forked from ccchb/ansible
roles/user_mgmt: for add/delete users and ssh_keys
This commit is contained in:
parent
53f795faf6
commit
dee5a45271
7 changed files with 74 additions and 8 deletions
|
@ -3,3 +3,4 @@
|
||||||
become: yes
|
become: yes
|
||||||
roles:
|
roles:
|
||||||
- debian
|
- debian
|
||||||
|
- { role: user_mgmt, tags: [user_mgmt]}
|
||||||
|
|
18
group_vars/all.yml
Normal file
18
group_vars/all.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
user_mgmt_default:
|
||||||
|
crest:
|
||||||
|
ssh_key:
|
||||||
|
present:
|
||||||
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGApbgicmP2yQTxf2YjGVtRo6yGTIFfDRjHg2whJsKp9 crest"
|
||||||
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmjzqbR1FPmfgwutxxog/UsbvXHx8uJMDAwBDOjV+XY crest@emma.ccchb.de"
|
||||||
|
absent: []
|
||||||
|
genofire:
|
||||||
|
ssh_key:
|
||||||
|
present:
|
||||||
|
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDZm0TZPBzgXrY1vrLoYviNRb/oGZQDQk9vrppPK84sN55ZPlr9VvP+JYE7Qkx8teRuH9ulxqX40+dxKaiAXMUl4HU57KPLjwCb7SnBNIFTv6ZHGxPS8ZgUzKJr4Agph51oenNEO3RziEqAo3EwK67SGnjeIYQQKcjpfwd08+PYMOjv42zSYQ9umooj5LooOvbxoogZ3VpboXv6DeyA4rev1M9RgnMWaWVF2LxJjQ3jVr7xh1vZktVGKuVk/XXKD6WVAuwmGMVEouQzjtG9kepWd8FUYe+fgj5mtdqfeQP9CypxvOcb7jT20wO1Abpp5udS9iPDQHg+lafklIAeKG3qgxxhBDH3otXtnWcoeXUmDpBI8HU/8d/yrGaLHYRfy3HHiSGFq3lBgoxi83QIOl9ELeKWMJC0fWKBApm0NU0flgwfy2j7GRyXmlM7tVFyuj5RTAZNQfgD9g054di9WbtUs7sm/9r3/rQe2+3neE3Jskt4xvZK0xbc4dZSZGn4E2JDWjENqPBvQ2dU5lsjpUKTZWAnxVGPe//BErsDxNLIHWz8emG71r3Q2yud4KPdAR9CgeC8g1bwlCI6JDFZutKBzIlE3QQ4ryKJEioiUL89xi6G+nNB7W5ABsQN0ZtWvZl8TG4Wh00B+oBXzgRER5Y9SdAYcrwWxlGVxxQyElUNrw== genofire-yubikey"
|
||||||
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH8LdgjUiL/MFmA2wM98QAbUEyY/8ixnpettC6kQxKWu genofire@emma.ccchb.de"
|
||||||
|
absent: []
|
||||||
|
fritz:
|
||||||
|
ssh_key:
|
||||||
|
present:
|
||||||
|
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEay33koXmcBcrDuCQKkCBlw/gKiPtwLswATPqIR7udl fritz@fluorine.grimpen.net"
|
||||||
|
absent: []
|
|
@ -3,7 +3,6 @@ ipv6route: 2a01:4f8:150:926f::4
|
||||||
ipv4: 10.0.0.1/31
|
ipv4: 10.0.0.1/31
|
||||||
ipv4route: 10.0.0.0
|
ipv4route: 10.0.0.0
|
||||||
dns: 213.133.98.98 8.8.8.8
|
dns: 213.133.98.98 8.8.8.8
|
||||||
default_root_ssh_publickey: "https://fireorbit.de/keys/ssh"
|
|
||||||
nginx_acme_mail: "webmaster@ccchb.de"
|
nginx_acme_mail: "webmaster@ccchb.de"
|
||||||
nextcloud_domain: "cloud.ccchb.de"
|
nextcloud_domain: "cloud.ccchb.de"
|
||||||
php_config:
|
php_config:
|
||||||
|
@ -12,3 +11,11 @@ php_config:
|
||||||
php_fpm_env:
|
php_fpm_env:
|
||||||
- key: 'PATH'
|
- key: 'PATH'
|
||||||
value: "/usr/local/bin:/usr/bin:/bin"
|
value: "/usr/local/bin:/usr/bin:/bin"
|
||||||
|
|
||||||
|
user_mgmt:
|
||||||
|
crest:
|
||||||
|
created: true
|
||||||
|
groups: sudo
|
