fix mgrote_users "wantlist" #203
8 changed files with 54 additions and 27 deletions
|
|
@ -27,7 +27,9 @@ users:
|
||||||
- username: mg
|
- username: mg
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: "{{ ssh_public_key_mg }}"
|
public_ssh_key: "{{ ssh_public_key_mg }}"
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
|
|
@ -35,7 +37,9 @@ users:
|
||||||
- username: ansible-user
|
- username: ansible-user
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
|
|
|
||||||
|
|
@ -25,11 +25,6 @@ apt_packages_extra:
|
||||||
|
|
||||||
### mgrote_user_setup
|
### mgrote_user_setup
|
||||||
dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
|
dotfiles_vim_vundle_repo_url: "http://{{ ansible_forgejo_user | urlencode }}:{{ ansible_forgejo_user_pass | urlencode }}@192.168.2.42:3000/mirrors/Vundle.vim.git"
|
||||||
dotfiles:
|
|
||||||
- user: mg
|
|
||||||
home: /home/mg
|
|
||||||
- user: root
|
|
||||||
home: /root
|
|
||||||
dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles
|
dotfiles_repo_url: http://192.168.2.42:3000/mg/dotfiles
|
||||||
|
|
||||||
### mgrote_restic
|
### mgrote_restic
|
||||||
|
|
|
||||||
|
|
@ -29,7 +29,10 @@ users:
|
||||||
- username: mg
|
- username: mg
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo, docker
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
|
- docker
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: "{{ ssh_public_key_mg }}"
|
public_ssh_key: "{{ ssh_public_key_mg }}"
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
|
|
@ -37,7 +40,10 @@ users:
|
||||||
- username: docker-user
|
- username: docker-user
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'docker-user_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo, docker
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
|
- docker
|
||||||
state: present
|
state: present
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
allow_passwordless_sudo: true
|
allow_passwordless_sudo: true
|
||||||
|
|
@ -45,7 +51,9 @@ users:
|
||||||
- username: ansible-user
|
- username: ansible-user
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
|
|
|
||||||
|
|
@ -13,14 +13,19 @@ users:
|
||||||
- username: root
|
- username: root
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo, root
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
|
- root
|
||||||
state: present
|
state: present
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
allow_passwordless_sudo: true
|
allow_passwordless_sudo: true
|
||||||
- username: mg
|
- username: mg
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: "{{ ssh_public_key_mg }}"
|
public_ssh_key: "{{ ssh_public_key_mg }}"
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
|
|
@ -28,7 +33,9 @@ users:
|
||||||
- username: ansible-user
|
- username: ansible-user
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
|
|
|
||||||
|
|
@ -7,14 +7,19 @@ users:
|
||||||
- username: root
|
- username: root
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'root_linux_password_hash_proxmox', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo, root
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
|
- root
|
||||||
state: present
|
state: present
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
allow_passwordless_sudo: true
|
allow_passwordless_sudo: true
|
||||||
- username: mg
|
- username: mg
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'mg_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: "{{ ssh_public_key_mg }}"
|
public_ssh_key: "{{ ssh_public_key_mg }}"
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
|
|
@ -22,7 +27,9 @@ users:
|
||||||
- username: ansible-user
|
- username: ansible-user
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,7 @@ all:
|
||||||
docker10.mgrote.net:
