Massive user refactor
This commit is contained in:
7
user/tasks/authorize.yml
Normal file
7
user/tasks/authorize.yml
Normal file
@@ -0,0 +1,7 @@
|
||||
---
|
||||
# Authorize this key to this users ~/.ssh/authorized_keys file
|
||||
- name: Adding {{ user }} SSH key to {{ ssh_into }} users ~/.ssh/authorized_keys
|
||||
authorized_key:
|
||||
user: '{{ item }}'
|
||||
key: "{{ lookup('file', user_path + '/keys/' + user + '.key.pub') }}"
|
||||
with_items: '{{ ssh_into }}'
|
||||
46
user/tasks/create.yml
Normal file
46
user/tasks/create.yml
Normal file
@@ -0,0 +1,46 @@
|
||||
---
|
||||
# Groups from group_vars/users.yml
|
||||
- set_fact:
|
||||
user_groups: "{{ users[user]['groups'] }}"
|
||||
when: (user_groups is undefined or user_groups == "") and users[user]['groups'] is defined
|
||||
|
||||
# Using complete groups from playbook user line
|
||||
- set_fact:
|
||||
user_groups: '{{ user_groups }}'
|
||||
when: user_groups is defined and user_groups != ""
|
||||
|
||||
# Appending groups to group_vars/users.yml
|
||||
- set_fact:
|
||||
user_groups: "{{ users[user]['groups'] + add_groups }}"
|
||||
when: add_groups is defined and add_groups != "" and users[user]['groups'] is defined
|
||||
|
||||
# Add OS specific sudo group
|
||||
- set_fact:
|
||||
user_groups: "{{ user_groups + [sudogroup] }}"
|
||||
when: add_sudo|default(false)|bool
|
||||
|
||||
# Set root groups
|
||||
- set_fact:
|
||||
user_groups: [root]
|
||||
when: user == 'root'
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
- include_tasks: debug.yml
|
||||
- include_tasks: user.yml
|
||||
- include_tasks: sudo.yml
|
||||
- include_tasks: ssh.yml
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
# Reset variable defaults for next run
|
||||
# No way to "unset" a variable, so set to "" and treat "" as undefined in the facts above
|
||||
- set_fact:
|
||||
user_groups: ""
|
||||
add_groups: ""
|
||||
ssh_info: ""
|
||||
add_sudo: no
|
||||
create: yes
|
||||
ssh_keys: yes
|
||||
ssh_authorize: no
|
||||
|
||||
11
user/tasks/debug.yml
Normal file
11
user/tasks/debug.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
---
|
||||
# Debug
|
||||
- name: User Debug Details
|
||||
debug:
|
||||
msg:
|
||||
- "User: {{ user }}"
|
||||
- "ID: {{ users[user]['id'] }}"
|
||||
- "GID: {{ users[user]['gid'] }}"
|
||||
- "Groups: {{ user_groups }}"
|
||||
- "Password: {{ users[user]['password'] }}"
|
||||
#- "{{ network['netmask'] }}"
|
||||
39
user/tasks/main.yml
Normal file
39
user/tasks/main.yml
Normal file
@@ -0,0 +1,39 @@
|
||||
---
|
||||
################################################################################
|
||||
# Usage Examples
|
||||
# Uses groups defined in group_vars/users.yml
|
||||
#- { role: shared/user, user: toor }
|
||||
|
||||
# Overrides groups and sets them all here
|
||||
#- { role: shared/user, user: toor, user_groups: [all1, all2] }
|
||||
|
||||
# Adds these groups to groups in gruops_vars/users.yml
|
||||
#- { role: shared/user, user: toor, add_groups: [add1, add2] }
|
||||
|
||||
# Add OS specific sudo groups to user
|
||||
#- { role: shared/user, user: billolo, add_sudo: yes }
|
||||
|
||||
# Create user AND authorize their key to other users
|
||||
#- { role: shared/user, user: toor, ssh_into: [mreschke,billolo] }
|
||||
|
||||
# Authorize a users key to other users without creating the user (create: no)
|
||||
#- { role: shared/user, user: mreschke, create: no, ssh_into: [toor,root]}
|
||||
|
||||
# Optional arguments
|
||||
# add_sudo: yes
|
||||
# ssh_keys: yes (deploys id_rsa and is_rsa.pub)
|
||||
# ssh_authorize: no (default yes, stops adding user to authorized_keys)
|
||||
# create_home: no
|
||||
# shell: /bin/zsh
|
||||
################################################################################
|
||||
# Create user and groups
|
||||
- include_tasks: create.yml
|
||||
