diff options
author | Quentin <quentin@deuxfleurs.fr> | 2019-06-01 16:02:49 +0200 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2019-07-11 09:33:07 +0200 |
commit | 61d009f18d5886db8b22ae41e04bb41a4ba2fddb (patch) | |
tree | e44bb326caf3107653c7a48749527cfd77f02cf2 /ansible/roles/users | |
download | infrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.tar.gz infrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.zip |
Initial commit
Diffstat (limited to 'ansible/roles/users')
-rw-r--r-- | ansible/roles/users/files/erwan-key1.pub | 1 | ||||
-rw-r--r-- | ansible/roles/users/files/quentin-key1.pub | 1 | ||||
-rw-r--r-- | ansible/roles/users/files/quentin-key2.pub | 1 | ||||
-rw-r--r-- | ansible/roles/users/files/valentin-key1.pub | 1 | ||||
-rw-r--r-- | ansible/roles/users/tasks/main.yml | 39 | ||||
-rw-r--r-- | ansible/roles/users/vars/main.yml | 18 |
6 files changed, 61 insertions, 0 deletions
diff --git a/ansible/roles/users/files/erwan-key1.pub b/ansible/roles/users/files/erwan-key1.pub new file mode 100644 index 0000000..450e79f --- /dev/null +++ b/ansible/roles/users/files/erwan-key1.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ/p26O7UY7D2y6ZshqmywNf0YD90KYWT4Z9DvpgZj3iLh9o/QL7XIYT/qHYPaEBXZJOdMaZRLmdxVlybKCE0KU= Arm0nius@armonius diff --git a/ansible/roles/users/files/quentin-key1.pub b/ansible/roles/users/files/quentin-key1.pub new file mode 100644 index 0000000..f3667e0 --- /dev/null +++ b/ansible/roles/users/files/quentin-key1.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT1+H08FdUSvdPpPKdcafq4+JRHvFVjfvG5Id97LAoROmFRUb/ZOMTLdNuD7FqvW0Da5CPxIMr8ZxfrFLtpGyuG7qdI030iIRZPlKpBh37epZHaV+l9F4ZwJQMIBO9cuyLPXgsyvM/s7tDtrdK1k7JTf2EVvoirrjSzBaMhAnhi7//to8zvujDtgDZzy6aby75bAaDetlYPBq2brWehtrf9yDDG9WAMYJqp//scje/WmhbRR6eSdim1HaUcWk5+4ZPt8sQJcy8iWxQ4jtgjqTvMOe5v8ZPkxJNBine/ZKoJsv7FzKem00xEH7opzktaGukyEqH0VwOwKhmBiqsX2yN quentin@dufour.io diff --git a/ansible/roles/users/files/quentin-key2.pub b/ansible/roles/users/files/quentin-key2.pub new file mode 100644 index 0000000..c1b19fd --- /dev/null +++ b/ansible/roles/users/files/quentin-key2.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBu+KUebaWwlugMC5fGbNhHc6IaQDAC6+1vMc4Ww7nVU1rs2nwI7L5qcWxOwNdhFaorZQZy/fJuCWdFbF61RCKGayBWPLZHGPsfqDuggYNEi1Qil1kpeCECfDQNjyMTK058ZBBhOWNMHBjlLWXUlRJDkRBBECY0vo4jRv22SvSaPUCAnkdJ9rbAp/kqb497PTIb2r1l1/ew8YdhINAlpYQFQezZVfkZdTKxt22n0QCjhupqjfh3gfNnbBX0z/iO+RvAOWRIZsjPFLC+jXl+n7cnu2cq1nvST5eHiYfXXeIgIwmeENLKqp+2Twr7PIdv22PnJkh6iR5kx7eTRxkNZdN quentin@deuxfleurs.fr diff --git a/ansible/roles/users/files/valentin-key1.pub b/ansible/roles/users/files/valentin-key1.pub new file mode 100644 index 0000000..26026d1 --- /dev/null +++ b/ansible/roles/users/files/valentin-key1.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLsa6M4gYCXxEnv4SY24I1Yixv9okhTlDChxr27WLsLEpKt8AX2Q456ip2o3hCe3FbyD3vnliObKsG0/QXHV7Sw= valentin@linux.home diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml new file mode 100644 index 0000000..990a041 --- /dev/null +++ b/ansible/roles/users/tasks/main.yml @@ -0,0 +1,39 @@ +- name: Add users in the system + user: + name: "{{ item.username }}" + #groups: docker + shell: "{{ item.shell | default('/bin/bash') }}" + append: no + loop: "{{ active_users + | selectattr('is_admin', 'defined') + | rejectattr('is_admin') + | list + | union( active_users + | selectattr('is_admin', 'undefined') + | list )}}" + +- name: Set admin rights + user: + name: "{{ item.username }}" + groups: docker, sudo + shell: "{{ item.shell | default('/bin/bash') }}" + append: no + loop: "{{ active_users + | selectattr('is_admin', 'defined') + | selectattr('is_admin') + | list }}" + +# [V How SSH Key works] magic is done by subelements, understand the trick at: +# https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter +- name: Add SSH keys + authorized_key: + user: "{{ item.0.username }}" + state: present + key: "{{ lookup('file', item.1) }}" + loop: "{{ active_users | subelements('ssh_keys', skip_missing=True) }}" + +- name: Disable old users + user: + name: "{{ item }}" + state: absent + loop: "{{ disabled_users }}" diff --git a/ansible/roles/users/vars/main.yml b/ansible/roles/users/vars/main.yml new file mode 100644 index 0000000..924b62e --- /dev/null +++ b/ansible/roles/users/vars/main.yml @@ -0,0 +1,18 @@ +--- +active_users: + - username: 'quentin' + is_admin: true + ssh_keys: + - 'quentin-key1.pub' + - 'quentin-key2.pub' + + - username: 'erwan' + ssh_keys: + - 'erwan-key1.pub' + + - username: 'valentin' + ssh_keys: + - 'valentin-key1.pub' + +disabled_users: + - 'john.doe' |