|
docker10.mgrote.net:
|
||||||
vmtest:
|
vmtest:
|
||||||
hosts:
|
hosts:
|
||||||
vm-test-2204.mgrote.net:
|
vm-test-2404.mgrote.net:
|
||||||
pbs-test.mgrote.net:
|
pbs-test.mgrote.net:
|
||||||
pve5-test.mgrote.net:
|
pve5-test.mgrote.net:
|
||||||
pve:
|
pve:
|
||||||
|
|
@ -51,6 +51,6 @@ all:
|
||||||
munin.mgrote.net:
|
munin.mgrote.net:
|
||||||
test:
|
test:
|
||||||
hosts:
|
hosts:
|
||||||
vm-test-2204.mgrote.net:
|
vm-test-2404.mgrote.net:
|
||||||
pve5-test.mgrote.net:
|
pve5-test.mgrote.net:
|
||||||
pbs-test.mgrote.net:
|
pbs-test.mgrote.net:
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,9 @@
|
||||||
- username: ansible-user
|
- username: ansible-user
|
||||||
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
password: "{{ lookup('viczem.keepass.keepass', 'ansible_user_linux_password_hash', 'password') }}"
|
||||||
update_password: always
|
update_password: always
|
||||||
groups: ssh, sudo
|
groups:
|
||||||
|
- ssh
|
||||||
|
- sudo
|
||||||
state: present
|
state: present
|
||||||
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
public_ssh_key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJcBwOjanQV6sFWaTetqpl20SVe3aRzGjKbsp7hKkDCE mg@irantu
|
||||||
allow_sudo: true
|
allow_sudo: true
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,19 @@
|
||||||
---
|
---
|
||||||
- name: set groups as list
|
- name: Set groups as list
|
||||||
ansible.builtin.set_fact:
|
ansible.builtin.set_fact:
|
||||||
groups_as_list: "{{ (((((groups_as_list | default([]) + item.groups.split(','))) | map('trim')) | list) | sort) | unique }}"
|
groups_as_list: "{{ ((( item.groups ) | list) | sort) | unique }}"
|
||||||
loop: '{{ users }}'
|
loop: "{{ users }}"
|
||||||
when: item.groups is defined
|
when: item.groups is defined
|
||||||
|
|
||||||
- name: create groups
|
- name: Ensure groups exist
|
||||||
ansible.builtin.group:
|
ansible.builtin.group:
|
||||||
name: "{{ item }}"
|
name: "{{ item }}"
|
||||||
state: present
|
state: present
|
||||||
loop: "{{ groups_as_list }}"
|
loop: '{{ groups_as_list }}'
|
||||||
when: groups_as_list is defined
|
when: groups_as_list is defined
|
||||||
|
no_log: true
|
||||||
|
|
||||||
- name: create users
|
- name: Ensure users exist
|
||||||
ansible.builtin.user:
|
ansible.builtin.user:
|
||||||
name: "{{ item.username }}"
|
name: "{{ item.username }}"
|
||||||
uid: "{{ item.uid | default(omit) }}"
|
uid: "{{ item.uid | default(omit) }}"
|
||||||
|
|
@ -23,16 +24,18 @@
|
||||||
createhome: "{{ item.createhome | default('yes') }}"
|
createhome: "{{ item.createhome | default('yes') }}"
|
||||||
state: "{{ item.state | default('present') }}"
|
state: "{{ item.state | default('present') }}"
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
|
no_log: true
|
||||||
|
|
||||||
- name: add ssh key
|
- name: Ensure user ssh-keys exist
|
||||||
ansible.posix.authorized_key:
|
ansible.posix.authorized_key:
|
||||||
user: "{{ item.username }}"
|
user: "{{ item.username }}"
|
||||||
key: "{{ item.public_ssh_key }}"
|
key: "{{ item.public_ssh_key }}"
|
||||||
state: present
|
state: present
|
||||||
when: item.public_ssh_key is defined
|
when: item.public_ssh_key is defined
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
|
no_log: true
|
||||||
|
|
||||||
- name: add to sudoers
|
- name: Ensure users are added to sudoers
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
dest: /etc/sudoers
|
dest: /etc/sudoers
|
||||||
state: present
|
state: present
|
||||||
|
|
@ -41,3 +44,4 @@
|
||||||
validate: 'visudo -cf %s'
|
validate: 'visudo -cf %s'
|
||||||
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
||||||
loop: '{{ users }}'
|
loop: '{{ users }}'
|
||||||
|
no_log: true
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue