Merge branch 'users'

main.yml

@@ -4,6 +4,7 @@
 
   vars:
     - server_admin: "admin@netz39.de"
+    - admin_users: [tux, alex]
     - ag_timezone: Europe/Berlin
 
   roles:
@@ -31,5 +32,8 @@
         unattended_package_blacklist: [cowsay]
         unattended_mail: 'root'
 
+    - name: Setup users
+      include_tasks: tasks/users.yml
+
     - name: Setup httpd
       include_tasks: tasks/httpd.yml

tasks/users.yml

@@ -0,0 +1,48 @@
+---
+- name: Add users | create users, shell, home dirs
+  user:
+    name: "{{ item }}"
+    shell: /bin/bash
+    createhome: yes
+    comment: 'created with ansible'
+    password_lock: true
+    append: true
+  with_items:
+    - "{{ admin_users }}"
+
+- name: Create .ssh user directories
+  file:
+    path: "{{ '/home/' + item + '/.ssh'  }}"
+    state: directory
+    mode: "0700"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+  with_items:
+    - "{{ admin_users }}"
+
+- name: Set authorized keys for users
+  copy:
+    src: "{{'users/' + item + '_authorized_keys'}}"
+    remote_src: no
+    dest: "{{ '/home/' + item + '/.ssh/authorized_keys' }}"
+    mode: "0600"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+  with_items:
+    - "{{ admin_users }}"
+
+- name: Place users in sudo group
+  user:
+    name: "{{ item }}"
+    groups: sudo
+    append: yes
+  with_items:
+    - "{{ admin_users }}"
+
+- name: Configure group sudo for sudoers without password
+  lineinfile:
+    path: /etc/sudoers
+    state: present
+    regexp: '^%sudo\s'
+    line: '%sudo ALL=(ALL) NOPASSWD: ALL'
+    validate: /usr/sbin/visudo -cf %s

users/alex_authorized_keys

@@ -0,0 +1,6 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVZPAE3XE8Ek1Ji4sCIHxLVx+bi2qpsTSsYhBqtYysnFn9AHJj14BR59D0Si05sfVkmL4OQoo7Q98oIxy33PgtqoUfgXk9dc7dlsye3t/gsAb25ABnqG/ZYe65nZLN7BzRM1/QZIbd6sSu6eXrNFCh0ikB5se4zgVkDO8t6h2dnz4FvTuIM2Bi/PnIJTqb8+uLQE1vS3A7tTx100ZKXxr81dlo2Y1JBP6WrS1W1IyFiG6wofl2XTY02ssyoENQyR89lLMJYKvm5xlhL/L69gtMsqIX9UBQFk8Rpq04ZIwN6b0K4R142GZvxdJNdQULgtI3gPkKgH7FDoFsRHNA6b/9 adahl@ada
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvczlb1+9d1BjuLk5ZcQt2Z0Dh61Vg91i47tM48CN2koJ4I/9vgN37l6mnr383zD8kQkXDGmCYpXOa48WocyyUuP3h75DCjANYcWOsohQfFu2F1ZOiiVCGduDntzS2nbZEF2W3nZNLQ6/dKKEeaSxu5RjKflkWakghkMt3H4KN20bxzYzHQMLhRYFEGHpskOqeaXKPkqqEP+u5kToINtmXwegCvQFnlx4fNrysFII79buBNlcLsO1X4ABucVMYT/OJnBpJEfEcNFUKrJZRGgM8aDbUpkV9LRY2lywvoKJhiRMc7x7kK0LWOTdPJri+SJhW6fEW4JKCRTSHVN8OS8S/ alex@buffy
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsGvQ1COtwA4ERf+Z/IMxlw4RadCVKIQzB6v8n20dDM+bfBmTxk7NeSGbdB/vjvUV0Oq47KfDISDAlwhSv0aSpij3d7twPWrFz7eoFWAGO2mnz39btA1i9ygMypsP56NHZDsgokPoCSX3viKyFhh6qgt6cCOJYwLZix4VoFKaQ7GlqoVKAHz9v3r/Lq15oTRcCoqP7FID4Fp1a51fY2XQltALoQnfZVhqpnJB30U0uv79QCAHS5IC75fmRjm1vo/mmu0Kbu4+KfU2+MIpzx2Y6xyntIpB1Nuk9Xn1ptKw1CmgKcNOKNGkKuegripoAHv6oylTjge61ksDPjhAyisNGQ== alex@falbala
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqx9VCxrcbUrGJ9MOTcS0Jq09bZz3gNKL4mvOXhnMhjbt0IrEENcexwVbk4pSHsezz4LKapvqmT+0U4WiCsU/DtwzLlV7Qgbjoo+Buwzll9Hi+xGn6xIHwvAZoltj2IioIIQgRxF+B/mqGaOU2KN/Yq/2ODMGvPj00VQ2+otLX3XrFoUJX5oot7GsonY2RxrSgOhWCosApgt4MxcuKjyS6VS8RDfdNn522VEPlKevUz5gY7sK5cKcAS3j29+VdXpqewa6jcz0KmQroLXFyJzPkTH2lt5AIurojGtZqbkas/TQPSExun9XpkA3gxuwVKD/uLl/R/7ecagNKdl/+Rtsbw== alex@tiffy
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC92+JJ7C0WYgripJ9hSIb2D/QMzw/rMmeFTTcO34DJNAVIQtq9nb8Ev7s8Bjz3VR7/LS4kQlyB6dp1RLuObPYRafY0695lja4lwgy7iY1OAYCNM71OYyyztcoHEz3fGO4tzNx5Z1tI9zLpS1Wr7ENeKOKBqmFIgZno67Gq+NZr3LHNvnvAsbMsZXOdnld0LmG0Um35WEN60UYz3k6QUYBfaYrHnX2OP9auK5QDnd2jVTdNLRbBus7VtIsCfK3szLa+dFyd/ISPCB/YsZj1i0WmO766Y4GqFTZhIZUok4JuU8pl/7Y9CSKRMx4sp/3LYIAyOsL5EJxmg3fEfYsRK0gb alex@toshy
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmU7MfOFuc6z5Vbwh4CbBFSg19f8B9rUO2ITjgmEvkY alex@lemmy

users/tux_authorized_keys

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvxbl9eiBojG2zKw2eSftwaMpA4XeONJpPK++WBUBJi+4RhvtN+8YX55cGsRlAA2pvW1a6hxjuR/NEA0+EAZ8ueNaOrMJjHvuUSzO76YF1gHlusAbhYvNl4EYZz/lkrFM4oaa/4/WirgUvSKnpPQx2YgX/AEkIwzk6nQLve+NmijkWdWzaww5snjbAEsgo+iEqeLPRfzbxX4Esp8bqFy3qD0SGgJM8iWlUaWCoQI1HhU4lVBtwdR6cJQ3QnmhUidRLOpIpX1sBRM8Cnwc5g2u3OpsaxPd77+5hXtxKjQUby/YLGmr6L2x1tWYqkV+GZA0Lh3fwM0BjDVT/Y/a+HUVh tux@netz39.de