JensWH/netz39-infra-ansible
1
0
Fork 0
forked from Netz39_Admin/netz39-infra-ansible
Code Pull requests Activity

Merge branch 'users'

Browse source
This commit is contained in:
Stefan Haun 2020-12-09 19:02:42 +01:00
commit 8b94db4898
6 changed files with 90 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

46
inventory
View file

@ -1,5 +1,49 @@
all: all:
vars:
users:
- logname: "alex"
viewname: "Alexander Dahl"
email: "alex@netz39.de"
ssh_pub:
- !unsafe >
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDVZPAE3XE8Ek1Ji4sCIHxLVx+bi2qpsTSsYhBqtYysnFn9AHJj14BR59D0Si05sfVkmL4OQoo7Q98oIxy33PgtqoUfgXk9dc7dlsye3t/gsAb25ABnqG/ZYe65nZLN7BzRM1/QZIbd6sSu6eXrNFCh0ikB5se4zgVkDO8t6h2dnz4FvTuIM2Bi/PnIJTqb8+uLQE1vS3A7tTx100ZKXxr81dlo2Y1JBP6WrS1W1IyFiG6wofl2XTY02ssyoENQyR89lLMJYKvm5xlhL/L69gtMsqIX9UBQFk8Rpq04ZIwN6b0K4R142GZvxdJNdQULgtI3gPkKgH7FDoFsRHNA6b/9
adahl@ada
- !unsafe >
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDvczlb1+9d1BjuLk5ZcQt2Z0Dh61Vg91i47tM48CN2koJ4I/9vgN37l6mnr383zD8kQkXDGmCYpXOa48WocyyUuP3h75DCjANYcWOsohQfFu2F1ZOiiVCGduDntzS2nbZEF2W3nZNLQ6/dKKEeaSxu5RjKflkWakghkMt3H4KN20bxzYzHQMLhRYFEGHpskOqeaXKPkqqEP+u5kToINtmXwegCvQFnlx4fNrysFII79buBNlcLsO1X4ABucVMYT/OJnBpJEfEcNFUKrJZRGgM8aDbUpkV9LRY2lywvoKJhiRMc7x7kK0LWOTdPJri+SJhW6fEW4JKCRTSHVN8OS8S/
alex@buffy
- !unsafe >
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAsGvQ1COtwA4ERf+Z/IMxlw4RadCVKIQzB6v8n20dDM+bfBmTxk7NeSGbdB/vjvUV0Oq47KfDISDAlwhSv0aSpij3d7twPWrFz7eoFWAGO2mnz39btA1i9ygMypsP56NHZDsgokPoCSX3viKyFhh6qgt6cCOJYwLZix4VoFKaQ7GlqoVKAHz9v3r/Lq15oTRcCoqP7FID4Fp1a51fY2XQltALoQnfZVhqpnJB30U0uv79QCAHS5IC75fmRjm1vo/mmu0Kbu4+KfU2+MIpzx2Y6xyntIpB1Nuk9Xn1ptKw1CmgKcNOKNGkKuegripoAHv6oylTjge61ksDPjhAyisNGQ==
alex@falbala
- !unsafe >
ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAqx9VCxrcbUrGJ9MOTcS0Jq09bZz3gNKL4mvOXhnMhjbt0IrEENcexwVbk4pSHsezz4LKapvqmT+0U4WiCsU/DtwzLlV7Qgbjoo+Buwzll9Hi+xGn6xIHwvAZoltj2IioIIQgRxF+B/mqGaOU2KN/Yq/2ODMGvPj00VQ2+otLX3XrFoUJX5oot7GsonY2RxrSgOhWCosApgt4MxcuKjyS6VS8RDfdNn522VEPlKevUz5gY7sK5cKcAS3j29+VdXpqewa6jcz0KmQroLXFyJzPkTH2lt5AIurojGtZqbkas/TQPSExun9XpkA3gxuwVKD/uLl/R/7ecagNKdl/+Rtsbw==
alex@tiffy
- !unsafe >
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC92+JJ7C0WYgripJ9hSIb2D/QMzw/rMmeFTTcO34DJNAVIQtq9nb8Ev7s8Bjz3VR7/LS4kQlyB6dp1RLuObPYRafY0695lja4lwgy7iY1OAYCNM71OYyyztcoHEz3fGO4tzNx5Z1tI9zLpS1Wr7ENeKOKBqmFIgZno67Gq+NZr3LHNvnvAsbMsZXOdnld0LmG0Um35WEN60UYz3k6QUYBfaYrHnX2OP9auK5QDnd2jVTdNLRbBus7VtIsCfK3szLa+dFyd/ISPCB/YsZj1i0WmO766Y4GqFTZhIZUok4JuU8pl/7Y9CSKRMx4sp/3LYIAyOsL5EJxmg3fEfYsRK0gb
alex@toshy
- !unsafe >
ssh-ed25519
AAAAC3NzaC1lZDI1NTE5AAAAIGmU7MfOFuc6z5Vbwh4CbBFSg19f8B9rUO2ITjgmEvkY
alex@lemmy
sudo: yes
docker: yes
- logname: "tux"
viewname: "Stefan Haun"
email: "tux@netz39.de"
ssh_pub:
- !unsafe >
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvxbl9eiBojG2zKw2eSftwaMpA4XeONJpPK++WBUBJi+4RhvtN+8YX55cGsRlAA2pvW1a6hxjuR/NEA0+EAZ8ueNaOrMJjHvuUSzO76YF1gHlusAbhYvNl4EYZz/lkrFM4oaa/4/WirgUvSKnpPQx2YgX/AEkIwzk6nQLve+NmijkWdWzaww5snjbAEsgo+iEqeLPRfzbxX4Esp8bqFy3qD0SGgJM8iWlUaWCoQI1HhU4lVBtwdR6cJQ3QnmhUidRLOpIpX1sBRM8Cnwc5g2u3OpsaxPd77+5hXtxKjQUby/YLGmr6L2x1tWYqkV+GZA0Lh3fwM0BjDVT/Y/a+HUVh tux@netz39.de
sudo: yes
docker: yes
hosts:
tau.netz39.de:
children: children:
tau: tau:
hosts: hosts:
tau.netz39.de tau.netz39.de:

