aboutsummaryrefslogtreecommitdiff
path: root/os_config/roles
diff options
context:
space:
mode:
Diffstat (limited to 'os_config/roles')
-rw-r--r--os_config/roles/common/tasks/main.yml51
-rw-r--r--os_config/roles/consul/files/consul.service10
-rw-r--r--os_config/roles/consul/tasks/main.yml26
-rw-r--r--os_config/roles/consul/templates/consul.json.j230
-rw-r--r--os_config/roles/consul/templates/resolv.conf.j22
-rw-r--r--os_config/roles/consul/vars/.gitignore1
-rw-r--r--os_config/roles/consul/vars/main.yml.sample2
-rw-r--r--os_config/roles/network/files/rules.v612
-rw-r--r--os_config/roles/network/tasks/main.yml11
-rw-r--r--os_config/roles/network/templates/rules.v4.j236
-rw-r--r--os_config/roles/nomad/files/nomad.service15
-rw-r--r--os_config/roles/nomad/tasks/main.yml23
-rw-r--r--os_config/roles/nomad/templates/nomad.hcl.j234
-rw-r--r--os_config/roles/storage/handlers/main.yml3
-rw-r--r--os_config/roles/storage/tasks/main.yml72
-rw-r--r--os_config/roles/users/files/alex-key1.pub1
-rw-r--r--os_config/roles/users/files/alex-key2.pub1
-rw-r--r--os_config/roles/users/files/florian-key1.pub1
-rw-r--r--os_config/roles/users/files/florian-key2.pub1
-rw-r--r--os_config/roles/users/files/maximilien-key1.pub1
-rw-r--r--os_config/roles/users/files/quentin-key1.pub1
-rw-r--r--os_config/roles/users/files/quentin-key2.pub1
-rw-r--r--os_config/roles/users/tasks/main.yml39
-rw-r--r--os_config/roles/users/vars/main.yml30
24 files changed, 0 insertions, 404 deletions
diff --git a/os_config/roles/common/tasks/main.yml b/os_config/roles/common/tasks/main.yml
deleted file mode 100644
index b4d00bb..0000000
--- a/os_config/roles/common/tasks/main.yml
+++ /dev/null
@@ -1,51 +0,0 @@
-- name: "Check that host runs Debian buster/sid on armv7l or x86_64"
- assert:
- that:
- - "ansible_architecture == 'aarch64' or ansible_architecture == 'armv7l' or ansible_architecture == 'x86_64'"
- - "ansible_os_family == 'Debian'"
-
-- name: "Upgrade system"
- apt:
- upgrade: dist # Should we do a full uprade instead of a dist one?
- update_cache: yes
- cache_valid_time: 3600
- autoclean: yes
- autoremove: yes
-
-- name: "Install base tools"
- apt:
- name:
- - vim
- - htop
- - screen
- - iptables
- - iptables-persistent
- - nftables
- - iproute2
- - curl
- - iputils-ping
- - dnsutils
- - bmon
- - iftop
- - iotop
- - docker.io
- - unzip
- - tar
- - tcpdump
- - less
- - parted
- - btrfs-tools
- - libnss-resolve
- - net-tools
- - strace
- - sudo
- state: present
-
-- name: "Passwordless sudo"
- lineinfile:
- path: /etc/sudoers
- state: present
- regexp: '^%sudo'
- line: '%sudo ALL=(ALL) NOPASSWD: ALL'
- validate: 'visudo -cf %s'
-
diff --git a/os_config/roles/consul/files/consul.service b/os_config/roles/consul/files/consul.service
deleted file mode 100644
index ffaa2a3..0000000
--- a/os_config/roles/consul/files/consul.service
+++ /dev/null
@@ -1,10 +0,0 @@
-[Unit]
-Description=Consul
-After=network-online.target
-Wants=network-online.target
-
-[Service]
-ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul
-
-[Install]
-WantedBy=multi-user.target
diff --git a/os_config/roles/consul/tasks/main.yml b/os_config/roles/consul/tasks/main.yml
deleted file mode 100644
index 2b77080..0000000
