mg/homeserver
1
0
Fork 0
Code Issues 1 Pull requests 3 Activity Actions

ensure user password is enforced (#582)

Browse source 
Reviewed-on: #582
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Co-committed-by: Michael Grote <michael.grote@posteo.de>
This commit is contained in:
Michael Grote 2023-10-19 09:34:34 +02:00 committed by mg
parent 8e0e7bde21
commit 4416b7b519
6 changed files with 12 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
group_vars/all.yml
View file

@ -32,7 +32,7 @@
users: users:
- username: mg - username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo groups: ssh, sudo
state: present state: present
public_ssh_key: "{{ ssh_public_key_mg }}" public_ssh_key: "{{ ssh_public_key_mg }}"
@ -40,7 +40,7 @@
allow_passwordless_sudo: true allow_passwordless_sudo: true
- username: ansible-user - username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo groups: ssh, sudo
state: present state: present
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu

6
group_vars/docker.yml
View file

@ -20,7 +20,7 @@
users: users:
- username: mg - username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo, docker groups: ssh, sudo, docker
state: present state: present
public_ssh_key: "{{ ssh_public_key_mg }}" public_ssh_key: "{{ ssh_public_key_mg }}"
@ -28,7 +28,7 @@
allow_passwordless_sudo: true allow_passwordless_sudo: true
- username: docker-user - username: docker-user
password: "{{ lookup('keepass', 'docker-user_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'docker-user_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo, docker groups: ssh, sudo, docker
state: present state: present
allow_sudo: true allow_sudo: true
@ -36,7 +36,7 @@
uid: "5000" uid: "5000"
- username: ansible-user - username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo groups: ssh, sudo
state: present state: present
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu

4
group_vars/laptop.yml
View file

@ -67,7 +67,7 @@
users: users:
- username: mg - username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo, docker groups: ssh, sudo, docker
state: present state: present
public_ssh_key: "{{ ssh_public_key_mg }}" public_ssh_key: "{{ ssh_public_key_mg }}"
@ -75,7 +75,7 @@
allow_passwordless_sudo: true allow_passwordless_sudo: true
- username: ansible-user - username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo groups: ssh, sudo
state: present state: present
public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2 public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2

4
group_vars/pbs.yml
View file

@ -16,7 +16,7 @@
allow_passwordless_sudo: true allow_passwordless_sudo: true
- username: mg - username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo groups: ssh, sudo
state: present state: present
public_ssh_key: "{{ ssh_public_key_mg }}" public_ssh_key: "{{ ssh_public_key_mg }}"
@ -24,7 +24,7 @@
allow_passwordless_sudo: true allow_passwordless_sudo: true
- username: ansible-user - username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo groups: ssh, sudo
state: present state: present
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu

4
group_vars/pve.yml
View file

@ -12,7 +12,7 @@
allow_passwordless_sudo: true allow_passwordless_sudo: true
- username: mg - username: mg
password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'mg_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo groups: ssh, sudo
state: present state: present
public_ssh_key: "{{ ssh_public_key_mg }}" public_ssh_key: "{{ ssh_public_key_mg }}"
@ -20,7 +20,7 @@
allow_passwordless_sudo: true allow_passwordless_sudo: true
- username: ansible-user - username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}" password: "{{ lookup('keepass', 'ansible_user_linux_password_hash', 'password') }}"
update_password: on_create update_password: always
groups: ssh, sudo groups: ssh, sudo
state: present state: present
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu

1
roles/mgrote.pbs_users/tasks/main.yml
View file

@ -23,3 +23,4 @@
loop: "{{ pbs_users }}" loop: "{{ pbs_users }}"
when: "item.name in users.stdout" when: "item.name in users.stdout"
changed_when: false changed_when: false
no_log: true