Add administrative user role
This commit is contained in:
parent
e916cd784f
commit
bab051af2c
@ -5,6 +5,11 @@ ansible_pull_repo: "https://git.desu.ltd/salt/ansible"
|
||||
ansible_pull_commit: master
|
||||
common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible"
|
||||
|
||||
# Admin user configuration
|
||||
adminuser_name: salt
|
||||
adminuser_ssh_authorized_keys:
|
||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCoRSbzKkb8gd9rjeeRZeE71vp0vF3leBUeyTWGzFJf ansible-generated on lap-s76-lemp9-0.desu.ltd
|
||||
|
||||
# For backups
|
||||
backup_s3_bucket: !vault |
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
|
23
roles/adminuser/defaults/main.yml
Normal file
23
roles/adminuser/defaults/main.yml
Normal file
@ -0,0 +1,23 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
# Basic user configuration
|
||||
adminuser_name: admin
|
||||
adminuser_comment: Administrative user
|
||||
adminuser_shell: /bin/bash
|
||||
# Define me to set a user password
|
||||
#adminuser_password:
|
||||
|
||||
# SSH keys
|
||||
adminuser_ssh_key_type: ed25519
|
||||
adminuser_ssh_key: yes
|
||||
adminuser_ssh_authorized_keys: []
|
||||
adminuser_ssh_unauthorized_keys: []
|
||||
|
||||
# Groups
|
||||
adminuser_groups: []
|
||||
adminuser_groups_extra: []
|
||||
adminuser_groups_append: yes
|
||||
|
||||
# Sudo rule
|
||||
adminuser_sudo_rule: "{{ adminuser_name }} ALL=(ALL:ALL) NOPASSWD:ALL"
|
||||
adminuser_sudo: yes
|
27
roles/adminuser/tasks/main.yml
Normal file
27
roles/adminuser/tasks/main.yml
Normal file
@ -0,0 +1,27 @@
|
||||
#!/usr/bin/env ansible-playbook
|
||||
# vim:ft=ansible:
|
||||
- name: assure admin user
|
||||
user:
|
||||
name: "{{ adminuser_name }}"
|
||||
append: "{{ adminuser_groups_append }}"
|
||||
groups: "{{ adminuser_groups + adminuser_groups_extra }}"
|
||||
shell: "{{ adminuser_shell }}"
|
||||
- name: assure admin user ssh key
|
||||
user:
|
||||
name: "{{ adminuser_name }}"
|
||||
generate_ssh_key: yes
|
||||
ssh_key_type: "{{ adminuser_ssh_key_type }}"
|
||||
ssh_key_file: ".ssh/id_{{ adminuser_ssh_key_type }}"
|
||||
when: adminuser_ssh_key
|
||||
- name: assure admin user ssh authorized keys
|
||||
authorized_key: user={{ adminuser_name }} key={{ item }}
|
||||
loop: "{{ adminuser_ssh_authorized_keys }}"
|
||||
- name: remove admin user ssh keys
|
||||
authorized_key: state=absent user={{ adminuser_name }} key={{ item }}
|
||||
loop: "{{ adminuser_ssh_unauthorized_keys }}"
|
||||
- name: assure admin user pass
|
||||
user: name={{ adminuser_name }} password={{ adminuser_password }}
|
||||
when: adminuser_password is defined
|
||||
- name: assure admin user sudo rule
|
||||
lineinfile: path=/etc/sudoers line={{ adminuser_sudo_rule }}
|
||||
when: adminuser_sudo
|
Loading…
Reference in New Issue
Block a user