Add administrative user role

This commit is contained in:
Salt 2021-02-26 10:07:57 -06:00
parent e916cd784f
commit bab051af2c
4 changed files with 57 additions and 0 deletions

View File

@ -5,6 +5,11 @@ ansible_pull_repo: "https://git.desu.ltd/salt/ansible"
ansible_pull_commit: master ansible_pull_commit: master
common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible" common_ansible_pubkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDfXVgMHeD2wtCAIVoDYQ+R19vKfhmR2FgUTkHhAzE2156fB/+IMB+6Qc4X3aFRIcUp+Ls8Vm8JQ3d0jvbcGQkgbAjRExQa71XGBmhxJCxzlCLBoQzBmTSnryL09LExoMynzVgrso8TQP92vZBGJFI/lLGAaop2l9pu+3cgM3sRaK+A11lcRCrS25C3hqPQhKC44zjzOt7sIoaG6RqG3CQ8jhE35bthQdBySOZVDgDKfjDyPuDzVxiKjsuNm4Ojzm0QW5gq6GkLOg2B8OSQ1TGQgBHQu4b8zsKBOUOdbZb0JLM8NdpH1cMntC0QBofy3DzqR/CFaSaBzUx+dnkBH0/pjBOrhHzzqZGOJayfC1igYki67HqzFV5IjhAVa+c4S9L/zbFk0+YZYdgMoKNlMU2LgzrSEastuXHD7NUy3fMP4BZbqg37SjQzFRXoUp5+ctVs9tCoy/qvvjT3UVGcn312eJrRRfWrYagU2nWKGyqbTOpsuOJ5OLlhopy6eP9+yRM= ansible"
# Admin user configuration
adminuser_name: salt
adminuser_ssh_authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCoRSbzKkb8gd9rjeeRZeE71vp0vF3leBUeyTWGzFJf ansible-generated on lap-s76-lemp9-0.desu.ltd
# For backups # For backups
backup_s3_bucket: !vault | backup_s3_bucket: !vault |
$ANSIBLE_VAULT;1.1;AES256 $ANSIBLE_VAULT;1.1;AES256

View File

@ -0,0 +1,23 @@
#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
# Basic user configuration
adminuser_name: admin
adminuser_comment: Administrative user
adminuser_shell: /bin/bash
# Define me to set a user password
#adminuser_password:
# SSH keys
adminuser_ssh_key_type: ed25519
adminuser_ssh_key: yes
adminuser_ssh_authorized_keys: []
adminuser_ssh_unauthorized_keys: []
# Groups
adminuser_groups: []
adminuser_groups_extra: []
adminuser_groups_append: yes
# Sudo rule
adminuser_sudo_rule: "{{ adminuser_name }} ALL=(ALL:ALL) NOPASSWD:ALL"
adminuser_sudo: yes

View File

@ -0,0 +1,27 @@
#!/usr/bin/env ansible-playbook
# vim:ft=ansible:
- name: assure admin user
user:
name: "{{ adminuser_name }}"
append: "{{ adminuser_groups_append }}"
groups: "{{ adminuser_groups + adminuser_groups_extra }}"
shell: "{{ adminuser_shell }}"
- name: assure admin user ssh key
user:
name: "{{ adminuser_name }}"
generate_ssh_key: yes
ssh_key_type: "{{ adminuser_ssh_key_type }}"
ssh_key_file: ".ssh/id_{{ adminuser_ssh_key_type }}"
when: adminuser_ssh_key
- name: assure admin user ssh authorized keys
authorized_key: user={{ adminuser_name }} key={{ item }}
loop: "{{ adminuser_ssh_authorized_keys }}"
- name: remove admin user ssh keys
authorized_key: state=absent user={{ adminuser_name }} key={{ item }}
loop: "{{ adminuser_ssh_unauthorized_keys }}"
- name: assure admin user pass
user: name={{ adminuser_name }} password={{ adminuser_password }}
when: adminuser_password is defined
- name: assure admin user sudo rule
lineinfile: path=/etc/sudoers line={{ adminuser_sudo_rule }}
when: adminuser_sudo

View File

@ -8,6 +8,8 @@
tags: [ common ] tags: [ common ]
- role: ansible-pull - role: ansible-pull
tags: [ ansible, common ] tags: [ ansible, common ]
- role: adminuser
tags: [ adminuser, common ]
- role: git - role: git
vars: vars:
git_repos: git_repos: