fix mgrote_users "wantlist" (#203)

Reviewed-on: https://git.mgrote.net///mg/homeserver/pulls/203 Co-authored-by: Michael Grote <michael.grote@posteo.de> Co-committed-by: Michael Grote <michael.grote@posteo.de>
2024-10-08 17:02:29 +02:00 · 2024-10-08 17:02:29 +02:00 · b84e9b3349
commit b84e9b3349
parent 2d56030086
8 changed files with 54 additions and 27 deletions
--- a/group_vars/all.yml
+++ b/group_vars/all.yml
@ -27,7 +27,9 @@ users:
  - username: mg
    password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
    update_password: always
-    groups: ssh, sudo
+    groups:
+      - ssh
+      - sudo
    state: present
    public_ssh_key: "{{ ssh_public_key_mg }}"
    allow_sudo: true
@ -35,7 +37,9 @@ users:
  - username: ansible-user
    password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
    update_password: always
-    groups: ssh, sudo
+    groups:
+      - ssh
+      - sudo
    state: present
    public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
    allow_sudo: true
--- a/group_vars/blocky.yml
+++ b/group_vars/blocky.yml
@ -25,11 +25,6 @@ apt_packages_extra:

 ### mgrote_user_setup
 dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
-dotfiles:
-  - user: mg
-    home: /home/mg
-  - user: root
-    home: /root
 dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles

 ### mgrote_restic
--- a/group_vars/docker.yml
+++ b/group_vars/docker.yml
@ -29,7 +29,10 @@ users:
  - username: mg
    password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
    update_password: always
-    groups: ssh, sudo, docker
+    groups:
+      - ssh
+      - sudo
+      - docker
    state: present
    public_ssh_key: "{{ ssh_public_key_mg }}"
    allow_sudo: true
@ -37,7 +40,10 @@ users:
  - username: docker-user
    password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}"
    update_password: always
-    groups: ssh, sudo, docker
+    groups:
+      - ssh
+      - sudo
+      - docker
    state: present
    allow_sudo: true
    allow_passwordless_sudo: true
@ -45,7 +51,9 @@ users:
  - username: ansible-user
    password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
    update_password: always
-    groups: ssh, sudo
+    groups:
+      - ssh
+      - sudo
    state: present
    public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
    allow_sudo: true
--- a/group_vars/pbs.yml
+++ b/group_vars/pbs.yml
@ -13,14 +13,19 @@ users:
  - username: root
    password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}"
    update_password: always
-    groups: ssh, sudo, root
+    groups:
+      - ssh
+      - sudo
+      - root
    state: present
    allow_sudo: true
    allow_passwordless_sudo: true
  - username: mg
    password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
    update_password: always
-    groups: ssh, sudo
+    groups:
+      - ssh
+      - sudo
    state: present
    public_ssh_key: "{{ ssh_public_key_mg }}"
    allow_sudo: true
@ -28,7 +33,9 @@ users:
  - username: ansible-user
    password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
    update_password: always
-    groups: ssh, sudo
+    groups:
+      - ssh
+      - sudo
    state: present
    public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
    allow_sudo: true
--- a/group_vars/pve.yml
+++ b/group_vars/pve.yml
@ -7,14 +7,19 @@ users:
  - username: root
    password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}"
    update_password: always
-    groups: ssh, sudo, root
+    groups:
+      - ssh
+      - sudo
+      - root
    state: present
    allow_sudo: true
    allow_passwordless_sudo: true
  - username: mg
    password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
    update_password: always
-    groups: ssh, sudo
+    groups:
+      - ssh
+      - sudo
    state: present
    public_ssh_key: "{{ ssh_public_key_mg }}"
    allow_sudo: true
@ -22,7 +27,9 @@ users:
  - username: ansible-user
    password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
    update_password: always
-    groups: ssh, sudo
+    groups:
+      - ssh
+      - sudo
    state: present
    public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
    allow_sudo: true
--- a/4
+++ b/4
@ -20,7 +20,7 @@ all:
        docker10.mgrote.net:
    vmtest:
      hosts:
-        vm-test-2204.mgrote.net:
+        vm-test-2404.mgrote.net:
        pbs-test.mgrote.net:
        pve5-test.mgrote.net:
    pve:
@ -51,6 +51,6 @@ all:
        munin.mgrote.net:
    test:
      hosts:
-        vm-test-2204.mgrote.net:
+        vm-test-2404.mgrote.net:
        pve5-test.mgrote.net:
        pbs-test.mgrote.net:
--- a/playbooks/1_bootstrap.yml
+++ b/playbooks/1_bootstrap.yml
@ -39,7 +39,9 @@
      - username: ansible-user
        password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
        update_password: always
-        groups: ssh, sudo
+        groups:
+          - ssh
+          - sudo
        state: present
        public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
        allow_sudo: true
--- a/roles/mgrote_users/tasks/main.yml
+++ b/roles/mgrote_users/tasks/main.yml
@ -1,18 +1,19 @@
 ---
- name: set groups as list
+- name: Set groups as list
  ansible.builtin.set_fact:
-    groups_as_list: "{{ (((((groups_as_list | default([]) + item.groups.split(','))) | map('trim')) | list) | sort) | unique }}"
-  loop: '{{ users }}'
+    groups_as_list: "{{ ((( item.groups ) | list) | sort) | unique }}"
+  loop: "{{ users }}"
  when: item.groups is defined

- name: create groups
+- name: Ensure groups exist
  ansible.builtin.group:
    name: "{{ item }}"
    state: present
-  loop: "{{ groups_as_list }}"
+  loop: '{{ groups_as_list }}'
  when: groups_as_list is defined
+  no_log: true

- name: create users
+- name: Ensure users exist
  ansible.builtin.user:
    name: "{{ item.username }}"
    uid: "{{ item.uid | default(omit) }}"
@ -23,16 +24,18 @@
    createhome: "{{ item.createhome | default('yes') }}"
    state: "{{ item.state | default('present') }}"
  loop: '{{ users }}'
+  no_log: true

- name: add ssh key
+- name: Ensure user ssh-keys exist
  ansible.posix.authorized_key:
    user: "{{ item.username }}"
    key: "{{ item.public_ssh_key }}"
    state: present
  when: item.public_ssh_key is defined
  loop: '{{ users }}'
+  no_log: true

- name: add to sudoers
+- name: Ensure users are added to sudoers
  ansible.builtin.lineinfile:
    dest: /etc/sudoers
    state: present
@ -41,3 +44,4 @@
    validate: 'visudo -cf %s'
  when: item.allow_sudo|default(false) and item.allow_sudo is defined
  loop: '{{ users }}'
+  no_log: true