--- a/os_config/roles/consul/tasks/main.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-- name: "Set consul version"
- set_fact:
- consul_version: 1.8.0
-
-- name: "Download and install Consul for x86_64"
- unarchive:
- src: "https://releases.hashicorp.com/consul/{{ consul_version }}/consul_{{ consul_version }}_linux_amd64.zip"
- dest: /usr/local/bin
- remote_src: yes
- when:
- - "ansible_architecture == 'x86_64'"
-
-- name: "Create consul configuration directory"
- file: path=/etc/consul/ state=directory
-
-- name: "Deploy consul configuration"
- template: src=consul.json.j2 dest=/etc/consul/consul.json
-
-- name: "Deploy consul systemd service"
- copy: src=consul.service dest=/etc/systemd/system/consul.service
-
-- name: "Enable consul systemd service at boot"
- service: name=consul state=started enabled=yes daemon_reload=yes
-
-- name: "Deploy resolv.conf to use Consul"
- template: src=resolv.conf.j2 dest=/etc/resolv.conf
diff --git a/os_config/roles/consul/templates/consul.json.j2 b/os_config/roles/consul/templates/consul.json.j2
deleted file mode 100644
index b6c86aa..0000000
--- a/os_config/roles/consul/templates/consul.json.j2
+++ /dev/null
@@ -1,30 +0,0 @@
-{
- "data_dir": "/var/lib/consul",
- "bind_addr": "0.0.0.0",
- "advertise_addr": "{{ public_ip }}",
- "addresses": {
- "dns": "0.0.0.0",
- "http": "0.0.0.0"
- },
- "retry_join": [
- {% for selected_host in groups['cluster_nodes']|reject("sameas", ansible_fqdn) %}{# @FIXME: Reject doesn't work #}
- "{{ hostvars[selected_host]['private_ip'] }}" {{ "," if not loop.last else "" }}
- {% endfor %}
- ],
- "bootstrap_expect": 3,
- "server": true,
- "ui": true,
- "ports": {
- "dns": 53
- },
- "recursors": [
- "{{ dns_server }}"
- ],
- "encrypt": "{{ consul_gossip_encrypt }}",
- "domain": "2.cluster.deuxfleurs.fr",
- "performance": {
- "raft_multiplier": 10,
- "rpc_hold_timeout": "30s",
- "leave_drain_time": "30s"
- }
-}
diff --git a/os_config/roles/consul/templates/resolv.conf.j2 b/os_config/roles/consul/templates/resolv.conf.j2
deleted file mode 100644
index 2404034..0000000
--- a/os_config/roles/consul/templates/resolv.conf.j2
+++ /dev/null
@@ -1,2 +0,0 @@
-nameserver {{ private_ip }}
-nameserver {{ dns_server }}
diff --git a/os_config/roles/consul/vars/.gitignore b/os_config/roles/consul/vars/.gitignore
deleted file mode 100644
index ff5c0bd..0000000
--- a/os_config/roles/consul/vars/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-main.yml
diff --git a/os_config/roles/consul/vars/main.yml.sample b/os_config/roles/consul/vars/main.yml.sample
deleted file mode 100644
index 9c44126..0000000
--- a/os_config/roles/consul/vars/main.yml.sample
+++ /dev/null
@@ -1,2 +0,0 @@
----
-consul_gossip_encrypt: "<secret>"
diff --git a/os_config/roles/network/files/rules.v6 b/os_config/roles/network/files/rules.v6
deleted file mode 100644
index 17ff71c..0000000
--- a/os_config/roles/network/files/rules.v6
+++ /dev/null
@@ -1,12 +0,0 @@
-# WARNING!! When rules.{v4,v6} are changed, the whole iptables configuration is reloaded.
-# This creates issues with Docker, which injects its own configuration in iptables when it starts.
-# In practice, most (all?) containers will break if rules.{v4,v6} are changed,
-# and docker will have to be restared.
