Modularize user role, fix indentation with ansible vault secrets

9iron.yml

@@ -6,6 +6,20 @@
     - common
     - user
     - influxdb
+    - role: user
+      vars:
+        user_username: salt
+        user_password: !vault |
+                $ANSIBLE_VAULT;1.1;AES256
+                37666131343936663962386535343939373161343337383436613961303637376136633736353533
+                3366623536646563383563373265313134663464396231370a303033353661336436386561366139
+                30393536393634653566646636366436656435623534626266343632313336336336346131383361
+                3366343932383930350a383637646261373135376138633533306530306339316235353262356135
+                34626466363266616265653064333365663663306330666632343864373335626265323230633331
+                33623431633665353964623437636231623366383733626266353162633762373035376638663936
+                62383065653836366431316461663862393130653761643937376565366435646665313961663534
+                64303363653631653433343361616635373966326433663466636164613062343561333036613937
+                35616666633737356331653632323639373330396433366639326466373639313630
 - hosts: 9iron.club
   roles:
     - role: backups

desktop.yml

@@ -4,8 +4,23 @@
 - hosts: localhost
   roles:
     - common
-    - user
     - desktop
+    - role: user
+      vars:
+        user_username: salt
+        user_password: !vault |
+                $ANSIBLE_VAULT;1.1;AES256
+                37666131343936663962386535343939373161343337383436613961303637376136633736353533
+                3366623536646563383563373265313134663464396231370a303033353661336436386561366139
+                30393536393634653566646636366436656435623534626266343632313336336336346131383361
+                3366343932383930350a383637646261373135376138633533306530306339316235353262356135
+                34626466363266616265653064333365663663306330666632343864373335626265323230633331
+                33623431633665353964623437636231623366383733626266353162633762373035376638663936
+                62383065653836366431316461663862393130653761643937376565366435646665313961663534
+                64303363653631653433343361616635373966326433663466636164613062343561333036613937
+                35616666633737356331653632323639373330396433366639326466373639313630
+      tags: [ user ]
     - role: ansiblehost
       vars:
         pullplaybook: "desktop.yml"
+      tags: [ ansiblehost ]

roles/user/defaults/main.yml

@@ -0,0 +1,4 @@
+# vim:ft=ansible:
+user_username: salt
+user_shell: /bin/bash
+user_password: "!"

roles/user/tasks/main.yml

@@ -2,39 +2,24 @@
 # vim:ft=ansible:
 ---
 - name: Assure user salt
-  vars:
-    salt_pass: !vault |
-        $ANSIBLE_VAULT;1.1;AES256
-        37666131343936663962386535343939373161343337383436613961303637376136633736353533
-        3366623536646563383563373265313134663464396231370a303033353661336436386561366139
-        30393536393634653566646636366436656435623534626266343632313336336336346131383361
-        3366343932383930350a383637646261373135376138633533306530306339316235353262356135
-        34626466363266616265653064333365663663306330666632343864373335626265323230633331
-        33623431633665353964623437636231623366383733626266353162633762373035376638663936
-        62383065653836366431316461663862393130653761643937376565366435646665313961663534
-        64303363653631653433343361616635373966326433663466636164613062343561333036613937
-        35616666633737356331653632323639373330396433366639326466373639313630
   user:
-    name: salt
-    shell: /bin/bash
-    password: "{{ salt_pass }}"
+    name: "{{ user_username }}"
+    shell: "{{ user_shell }}"
+    password: "{{ user_password }}"
     groups: sudo
     append: yes
   become: yes
 - name: Bootstrap user
   block:
-  - name: Authorize dsk-cstm-0 for user salt
+  - name: Configure SSH keys
     authorized_key:
-      user: salt
-      state: present
+      user: "{{ user_username }}"
       manage_dir: yes
-      key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ Salt@tungsten-qemu"
-  - name: Authorize lap-th-e560-0 for user salt
-    authorized_key:
-      user: salt
-      state: present
-      manage_dir: yes
-      key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@iridium"
+      key: "{{ item.key }}"
+      state: "{{ item.state }}"
+    loop:
+      - { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc03Q21k7rDuIbZ91dIMOSAM7EpT75YFzOoYL6CfHLZbRDsYTVgUSHYL9lfgGiW9CYL9Gp8QT9eLzIdfgn4e8OMMuoW1jayM9nj6iY3tmWlinuzs535j04Us/aY1Gka+f0qf/vJfRAwO0VN92xmLxW4pQMD/r5DKQ3yppvohnAAPeOhoFeLbEPiBgb1ktNxtQF9GdIOdDIEE+dV0UA07dJskTdJGG9Zbff7VEcQXknhaLdclye+BHlNkRv+MvFu4jPnBNttPiM4TSBgOD88U68M6MsYBJ+2e+7cTiO2DWy9bTtAnhWHD468fdS3S9h62l2lsrGBa5dRpc8RCpPXFo/ salt@dsk-cstm-0", state: present }
+      - { key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDyOzdOFNONNhr++/2L3iSN04JsLwYHkapslDMEImI0x4chvdfdA9OkEOZHP5EoMUG6uWL3xZZdQ9Egp931oHDc4W5ylPQ1VtqQ2vcyffCfBTOEaUeEgw2tHBDngMqBgTajMSFvTbaC7JNSIdcGP1KTCCYZ3f8DPjVmG8FAKq1kDnCyI4sXHQswi/AbIBrOsWSW+qjrQdD/jU7T2LPQbU9FB+afinDizhGXUzkmbRkOD5z/YsyrWDfaKhGS4EwJpZbEwT7ocnCaQSa74xYLwUlBONhg3u2wq00mrh7vc2WbeGB7VoCsojPIj5r6KoCKzRBVog2HLQ4W7QqfSW/nXR21 salt@lap-th-e560-0", state: present }
   - name: Check for dotfile initialization
     stat: path=$HOME/.dotfiles
     register: p
@@ -76,4 +61,4 @@
         state: absent
     when: not p.stat.exists
   become: yes
-  become_user: salt
+  become_user: "{{ user_username }}"