homeserver/host_vars/bastelstube-gui.grote.lan.yml
mg 3202d61807 Ersatz: create-users (#272)
Co-authored-by: Michael Grote <michael.grote@posteo.de>
Reviewed-on: mg/ansible#272
Co-authored-by: mg <michael.grote@posteo.de>
Co-committed-by: mg <michael.grote@posteo.de>
2021-12-28 11:25:29 +01:00

44 lines
1.6 KiB
YAML

---
### oefenweb.ufw
ufw_rules:
- rule: allow
to_port: 22
protocol: tcp
comment: 'ssh'
from_ip: 0.0.0.0/0
- rule: allow
to_port: 3389
comment: 'xrdp'
from_ip: 192.168.2.0/24
protocol: tcp
- rule: allow
to_port: 4949
protocol: tcp
comment: 'munin'
from_ip: 192.168.2.144/24
### mgrote.user
users:
- username: mg
password: "{{ lookup('keepass', 'mg_linux_password_cleartext', 'password') }}"
update_password: on_create
groups: ssh, sudo, xrdp
state: present
public_ssh_key: "{{ ssh_public_key_mg }}"
allow_sudo: true
allow_passwordless_sudo: true
- username: munin
password: "{{ lookup('keepass', 'munin_linux_password_cleartext', 'password') }}"
update_password: on_create
groups: root
state: present
public_ssh_key: "{{ ssh_public_key_mg }}"
allow_sudo: true
allow_passwordless_sudo: true
- username: ansible-user
password: "{{ lookup('keepass', 'ansible_user_linux_password_cleartext', 'password') }}"
update_password: on_create
groups: ssh, sudo
state: present
public_ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyqs0OE5RVqs6tIzyuGQWvq/OVDa/tfdSEqMIwcthFt+pwCCjpqtNc8L8FSXgphSwuNosFakqhMLDFD3pmII+t61NRExsoR3nGTDuCAQnTvTKXTEfhnunN3pwgXWVTI68j9pRzmSy+hMkSFbgN9EGMSXxGcNunY7ewS3ZkVe08SWFpiX9giYq6uiOiMHsZKdcP6s2QRXUhZlTx2cOc/9gJ5lD82EUXQRZzT6ww2xVrceIW9c3CZFmSmYWxvrR7dPcHrke90FPPd5WhU+Anz++6GsT6+OhZTk+uQnBHllFXn9NoFQIEUDO4zV+gFXITaAbTkLAcCwuKB2QcDZ6C2mhf ansible-generated on ansible-v2
allow_sudo: true
allow_passwordless_sudo: true