-
-
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-COMMIT
-
diff --git a/os_config/roles/network/tasks/main.yml b/os_config/roles/network/tasks/main.yml
deleted file mode 100644
index 1443e0c..0000000
--- a/os_config/roles/network/tasks/main.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-- name: "Deploy iptablesv4 configuration"
- template: src=rules.v4.j2 dest=/etc/iptables/rules.v4
-
-- name: "Deploy iptablesv6 configuration"
- copy: src=rules.v6 dest=/etc/iptables/rules.v6
-
-- name: "Activate IP forwarding"
- sysctl:
- name: net.ipv4.ip_forward
- value: "1"
- sysctl_set: yes
diff --git a/os_config/roles/network/templates/rules.v4.j2 b/os_config/roles/network/templates/rules.v4.j2
deleted file mode 100644
index a446139..0000000
--- a/os_config/roles/network/templates/rules.v4.j2
+++ /dev/null
@@ -1,36 +0,0 @@
-*filter
-:INPUT DROP [0:0]
-:FORWARD DROP [0:0]
-:OUTPUT ACCEPT [0:0]
-
-# Administration
--A INPUT -p tcp --dport 22 -j ACCEPT
-
-# Cluster
--A INPUT -s 192.168.1.254 -j ACCEPT
--A INPUT -s 82.253.205.190 -j ACCEPT
-{% for selected_host in groups['cluster_nodes'] %}
--A INPUT -s {{ hostvars[selected_host]['public_ip'] }} -j ACCEPT
--A INPUT -s {{ hostvars[selected_host]['private_ip'] }} -j ACCEPT
-{% endfor %}
-
-# Local
--A INPUT -i docker0 -j ACCEPT
--A INPUT -s 127.0.0.1/8 -j ACCEPT
--A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
-COMMIT
-
-*nat
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-COMMIT
-
-*mangle
-:PREROUTING ACCEPT [0:0]
-:INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [0:0]
-:POSTROUTING ACCEPT [0:0]
-COMMIT
diff --git a/os_config/roles/nomad/files/nomad.service b/os_config/roles/nomad/files/nomad.service
deleted file mode 100644
index 50116be..0000000
--- a/os_config/roles/nomad/files/nomad.service
+++ /dev/null
@@ -1,15 +0,0 @@
-[Unit]
-Description=Nomad
-After=network-online.target
-After=glusterd.service
-After=consul.service
-Wants=network-online.target
-Wants=glusterd.service
-Wants=consul.service
-
-[Service]
-ExecStart=/usr/local/bin/nomad agent -config /etc/nomad
-
-[Install]
-WantedBy=multi-user.target
-
diff --git a/os_config/roles/nomad/tasks/main.yml b/os_config/roles/nomad/tasks/main.yml
deleted file mode 100644
index 7c73362..0000000
--- a/os_config/roles/nomad/tasks/main.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-- name: "Set nomad version"
- set_fact:
- nomad_version: 0.12.0-beta2
-
-- name: "Download and install Nomad for x86_64"
- unarchive:
- src: "https://releases.hashicorp.com/nomad/{{ nomad_version }}/nomad_{{ nomad_version }}_linux_amd64.zip"
- dest: /usr/local/bin
- remote_src: yes
- when:
- - "ansible_architecture == 'x86_64'"
-
-- name: "Create Nomad configuration directory"
- file: path=/etc/nomad/ state=directory
-
-- name: "Deploy Nomad configuration"
- template: src=nomad.hcl.j2 dest=/etc/nomad/nomad.hcl
-
-- name: "Deploy Nomad systemd service"
- copy: src=nomad.service dest=/etc/systemd/system/nomad.service
-
-- name: "Enable Nomad systemd service at boot"
- service: name=nomad state=started enabled=yes daemon_reload=yes
diff --git a/os_config/roles/nomad/templates/nomad.hcl.j2 b/os_config/roles/nomad/templates/nomad.hcl.j2
deleted file mode 100644
index b0be6a8..0000000
--- a/os_config/roles/nomad/templates/nomad.hcl.j2
+++ /dev/null
@@ -1,34 +0,0 @@
-addresses {
- http = "0.0.0.0"
- rpc = "0.0.0.0"
- serf = "0.0.0.0"
-}
-
-advertise {
- http = "{{ public_ip }}"
- rpc = "{{ public_ip }}"
- serf = "{{ public_ip }}"
-}
-
-data_dir = "/var/lib/nomad"
-
-server {
- enabled = true
- bootstrap_expect = 3
-}
-
-consul {
- address="127.0.0.1:8500"
-}
-
-client {
- enabled = true
- #cpu_total_compute = 4000
- servers = ["127.0.0.1:4648"]
- network_interface = "{{ interface }}"
- options {
- docker.privileged.enabled = "true"
- docker.volumes.enabled = "true"
- }
-}
-
diff --git a/os_config/roles/storage/handlers/main.yml b/os_config/roles/storage/handlers/main.yml
deleted file mode 100644
index a395c93..0000000
--- a/os_config/roles/storage/handlers/main.yml
+++ /dev/null
@@ -1,3 +0,0 @@
----
-- name: umount gluster
- shell: umount --force --lazy /mnt/glusterfs ; true
diff --git a/os_config/roles/storage/tasks/main.yml b/os_config/roles/storage/tasks/main.yml
deleted file mode 100644
index a1f2d8f..0000000
--- a/os_config/roles/storage/tasks/main.yml
+++ /dev/null
@@ -1,72 +0,0 @@
-- name: "Add GlusterFS Repo Key"
- apt_key:
- url: https://download.gluster.org/pub/gluster/glusterfs/5/rsa.pub
- state: present
-
-- name: "Add GlusterFS official repository"
- apt_repository:
- repo: "deb [arch=amd64] https://download.gluster.org/pub/gluster/glusterfs/5/LATEST/Debian/buster/amd64/apt buster main"
- state: present
- filename: gluster
-
-- name: "Install GlusterFS"
- apt:
- name:
- - glusterfs-server
- - glusterfs-client
- state: present
-
-- name: "Ensure Gluster Daemon started and enabled"
- service:
- name: glusterd
- enabled: yes
- state: started
-
-- name: "Create directory for GlusterFS bricks"
- file: path=/mnt/storage/glusterfs/brick1 recurse=yes state=directory
-
-- name: "Create GlusterFS volumes"
- gluster_volume:
- state: present
- name: donnees
- bricks: /mnt/storage/glusterfs/brick1/g1
- #rebalance: yes
- redundancies: 1
- disperses: 3
- #replicas: 3
- force: yes
- options:
- client.event-threads: "8"
- server.event-threads: "8"
- performance.stat-prefetch: "on"
- nfs.disable: "on"
- features.cache-invalidation: "on"
- performance.client-io-threads: "on"
- config.transport: tcp
- performance.quick-read: "on"
- performance.io-cache: "on"
- nfs.export-volumes: "off"
- cluster.lookup-optimize: "on"
-
- cluster: "{% for selected_host in groups['cluster_nodes'] %}{{ hostvars[selected_host]['private_ip'] }}{{ ',' if not loop.last else '' }}{% endfor %}"
- run_once: true
-
-- name: "Create mountpoint"
- file: path=/mnt/glusterfs recurse=yes state=directory
-
-- name: "Flush handlers (umount glusterfs and restart ganesha)"
- meta: flush_handlers
-
-- name: "Add fstab entry"
- tags: gluster-fstab
- mount:
- path: /mnt/glusterfs
- src: "{{ private_ip }}:/donnees"
- fstype: glusterfs
- opts: "defaults,_netdev,noauto,x-systemd.automount"
- state: present
-
-- name: Mount everything
- command: mount -a
- args:
- warn: no
