roles/user_mgmt: for add/delete users and ssh_keys

This commit is contained in:
Geno 2020-09-17 12:55:13 +00:00
parent 53f795faf6
commit dee5a45271
7 changed files with 74 additions and 8 deletions

View file

@ -3,3 +3,4 @@
become: yes become: yes
roles: roles:
- debian - debian
- { role: user_mgmt, tags: [user_mgmt]}

18
group_vars/all.yml Normal file
View file

@ -0,0 +1,18 @@
user_mgmt_default:
crest:
ssh_key:
present:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGApbgicmP2yQTxf2YjGVtRo6yGTIFfDRjHg2whJsKp9 crest"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmjzqbR1FPmfgwutxxog/UsbvXHx8uJMDAwBDOjV+XY crest@emma.ccchb.de"
absent: []
genofire:
ssh_key:
present:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZm0TZPBzgXrY1vrLoYviNRb/oGZQDQk9vrppPK84sN55ZPlr9VvP+JYE7Qkx8teRuH9ulxqX40+dxKaiAXMUl4HU57KPLjwCb7SnBNIFTv6ZHGxPS8ZgUzKJr4Agph51oenNEO3RziEqAo3EwK67SGnjeIYQQKcjpfwd08+PYMOjv42zSYQ9umooj5LooOvbxoogZ3VpboXv6DeyA4rev1M9RgnMWaWVF2LxJjQ3jVr7xh1vZktVGKuVk/XXKD6WVAuwmGMVEouQzjtG9kepWd8FUYe+fgj5mtdqfeQP9CypxvOcb7jT20wO1Abpp5udS9iPDQHg+lafklIAeKG3qgxxhBDH3otXtnWcoeXUmDpBI8HU/8d/yrGaLHYRfy3HHiSGFq3lBgoxi83QIOl9ELeKWMJC0fWKBApm0NU0flgwfy2j7GRyXmlM7tVFyuj5RTAZNQfgD9g054di9WbtUs7sm/9r3/rQe2+3neE3Jskt4xvZK0xbc4dZSZGn4E2JDWjENqPBvQ2dU5lsjpUKTZWAnxVGPe//BErsDxNLIHWz8emG71r3Q2yud4KPdAR9CgeC8g1bwlCI6JDFZutKBzIlE3QQ4ryKJEioiUL89xi6G+nNB7W5ABsQN0ZtWvZl8TG4Wh00B+oBXzgRER5Y9SdAYcrwWxlGVxxQyElUNrw== genofire-yubikey"
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8LdgjUiL/MFmA2wM98QAbUEyY/8ixnpettC6kQxKWu genofire@emma.ccchb.de"
absent: []
fritz:
ssh_key:
present:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEay33koXmcBcrDuCQKkCBlw/gKiPtwLswATPqIR7udl fritz@fluorine.grimpen.net"
absent: []

View file

@ -3,7 +3,6 @@ ipv6route: 2a01:4f8:150:926f::4
ipv4: 10.0.0.1/31 ipv4: 10.0.0.1/31
ipv4route: 10.0.0.0 ipv4route: 10.0.0.0
dns: 213.133.98.98 8.8.8.8 dns: 213.133.98.98 8.8.8.8
default_root_ssh_publickey: "https://fireorbit.de/keys/ssh"
nginx_acme_mail: "webmaster@ccchb.de" nginx_acme_mail: "webmaster@ccchb.de"
nextcloud_domain: "cloud.ccchb.de" nextcloud_domain: "cloud.ccchb.de"
php_config: php_config:
@ -12,3 +11,11 @@ php_config:
php_fpm_env: php_fpm_env:
- key: 'PATH' - key: 'PATH'
value: "/usr/local/bin:/usr/bin:/bin" value: "/usr/local/bin:/usr/bin:/bin"
user_mgmt:
crest:
created: true
groups: sudo
genofire:
created: true
groups: sudo

View file

@ -5,4 +5,14 @@ ipv6route: 2a01:4f8:150:926f::6
ipv4: 10.0.0.3/31 ipv4: 10.0.0.3/31
ipv4route: 10.0.0.2 ipv4route: 10.0.0.2
dns: 213.133.98.98 8.8.8.8 dns: 213.133.98.98 8.8.8.8
default_root_ssh_publickey: "https://fireorbit.de/keys/ssh"
user_mgmt:
crest:
created: true
groups: sudo
genofire:
created: true
groups: sudo
fritz:
created: true
groups: sudo

View file

@ -11,12 +11,6 @@
checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce
validate_certs: false validate_certs: false
- name: ssh publickey
authorized_key:
user: root
state: present
key: "{{ default_root_ssh_publickey }}"
- name: Update SSH configuration - name: Update SSH configuration
notify: reload sshd notify: reload sshd
replace: replace:

View file

@ -0,0 +1,2 @@
user_mgmt_default: {}
user_mgmt: {}

View file

@ -0,0 +1,34 @@
---
- name: Merge ansible variables for host
set_fact: _user_mgmt="{{ user_mgmt_default | combine(user_mgmt, recursive=true) }}"
- name: Add User
user:
name: "{{ item.key }}"
groups: "{{ item.value.groups | default([]) }}"
state: present
when: item.value.created | default
with_dict: "{{ _user_mgmt }}"
- name: Add ssh-key to user
authorized_key:
user: "{{ item.0.key }}"
key: "{{ item.1 }}"
state: present
when: _user_mgmt[item.0.key].created | default
loop: "{{ _user_mgmt |dict2items | subelements('value.ssh_key.present') }}"
- name: Remove ssh-key to user
authorized_key:
user: "{{ item.0.key }}"
key: "{{ item.1 }}"
state: absent
when: _user_mgmt[item.0.key].created | default
loop: "{{ _user_mgmt |dict2items | subelements('value.ssh_key.absent') }}"
- name: Remove user
user:
name: "{{ item.key }}"
state: absent
when: not (item.value.created | default)
with_dict: "{{ _user_mgmt }}"