yml Normal file
View File

@ -0,0 +1,9 @@
- name: setup user 'rilla'
include_tasks: rilla.yml
- name: setup user 'ansible'
include_tasks: ansible.yml
- name: commit user's home to alpine lbu
include_tasks: alpine.yml
when: ansible_distribution == "Alpine"

31
roles/users/tasks/rilla.yml Normal file
View File

@ -0,0 +1,31 @@
- name: create group 'rilla'
group:
name: rilla
gid: 1000
- name: create user 'rilla'
user:
name: rilla
uid: 1000
group: rilla
home: /home/rilla
groups:
- rilla
- wheel
- name: make sure rilla owns its home
file:
state: directory
path: /home/rilla
owner: rilla
group: rilla
mode: '2755'
- name: set rilla's authorized key
authorized_key:
user: rilla
key: '{{ item }}'
path: /home/rilla/.ssh/authorized_keys
with_file:
- public_keys/yubikey
register: rilla_keys