From 4da37ae51a45252e60fbdf7e2323bd16426153ce Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:33:28 +0200 Subject: [PATCH 01/10] dd --- group_vars/all.yml | 8 ++++++-- roles/mgrote_users/tasks/main.yml | 12 +++--------- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 8e05f536..54bfcdb1 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -27,7 +27,9 @@ users: - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true @@ -35,7 +37,9 @@ users: - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true diff --git a/roles/mgrote_users/tasks/main.yml b/roles/mgrote_users/tasks/main.yml index e7a76f47..0a8032de 100644 --- a/roles/mgrote_users/tasks/main.yml +++ b/roles/mgrote_users/tasks/main.yml @@ -1,16 +1,10 @@ --- -- name: set groups as list - ansible.builtin.set_fact: - groups_as_list: "{{ (((((groups_as_list | default([]) + item.groups.split(','))) | map('trim')) | list) | sort) | unique }}" - loop: '{{ users }}' - when: item.groups is defined - - name: create groups ansible.builtin.group: - name: "{{ item }}" + name: "{{ ((item.groups) | sort) | unique }}" state: present - loop: "{{ groups_as_list }}" - when: groups_as_list is defined + loop: '{{ users }}' + when: item.groups is defined - name: create users ansible.builtin.user: -- 2.43.0 From 410b13837a18f341d93da4d91baca24f2e66cc8a Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:35:07 +0200 Subject: [PATCH 02/10] ss --- group_vars/blocky.yml | 5 ----- group_vars/docker.yml | 14 +++++++++++--- group_vars/pve.yml | 13 ++++++++++--- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/group_vars/blocky.yml b/group_vars/blocky.yml index f667a14c..d330f2cf 100644 --- a/group_vars/blocky.yml +++ b/group_vars/blocky.yml @@ -25,11 +25,6 @@ apt_packages_extra: ### mgrote_user_setup dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git" -dotfiles: - - user: mg - home: /home/mg - - user: root - home: /root dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles ### mgrote_restic diff --git a/group_vars/docker.yml b/group_vars/docker.yml index b0ebe4e6..ba96e136 100644 --- a/group_vars/docker.yml +++ b/group_vars/docker.yml @@ -29,7 +29,10 @@ users: - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo, docker + groups: + - ssh + - sudo + - docker state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true @@ -37,7 +40,10 @@ users: - username: docker-user password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo, docker + groups: + - ssh + - sudo + - docker state: present allow_sudo: true allow_passwordless_sudo: true @@ -45,7 +51,9 @@ users: - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true diff --git a/group_vars/pve.yml b/group_vars/pve.yml index ee839847..b2b56dcc 100644 --- a/group_vars/pve.yml +++ b/group_vars/pve.yml @@ -7,14 +7,19 @@ users: - username: root password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}" update_password: always - groups: ssh, sudo, root + groups: + - ssh + - sudo + - root state: present allow_sudo: true allow_passwordless_sudo: true - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true @@ -22,7 +27,9 @@ users: - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true -- 2.43.0 From 0ff45ab2577b57710b25450d9c3a047acc5703ea Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:42:02 +0200 Subject: [PATCH 03/10] dd --- roles/mgrote_users/tasks/main.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/roles/mgrote_users/tasks/main.yml b/roles/mgrote_users/tasks/main.yml index 0a8032de..1d58c56a 100644 --- a/roles/mgrote_users/tasks/main.yml +++ b/roles/mgrote_users/tasks/main.yml @@ -1,10 +1,21 @@ --- +- name: set groups as list + ansible.builtin.set_fact: + groups_as_list: "{{ ((( item.groups ) | list) | sort) | unique }}" + loop: "{{ users }}" + when: item.groups is defined + +- name: debug 1 + ansible.builtin.debug: + msg: '{{ groups_as_list }}' + - name: create groups ansible.builtin.group: - name: "{{ ((item.groups) | sort) | unique }}" + name: "{{ item }}" state: present - loop: '{{ users }}' + loop: '{{ groups_as_list }}' when: item.groups is defined + # no_log: true # TODO - name: create users ansible.builtin.user: @@ -17,6 +28,7 @@ createhome: "{{ item.createhome | default('yes') }}" state: "{{ item.state | default('present') }}" loop: '{{ users }}' + # no_log: true # TODO - name: add ssh key ansible.posix.authorized_key: -- 2.43.0 From f0e53318745142139d35d2c15e96a84dc09c4480 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:42:38 +0200 Subject: [PATCH 04/10] dd --- roles/mgrote_users/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/mgrote_users/tasks/main.yml b/roles/mgrote_users/tasks/main.yml index 1d58c56a..aac29ef8 100644 --- a/roles/mgrote_users/tasks/main.yml +++ b/roles/mgrote_users/tasks/main.yml @@ -14,7 +14,7 @@ name: "{{ item }}" state: present loop: '{{ groups_as_list }}' - when: item.groups is defined + when: groups_as_list is defined # no_log: true # TODO - name: create users -- 2.43.0 From a63741d4ed44ef167026cd34282939d1600692d9 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:45:12 +0200 Subject: [PATCH 05/10] dd --- roles/mgrote_users/tasks/main.yml | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/roles/mgrote_users/tasks/main.yml b/roles/mgrote_users/tasks/main.yml index aac29ef8..c7ff70be 100644 --- a/roles/mgrote_users/tasks/main.yml +++ b/roles/mgrote_users/tasks/main.yml @@ -1,15 +1,11 @@ --- -- name: set groups as list +- name: Set groups as list ansible.builtin.set_fact: groups_as_list: "{{ ((( item.groups ) | list) | sort) | unique }}" loop: "{{ users }}" when: item.groups is defined -- name: debug 1 - ansible.builtin.debug: - msg: '{{ groups_as_list }}' - -- name: create groups +- name: Ensure groups exist ansible.builtin.group: name: "{{ item }}" state: present @@ -17,7 +13,7 @@ when: groups_as_list is defined # no_log: true # TODO -- name: create users +- name: Ensure users exist ansible.builtin.user: name: "{{ item.username }}" uid: "{{ item.uid | default(omit) }}" @@ -30,15 +26,16 @@ loop: '{{ users }}' # no_log: true # TODO -- name: add ssh key +- name: Ensure user ssh-keys exist ansible.posix.authorized_key: user: "{{ item.username }}" key: "{{ item.public_ssh_key }}" state: present when: item.public_ssh_key is defined loop: '{{ users }}' + # no_log: true # TODO -- name: add to sudoers +- name: Ensure users are added to sudoers ansible.builtin.lineinfile: dest: /etc/sudoers state: present @@ -47,3 +44,4 @@ validate: 'visudo -cf %s' when: item.allow_sudo|default(false) and item.allow_sudo is defined loop: '{{ users }}' + # no_log: true # TODO -- 2.43.0 From 048aebf95f34b79b6cf58d0dca0a624d98753bab Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:46:30 +0200 Subject: [PATCH 06/10] dd --- group_vars/pbs.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/group_vars/pbs.yml b/group_vars/pbs.yml index a49d370c..6520ac76 100644 --- a/group_vars/pbs.yml +++ b/group_vars/pbs.yml @@ -13,14 +13,19 @@ users: - username: root password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}" update_password: always - groups: ssh, sudo, root + groups: + - ssh + - sudo + - root state: present allow_sudo: true allow_passwordless_sudo: true - username: mg password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: "{{ ssh_public_key_mg }}" allow_sudo: true @@ -28,7 +33,9 @@ users: - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true -- 2.43.0 From fc8f1253a00ace342b7e5182e12c42263e2dc39d Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:49:30 +0200 Subject: [PATCH 07/10] todo --- roles/mgrote_users/tasks/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/roles/mgrote_users/tasks/main.yml b/roles/mgrote_users/tasks/main.yml index c7ff70be..4b3916fd 100644 --- a/roles/mgrote_users/tasks/main.yml +++ b/roles/mgrote_users/tasks/main.yml @@ -11,7 +11,7 @@ state: present loop: '{{ groups_as_list }}' when: groups_as_list is defined - # no_log: true # TODO + no_log: true - name: Ensure users exist ansible.builtin.user: @@ -24,7 +24,7 @@ createhome: "{{ item.createhome | default('yes') }}" state: "{{ item.state | default('present') }}" loop: '{{ users }}' - # no_log: true # TODO + no_log: true - name: Ensure user ssh-keys exist ansible.posix.authorized_key: @@ -33,7 +33,7 @@ state: present when: item.public_ssh_key is defined loop: '{{ users }}' - # no_log: true # TODO + no_log: true - name: Ensure users are added to sudoers ansible.builtin.lineinfile: @@ -44,4 +44,4 @@ validate: 'visudo -cf %s' when: item.allow_sudo|default(false) and item.allow_sudo is defined loop: '{{ users }}' - # no_log: true # TODO + no_log: true -- 2.43.0 From 2bf8c19bfd1adaae1b20e9d9b3ed17183095b6b7 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:52:01 +0200 Subject: [PATCH 08/10] dd --- inventory | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/inventory b/inventory index 9ee17c89..72a6505a 100644 --- a/inventory +++ b/inventory @@ -20,7 +20,7 @@ all: docker10.mgrote.net: vmtest: hosts: - vm-test-2204.mgrote.net: + vm-test-2404.mgrote.net: pbs-test.mgrote.net: pve5-test.mgrote.net: pve: @@ -51,6 +51,6 @@ all: munin.mgrote.net: test: hosts: - vm-test-2204.mgrote.net: + vm-test-2404.mgrote.net: pve5-test.mgrote.net: pbs-test.mgrote.net: -- 2.43.0 From d1f22fda1c7a989e45518343af2db80743261de8 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:55:11 +0200 Subject: [PATCH 09/10] ff --- group_vars/all.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 54bfcdb1..9fc4c5ab 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -38,8 +38,8 @@ users: password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always groups: - - ssh - - sudo + - "ssh" + - "sudo" state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true -- 2.43.0 From b988cbe739d522006bc3fcea106683801af35f50 Mon Sep 17 00:00:00 2001 From: Michael Grote Date: Tue, 8 Oct 2024 16:57:30 +0200 Subject: [PATCH 10/10] dd --- group_vars/all.yml | 4 ++-- playbooks/1_bootstrap.yml | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/group_vars/all.yml b/group_vars/all.yml index 9fc4c5ab..54bfcdb1 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -38,8 +38,8 @@ users: password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always groups: - - "ssh" - - "sudo" + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true diff --git a/playbooks/1_bootstrap.yml b/playbooks/1_bootstrap.yml index 8f616148..a2137de8 100644 --- a/playbooks/1_bootstrap.yml +++ b/playbooks/1_bootstrap.yml @@ -39,7 +39,9 @@ - username: ansible-user password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}" update_password: always - groups: ssh, sudo + groups: + - ssh + - sudo state: present public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu allow_sudo: true -- 2.43.0