||||||
|
genofire:
|
||||||
|
created: true
|
||||||
|
groups: sudo
|
||||||
|
|
|
@ -5,4 +5,14 @@ ipv6route: 2a01:4f8:150:926f::6
|
||||||
ipv4: 10.0.0.3/31
|
ipv4: 10.0.0.3/31
|
||||||
ipv4route: 10.0.0.2
|
ipv4route: 10.0.0.2
|
||||||
dns: 213.133.98.98 8.8.8.8
|
dns: 213.133.98.98 8.8.8.8
|
||||||
default_root_ssh_publickey: "https://fireorbit.de/keys/ssh"
|
|
||||||
|
user_mgmt:
|
||||||
|
crest:
|
||||||
|
created: true
|
||||||
|
groups: sudo
|
||||||
|
genofire:
|
||||||
|
created: true
|
||||||
|
groups: sudo
|
||||||
|
fritz:
|
||||||
|
created: true
|
||||||
|
groups: sudo
|
||||||
|
|
|
@ -11,12 +11,6 @@
|
||||||
checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce
|
checksum: sha256:ad88c76951693c2f9c38773ed2602a9fd5c74431615c4a23aaff679b295919ce
|
||||||
validate_certs: false
|
validate_certs: false
|
||||||
|
|
||||||
- name: ssh publickey
|
|
||||||
authorized_key:
|
|
||||||
user: root
|
|
||||||
state: present
|
|
||||||
key: "{{ default_root_ssh_publickey }}"
|
|
||||||
|
|
||||||
- name: Update SSH configuration
|
- name: Update SSH configuration
|
||||||
notify: reload sshd
|
notify: reload sshd
|
||||||
replace:
|
replace:
|
||||||
|
|
2
roles/user_mgmt/defaults/main.yml
Normal file
2
roles/user_mgmt/defaults/main.yml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
user_mgmt_default: {}
|
||||||
|
user_mgmt: {}
|
34
roles/user_mgmt/tasks/main.yml
Normal file
34
roles/user_mgmt/tasks/main.yml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
---
|
||||||
|
- name: Merge ansible variables for host
|
||||||
|
set_fact: _user_mgmt="{{ user_mgmt_default | combine(user_mgmt, recursive=true) }}"
|
||||||
|
|
||||||
|
- name: Add User
|
||||||
|
user:
|
||||||
|
name: "{{ item.key }}"
|
||||||
|
groups: "{{ item.value.groups | default([]) }}"
|
||||||
|
state: present
|
||||||
|
when: item.value.created | default
|
||||||
|
with_dict: "{{ _user_mgmt }}"
|
||||||
|
|
||||||
|
- name: Add ssh-key to user
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ item.0.key }}"
|
||||||
|
key: "{{ item.1 }}"
|
||||||
|
state: present
|
||||||
|
when: _user_mgmt[item.0.key].created | default
|
||||||
|
loop: "{{ _user_mgmt |dict2items | subelements('value.ssh_key.present') }}"
|
||||||
|
|
||||||
|
- name: Remove ssh-key to user
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ item.0.key }}"
|
||||||
|
key: "{{ item.1 }}"
|
||||||
|
state: absent
|
||||||
|
when: _user_mgmt[item.0.key].created | default
|
||||||
|
loop: "{{ _user_mgmt |dict2items | subelements('value.ssh_key.absent') }}"
|
||||||
|
|
||||||
|
- name: Remove user
|
||||||
|
user:
|
||||||
|
name: "{{ item.key }}"
|
||||||
|
state: absent
|
||||||
|
when: not (item.value.created | default)
|
||||||
|
with_dict: "{{ _user_mgmt }}"
|
Loading…
Reference in a new issue