when: create|default(true)|bool
|
||||
|
||||
# Authorize user via SSH
|
||||
- include_tasks: authorize.yml
|
||||
when: ssh_into is defined and ssh_info != ""
|
||||
|
||||
# Manjaro modifications per user
|
||||
- include_tasks: manjaro.yml
|
||||
when: ansible_os_family == "Archlinux" and ansible_lsb.id == "ManjaroLinux"
|
||||
15
user/tasks/manjaro.yml
Normal file
15
user/tasks/manjaro.yml
Normal file
@@ -0,0 +1,15 @@
|
||||
---
|
||||
# Manjaro Hack, alter ~/.bashrc
|
||||
- name: Adding bash prompt for Manjaro Linux
|
||||
lineinfile:
|
||||
path: '{{ "~" + user | expanduser }}/.bashrc'
|
||||
line: 'source /etc/profile.d/bash_prompt.sh'
|
||||
create: yes
|
||||
when: user != 'root'
|
||||
|
||||
- # Manjaro symlink ~/.vim
|
||||
- name: Symlinking ~/.vim to /etc/vim
|
||||
file:
|
||||
src: /etc/vim
|
||||
dest: '{{ "~" + user | expanduser }}/.vim'
|
||||
state: link
|
||||
40
user/tasks/ssh.yml
Normal file
40
user/tasks/ssh.yml
Normal file
@@ -0,0 +1,40 @@
|
||||
---
|
||||
# Create users ~/.ssh directory
|
||||
- name: Creating {{ user }} ~/.ssh directory
|
||||
file:
|
||||
path: '{{ "~" + user | expanduser }}/.ssh'
|
||||
state: directory
|
||||
|
||||
# Authorize users SSH keys
|
||||
# NOTE, when: ssh_authorize|bool == true
|
||||
# IS working, BUT even if ssh_authorize = false the
|
||||
# with_file: still errors if 'keys/{{ user }}.key.pub' does NOT exists
|
||||
# So you have to create at least a blank users/keys/user.key.pub file
|
||||
- name: Authorizing SSH keys for {{ user }}
|
||||
authorized_key:
|
||||
user: '{{ user }}'
|
||||
key: '{{ item }}'
|
||||
with_file:
|
||||
- '{{ user_path }}/keys/{{ user }}.key.pub'
|
||||
when: ssh_authorize|default(true)|bool
|
||||
|
||||
# Create users public key
|
||||
- name: Copying {{ user }} SSH public key
|
||||
copy:
|
||||
src: '{{ user_path }}/keys/{{ user }}.key.pub'
|
||||
#dest: '{{ user_home }}/.ssh/id_rsa.pub'
|
||||
dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa.pub'
|
||||
owner: '{{ user }}'
|
||||
group: '{{ user }}'
|
||||
mode: 0644
|
||||
when: ssh_keys|default(false)|bool
|
||||
|
||||
# Create users private key
|
||||
- name: Copying {{ user }} SSH private key
|
||||
copy:
|
||||
src: '../vault/{{ user }}.key'
|
||||
dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa'
|
||||
owner: '{{ user }}'
|
||||
group: '{{ user }}'
|
||||
mode: 0600
|
||||
when: ssh_keys|default(false)|bool
|
||||
20
user/tasks/sudo.yml
Normal file
20
user/tasks/sudo.yml
Normal file
@@ -0,0 +1,20 @@
|
||||
---
|
||||
- name: Adding users sudoers.d file
|
||||
file:
|
||||
path: '/etc/sudoers.d/{{ user }}'
|
||||
state: touch
|
||||
mode: "0640" #-rw-r-----
|
||||
when: 'sudogroup in user_groups'
|
||||
|
||||
- name: Setting user to nopasswd sudo access
|
||||
lineinfile:
|
||||
path: '/etc/sudoers.d/{{ user }}'
|
||||
line: '{{ user }} ALL=(ALL) NOPASSWD:ALL'
|
||||
#when: '"sudo" in group'
|
||||
when: 'sudogroup in user_groups'
|
||||
|
||||
- name: Ensuring sudo is disabled if no longer in sudo group
|
||||
file:
|
||||
path: /etc/sudoers.d/{{ user }}
|
||||
state: absent
|
||||
when: 'sudogroup not in user_groups'
|
||||
19
user/tasks/user.yml
Normal file
19
user/tasks/user.yml
Normal file
@@ -0,0 +1,19 @@
|
||||
---
|
||||
# Create main user gruop
|
||||
- name: Creating group {{ user }}
|
||||
group:
|
||||
name: '{{ user }}'
|
||||
gid: "{{ users[user]['gid'] }}"
|
||||
|
||||
# Create user
|
||||
- name: Creating user {{ user }}
|
||||
user:
|
||||
name: '{{ user }}'
|
||||
uid: "{{ users[user]['id'] }}"
|
||||
comment: '{{ user }}'
|
||||
group: '{{ user }}'
|
||||
groups: '{{ user_groups }}'
|
||||
password: "{{ users[user]['password'] }}"
|
||||
update_password: always
|
||||
create_home: "{{ create_home | default('yes') }}"
|
||||
shell: "{{ shell | default('/bin/bash') }}"
|
||||
Reference in New Issue
Block a user