diff --git a/group_vars/all.yml b/group_vars/all.yml index 8e05f536..54bfcdb1 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -27,7 +27,9 @@ users: - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true @@ -35,7 +37,9 @@ users: - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true diff --git a/group_vars/blocky.yml b/group_vars/blocky.yml index f667a14c..d330f2cf 100644 --- a/group_vars/blocky.yml +++ b/group_vars/blocky.yml @@ -25,11 +25,6 @@ apt_packages_extra: ### mgrote_user_setup dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git" -dotfiles: - - user: mg - home: /home/mg - - user: root - home: /root dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles ### mgrote_restic diff --git a/group_vars/docker.yml b/group_vars/docker.yml index b0ebe4e6..ba96e136 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -29,7 +29,10 @@ users: - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo, docker + groups: + - ssh + - sudo + - docker state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true @@ -37,7 +40,10 @@ users: - username: docker-user password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo, docker + groups: + - ssh + - sudo + - docker state: present allow_sudo: true allow_passwordless_sudo: true @@ -45,7 +51,9 @@ users: - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true diff --git a/group_vars/pbs.yml b/group_vars/pbs.yml index a49d370c..6520ac76 100644 --- a/group_vars/pbs.yml +++ b/group_vars/pbs.yml @@ -13,14 +13,19 @@ users: - username: root password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}" update_password: always - groups: ssh, sudo, root + groups: + - ssh + - sudo + - root state: present allow_sudo: true allow_passwordless_sudo: true - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true @@ -28,7 +33,9 @@ users: - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true diff --git a/group_vars/pve.yml b/group_vars/pve.yml index ee839847..b2b56dcc 100644 --- a/group_vars/pve.yml +++ b/group_vars/pve.yml @@ -7,14 +7,19 @@ users: - username: root password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}" update_password: always - groups: ssh, sudo, root + groups: + - ssh + - sudo + - root state: present allow_sudo: true allow_passwordless_sudo: true - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true @@ -22,7 +27,9 @@ users: - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true diff --git a/inventory b/inventory index 9ee17c89..72a6505a 100644 --- a/inventory +++ b/inventory @@ -20,7 +20,7 @@ all: docker10.mgrote.net: vmtest: hosts: - vm-test-2204.mgrote.net: + vm-test-2404.mgrote.net: pbs-test.mgrote.net: pve5-test.mgrote.net: pve: @@ -51,6 +51,6 @@ all: munin.mgrote.net: test: hosts: - vm-test-2204.mgrote.net: + vm-test-2404.mgrote.net: pve5-test.mgrote.net: pbs-test.mgrote.net: diff --git a/playbooks/1_bootstrap.yml b/playbooks/1_bootstrap.yml index 8f616148..a2137de8 100644 --- a/playbooks/1_bootstrap.yml +++ b/playbooks/1_bootstrap.yml @@ -39,7 +39,9 @@ - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true diff --git a/roles/mgrote_users/tasks/main.yml b/roles/mgrote_users/tasks/main.yml index e7a76f47..4b3916fd 100644 --- a/roles/mgrote_users/tasks/main.yml +++ b/roles/mgrote_users/tasks/main.yml @@ -1,18 +1,19 @@ --- -- name: set groups as list +- name: Set groups as list ansible.builtin.set_fact: - groups_as_list: "{{ (((((groups_as_list | default([]) + item.groups.split(','))) | map('trim')) | list) | sort) | unique }}" - loop: '{{ users }}' + groups_as_list: "{{ ((( item.groups ) | list) | sort) | unique }}" + loop: "{{ users }}" when: item.groups is defined -- name: create groups +- name: Ensure groups exist ansible.builtin.group: name: "{{ item }}" state: present - loop: "{{ groups_as_list }}" + loop: '{{ groups_as_list }}' when: groups_as_list is defined + no_log: true -- name: create users +- name: Ensure users exist ansible.builtin.user: name: "{{ item.username }}" uid: "{{ item.uid | default(omit) }}" @@ -23,16 +24,18 @@ createhome: "{{ item.createhome | default('yes') }}" state: "{{ item.state | default('present') }}" loop: '{{ users }}' + no_log: true -- name: add ssh key +- name: Ensure user ssh-keys exist ansible.posix.authorized_key: user: "{{ item.username }}" key: "{{ item.public_ssh_key }}" state: present when: item.public_ssh_key is defined loop: '{{ users }}' + no_log: true -- name: add to sudoers +- name: Ensure users are added to sudoers ansible.builtin.lineinfile: dest: /etc/sudoers state: present @@ -41,3 +44,4 @@ validate: 'visudo -cf %s' when: item.allow_sudo|default(false) and item.allow_sudo is defined loop: '{{ users }}' + no_log: true