diff --git a/os_config/roles/users/files/alex-key1.pub b/os_config/roles/users/files/alex-key1.pub
deleted file mode 100644
index 93514ab..0000000
--- a/os_config/roles/users/files/alex-key1.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIDdVbA9fEdqSr5UJ77NnoIqDTVp8ca5kHExhZYI4ecBExFJfonJllXMBN9KdC4ukxtY8Ug47PcMOfMaTBZQc+e+KpvDWpkBt15Xpem3RCxmMBES79sLL7LgtAdBXc5mNaCX8EOEVixWKdarjvxRyf6py6the51G5muaiMpoj5fae4ZpRGjhGTPefzc7y7zRWBUUZ8pYHW774BIaK6XT9gn3hyHV+Occjl/UODXvodktk55YtnuPi8adXTYEsHrVVz8AkFhx+cr0U/U8vtQnsTrZG+JmgQLqpXVs0RDw5bE1RefEbMuYNKxutYKUe3L+ZJtDe0M0MqOFI8a4F5TxP5 katchup@konata
diff --git a/os_config/roles/users/files/alex-key2.pub b/os_config/roles/users/files/alex-key2.pub
deleted file mode 100644
index 1eddcc8..0000000
--- a/os_config/roles/users/files/alex-key2.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJk4tAEhDkLeik9eEHIHMliyckM/gWr/k6fX/CSmayCM katchup@charlotte
diff --git a/os_config/roles/users/files/florian-key1.pub b/os_config/roles/users/files/florian-key1.pub
deleted file mode 100644
index 47b5593..0000000
--- a/os_config/roles/users/files/florian-key1.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC/qOM2BYy3UFycDylioACWrnDwg69AoTNE6Ym9W4WI2R+FXd6A1DDG+NLW2orUfkARcJGYEXkzsd3wjDg0s+FS23QWTP+JTkZbdGzuMAcoNeJBtgsCq6m5Q2kvrQc5RscYBr/OZtx2PUfrGyRE3yiVCj38zOgRLRWY0Iqs97tlH74YP4BG3jQ/MI5zXEptWcXBO86FtISB3QyHPRg5OH0192094X/QcG18GKd2ORxC/ZcwK9GdEbJJHgkxJ0TbsQO3KfNTEFBCiynYpYViBsQZsrdBkw4sHHy5OKEahIexdpUg8EJhpyzLn6pvGSqua/mVxirJazgNgtvLlrUsAuNd4/HoWRSqzh51/4hQJ3BV4Yed/tX0rwlT/ZzIIzpGw+qJF3IVuxdvXIineNAEyjVfLVT6hADyQu52ziHSE0cVmUkWT0R7ZgPku0PRBuSeewJIm8uLM69GU/GeRt+mSNl6xOvtBrY/j6sRHcMROlgSHhJ6YnvmkiYXl0MyrH9YGc8=
diff --git a/os_config/roles/users/files/florian-key2.pub b/os_config/roles/users/files/florian-key2.pub
deleted file mode 100644
index f9935b3..0000000
--- a/os_config/roles/users/files/florian-key2.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0OcDsEZdiizsz8UIgOIqOQilnHWq0sOxuu6idOqqLVYLPZEv8owdeC5oIgQj94BcKnRzpe8UHxN13GQdEWsqCim6Zn8G5x1HdZDBC83466x3i6KBkMP0dk+h47tENxKFXBPUbh/2sR8r/lZXEhzCCo7tpVuRZpCc/r8WPbAQpLgDO2D0dR7etwf3ndgObxQU0w7WbN+7NzmaHE+VQLu/pqH0op8jZyebfb26XhZ1JnNrDhp86KYbusagn6wUwp3vaJmK9UyEMi21E5HI0ri51+FP8kaTCUpgIRmgIkKFFWiup5I56K8cpgZHcJ4NY7G3jHJeI3KBlazVMyhDVJ5glI1mV0zgdr7BRGqhn70hjf5vbkzcHbRVaMaGzGENLpTFWnaONB/EbqRghWsiVpV75BYzvxSSM8Yrx8pwKUBtLWU+FjljwuumXNLigLIc/FTxdcLvZudn51+XdJXtCBrBI1H22Q7kYXz7Pi800CDLQ8rUWkW8upQ+zu5fSRH+Ptwc=
diff --git a/os_config/roles/users/files/maximilien-key1.pub b/os_config/roles/users/files/maximilien-key1.pub
deleted file mode 100644
index 963b1f9..0000000
--- a/os_config/roles/users/files/maximilien-key1.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHMMR6zNzz8NQU80wFquhUCeiXJuGphjP+zNouKbn228GyESu8sfNBwnuZq86vblR11Lz8l2rtCM73GfAKg29qmUWUHRKWvRIYWv2vaUJcCdy0bAxIzcvCvjZX0SpnIKxe9y3Rp0LGO5WLYfw0ZFaavwFZP0Z8w1Kj9/zBmL2X2avbhkaYHi/C1yXhbvESYQysmqLa48EX/TS616MBrgR9zbI9AoTQ9NOHnR14Tve/AP/khcZoBJdm4hTttMbNkEc0wonzdylTDew263SPRs/uoqnQIpUtErdPHqU10Yup8HjXjEyFJsSwcZcM5sZOw5JKckKJwmcd0yjO/x/4/Mk5
diff --git a/os_config/roles/users/files/quentin-key1.pub b/os_config/roles/users/files/quentin-key1.pub
