aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/users
diff options
context:
space:
mode:
authorQuentin <quentin@deuxfleurs.fr>2019-06-01 16:02:49 +0200
committerQuentin Dufour <quentin@deuxfleurs.fr>2019-07-11 09:33:07 +0200
commit61d009f18d5886db8b22ae41e04bb41a4ba2fddb (patch)
treee44bb326caf3107653c7a48749527cfd77f02cf2 /ansible/roles/users
downloadinfrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.tar.gz
infrastructure-61d009f18d5886db8b22ae41e04bb41a4ba2fddb.zip
Initial commit
Diffstat (limited to 'ansible/roles/users')
-rw-r--r--ansible/roles/users/files/erwan-key1.pub1
-rw-r--r--ansible/roles/users/files/quentin-key1.pub1
-rw-r--r--ansible/roles/users/files/quentin-key2.pub1
-rw-r--r--ansible/roles/users/files/valentin-key1.pub1
-rw-r--r--ansible/roles/users/tasks/main.yml39
-rw-r--r--ansible/roles/users/vars/main.yml18
6 files changed, 61 insertions, 0 deletions
diff --git a/ansible/roles/users/files/erwan-key1.pub b/ansible/roles/users/files/erwan-key1.pub
new file mode 100644
index 0000000..450e79f
--- /dev/null
+++ b/ansible/roles/users/files/erwan-key1.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJ/p26O7UY7D2y6ZshqmywNf0YD90KYWT4Z9DvpgZj3iLh9o/QL7XIYT/qHYPaEBXZJOdMaZRLmdxVlybKCE0KU= Arm0nius@armonius
diff --git a/ansible/roles/users/files/quentin-key1.pub b/ansible/roles/users/files/quentin-key1.pub
new file mode 100644
index 0000000..f3667e0
--- /dev/null
+++ b/ansible/roles/users/files/quentin-key1.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT1+H08FdUSvdPpPKdcafq4+JRHvFVjfvG5Id97LAoROmFRUb/ZOMTLdNuD7FqvW0Da5CPxIMr8ZxfrFLtpGyuG7qdI030iIRZPlKpBh37epZHaV+l9F4ZwJQMIBO9cuyLPXgsyvM/s7tDtrdK1k7JTf2EVvoirrjSzBaMhAnhi7//to8zvujDtgDZzy6aby75bAaDetlYPBq2brWehtrf9yDDG9WAMYJqp//scje/WmhbRR6eSdim1HaUcWk5+4ZPt8sQJcy8iWxQ4jtgjqTvMOe5v8ZPkxJNBine/ZKoJsv7FzKem00xEH7opzktaGukyEqH0VwOwKhmBiqsX2yN quentin@dufour.io
diff --git a/ansible/roles/users/files/quentin-key2.pub b/ansible/roles/users/files/quentin-key2.pub
new file mode 100644
index 0000000..c1b19fd
--- /dev/null
+++ b/ansible/roles/users/files/quentin-key2.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBu+KUebaWwlugMC5fGbNhHc6IaQDAC6+1vMc4Ww7nVU1rs2nwI7L5qcWxOwNdhFaorZQZy/fJuCWdFbF61RCKGayBWPLZHGPsfqDuggYNEi1Qil1kpeCECfDQNjyMTK058ZBBhOWNMHBjlLWXUlRJDkRBBECY0vo4jRv22SvSaPUCAnkdJ9rbAp/kqb497PTIb2r1l1/ew8YdhINAlpYQFQezZVfkZdTKxt22n0QCjhupqjfh3gfNnbBX0z/iO+RvAOWRIZsjPFLC+jXl+n7cnu2cq1nvST5eHiYfXXeIgIwmeENLKqp+2Twr7PIdv22PnJkh6iR5kx7eTRxkNZdN quentin@deuxfleurs.fr
diff --git a/ansible/roles/users/files/valentin-key1.pub b/ansible/roles/users/files/valentin-key1.pub
new file mode 100644
index 0000000..26026d1
--- /dev/null
+++ b/ansible/roles/users/files/valentin-key1.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLsa6M4gYCXxEnv4SY24I1Yixv9okhTlDChxr27WLsLEpKt8AX2Q456ip2o3hCe3FbyD3vnliObKsG0/QXHV7Sw= valentin@linux.home
diff --git a/ansible/roles/users/tasks/main.yml b/ansible/roles/users/tasks/main.yml
new file mode 100644
index 0000000..990a041
--- /dev/null
+++ b/ansible/roles/users/tasks/main.yml
@@ -0,0 +1,39 @@
+- name: Add users in the system
+ user:
+ name: "{{ item.username }}"
+ #groups: docker
+ shell: "{{ item.shell | default('/bin/bash') }}"
+ append: no
+ loop: "{{ active_users
+ | selectattr('is_admin', 'defined')
+ | rejectattr('is_admin')
+ | list
+ | union( active_users
+ | selectattr('is_admin', 'undefined')
+ | list )}}"
+
+- name: Set admin rights
+ user:
+ name: "{{ item.username }}"
+ groups: docker, sudo
+ shell: "{{ item.shell | default('/bin/bash') }}"
+ append: no
+ loop: "{{ active_users
+ | selectattr('is_admin', 'defined')
+ | selectattr('is_admin')
+ | list }}"
+
+# [V How SSH Key works] magic is done by subelements, understand the trick at:
+# https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
+- name: Add SSH keys
+ authorized_key:
+ user: "{{ item.0.username }}"
+ state: present
+ key: "{{ lookup('file', item.1) }}"
+ loop: "{{ active_users | subelements('ssh_keys', skip_missing=True) }}"
+
+- name: Disable old users
+ user:
+ name: "{{ item }}"
+ state: absent
+ loop: "{{ disabled_users }}"
diff --git a/ansible/roles/users/vars/main.yml b/ansible/roles/users/vars/main.yml
new file mode 100644
index 0000000..924b62e
--- /dev/null
+++ b/ansible/roles/users/vars/main.yml
@@ -0,0 +1,18 @@
+---
+active_users:
+ - username: 'quentin'
+ is_admin: true
+ ssh_keys:
+ - 'quentin-key1.pub'
+ - 'quentin-key2.pub'
+
+ - username: 'erwan'
+ ssh_keys:
+ - 'erwan-key1.pub'
+
+ - username: 'valentin'
+ ssh_keys:
+ - 'valentin-key1.pub'
+
+disabled_users:
+ - 'john.doe'