deleted file mode 100644
index f3667e0..0000000
--- a/os_config/roles/users/files/quentin-key1.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDT1+H08FdUSvdPpPKdcafq4+JRHvFVjfvG5Id97LAoROmFRUb/ZOMTLdNuD7FqvW0Da5CPxIMr8ZxfrFLtpGyuG7qdI030iIRZPlKpBh37epZHaV+l9F4ZwJQMIBO9cuyLPXgsyvM/s7tDtrdK1k7JTf2EVvoirrjSzBaMhAnhi7//to8zvujDtgDZzy6aby75bAaDetlYPBq2brWehtrf9yDDG9WAMYJqp//scje/WmhbRR6eSdim1HaUcWk5+4ZPt8sQJcy8iWxQ4jtgjqTvMOe5v8ZPkxJNBine/ZKoJsv7FzKem00xEH7opzktaGukyEqH0VwOwKhmBiqsX2yN quentin@dufour.io
diff --git a/os_config/roles/users/files/quentin-key2.pub b/os_config/roles/users/files/quentin-key2.pub
deleted file mode 100644
index c1b19fd..0000000
--- a/os_config/roles/users/files/quentin-key2.pub
+++ /dev/null
@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBu+KUebaWwlugMC5fGbNhHc6IaQDAC6+1vMc4Ww7nVU1rs2nwI7L5qcWxOwNdhFaorZQZy/fJuCWdFbF61RCKGayBWPLZHGPsfqDuggYNEi1Qil1kpeCECfDQNjyMTK058ZBBhOWNMHBjlLWXUlRJDkRBBECY0vo4jRv22SvSaPUCAnkdJ9rbAp/kqb497PTIb2r1l1/ew8YdhINAlpYQFQezZVfkZdTKxt22n0QCjhupqjfh3gfNnbBX0z/iO+RvAOWRIZsjPFLC+jXl+n7cnu2cq1nvST5eHiYfXXeIgIwmeENLKqp+2Twr7PIdv22PnJkh6iR5kx7eTRxkNZdN quentin@deuxfleurs.fr
diff --git a/os_config/roles/users/tasks/main.yml b/os_config/roles/users/tasks/main.yml
deleted file mode 100644
index 990a041..0000000
--- a/os_config/roles/users/tasks/main.yml
+++ /dev/null
@@ -1,39 +0,0 @@
-- name: Add users in the system
- user:
- name: "{{ item.username }}"
- #groups: docker
- shell: "{{ item.shell | default('/bin/bash') }}"
- append: no
- loop: "{{ active_users
- | selectattr('is_admin', 'defined')
- | rejectattr('is_admin')
- | list
- | union( active_users
- | selectattr('is_admin', 'undefined')
- | list )}}"
-
-- name: Set admin rights
- user:
- name: "{{ item.username }}"
- groups: docker, sudo
- shell: "{{ item.shell | default('/bin/bash') }}"
- append: no
- loop: "{{ active_users
- | selectattr('is_admin', 'defined')
- | selectattr('is_admin')
- | list }}"
-
-# [V How SSH Key works] magic is done by subelements, understand the trick at:
-# https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
-- name: Add SSH keys
- authorized_key:
- user: "{{ item.0.username }}"
- state: present
- key: "{{ lookup('file', item.1) }}"
- loop: "{{ active_users | subelements('ssh_keys', skip_missing=True) }}"
-
-- name: Disable old users
- user:
- name: "{{ item }}"
- state: absent
- loop: "{{ disabled_users }}"
diff --git a/os_config/roles/users/vars/main.yml b/os_config/roles/users/vars/main.yml
deleted file mode 100644
index 5f4df4d..0000000
--- a/os_config/roles/users/vars/main.yml
+++ /dev/null
@@ -1,30 +0,0 @@
----
-active_users:
- - username: 'quentin'
- is_admin: true
- ssh_keys:
- - 'quentin-key1.pub'
- - 'quentin-key2.pub'
-
- - username: 'alex'
- is_admin: true
- ssh_keys:
- - 'alex-key1.pub'
- - 'alex-key2.pub'
-
- - username: 'maximilien'
- is_admin: true
- ssh_keys:
- - 'maximilien-key1.pub'
-
- - username: 'florian'
- is_admin: false
- ssh_keys:
- - 'quentin-key1.pub'
- #- 'florian-key1.pub'
- #- 'florian-key2.pub'
-
-disabled_users:
- - 'john.doe'
- - 'erwan'
- - 'valentin'