6
main.yml
View file

@ -6,7 +6,6 @@
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
server_admin: "admin@netz39.de" server_admin: "admin@netz39.de"
admin_users: [tux, alex]
ag_timezone: Europe/Berlin ag_timezone: Europe/Berlin
@ -47,13 +46,12 @@
unattended_mail: 'root' unattended_mail: 'root'
- name: Setup users - name: Setup users
include_tasks: tasks/users.yml include_role:
name: users
- name: Install Docker - name: Install Docker
include_role: include_role:
name: install-docker name: install-docker
vars:
docker_users: "{{ admin_users }}"
- name: Setup Docker Environment - name: Setup Docker Environment
include_tasks: tasks/docker_env.yml include_tasks: tasks/docker_env.yml

5
roles/install-docker/tasks/main.yml
View file

@ -79,7 +79,8 @@
- name: Place admin users in docker group - name: Place admin users in docker group
user: user:
name: "{{ item }}" name: "{{ item.logname }}"
groups: docker groups: docker
append: yes append: yes
with_items: "{{ docker_users }}" when: item.docker == true
with_items: "{{ users }}"

40
roles/users/tasks/main.yml Normal file
View file

@ -0,0 +1,40 @@
---
- name: Ensure sudo is installed
package:
name:
- sudo
state: present
- name: Configure group sudo for sudoers without password
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo\s'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: /usr/sbin/visudo -cf %s
- name: Add users | create users' shell and home dir
user:
name: "{{ item.logname }}"
shell: /bin/bash
createhome: yes
comment: "{{ item.viewname }}"
with_items: "{{ users }}"
- name: Add authorized keys for user
authorized_key:
user: "{{ item.0.logname }}"
key: "{{ item.1 }}"
state: present
with_subelements:
- "{{ users }}"
- ssh_pub
- name: Place user in sudo group
user:
name: "{{ item.logname }}"
groups: sudo
append: yes
when: item.sudo == true
with_items: "{{ users }}"

6
users/alex_authorized_keys
View file

@ -1,6 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVZPAE3XE8Ek1Ji4sCIHxLVx+bi2qpsTSsYhBqtYysnFn9AHJj14BR59D0Si05sfVkmL4OQoo7Q98oIxy33PgtqoUfgXk9dc7dlsye3t/gsAb25ABnqG/ZYe65nZLN7BzRM1/QZIbd6sSu6eXrNFCh0ikB5se4zgVkDO8t6h2dnz4FvTuIM2Bi/PnIJTqb8+uLQE1vS3A7tTx100ZKXxr81dlo2Y1JBP6WrS1W1IyFiG6wofl2XTY02ssyoENQyR89lLMJYKvm5xlhL/L69gtMsqIX9UBQFk8Rpq04ZIwN6b0K4R142GZvxdJNdQULgtI3gPkKgH7FDoFsRHNA6b/9 adahl@ada
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvczlb1+9d1BjuLk5ZcQt2Z0Dh61Vg91i47tM48CN2koJ4I/9vgN37l6mnr383zD8kQkXDGmCYpXOa48WocyyUuP3h75DCjANYcWOsohQfFu2F1ZOiiVCGduDntzS2nbZEF2W3nZNLQ6/dKKEeaSxu5RjKflkWakghkMt3H4KN20bxzYzHQMLhRYFEGHpskOqeaXKPkqqEP+u5kToINtmXwegCvQFnlx4fNrysFII79buBNlcLsO1X4ABucVMYT/OJnBpJEfEcNFUKrJZRGgM8aDbUpkV9LRY2lywvoKJhiRMc7x7kK0LWOTdPJri+SJhW6fEW4JKCRTSHVN8OS8S/ alex@buffy
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsGvQ1COtwA4ERf+Z/IMxlw4RadCVKIQzB6v8n20dDM+bfBmTxk7NeSGbdB/vjvUV0Oq47KfDISDAlwhSv0aSpij3d7twPWrFz7eoFWAGO2mnz39btA1i9ygMypsP56NHZDsgokPoCSX3viKyFhh6qgt6cCOJYwLZix4VoFKaQ7GlqoVKAHz9v3r/Lq15oTRcCoqP7FID4Fp1a51fY2XQltALoQnfZVhqpnJB30U0uv79QCAHS5IC75fmRjm1vo/mmu0Kbu4+KfU2+MIpzx2Y6xyntIpB1Nuk9Xn1ptKw1CmgKcNOKNGkKuegripoAHv6oylTjge61ksDPjhAyisNGQ== alex@falbala
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqx9VCxrcbUrGJ9MOTcS0Jq09bZz3gNKL4mvOXhnMhjbt0IrEENcexwVbk4pSHsezz4LKapvqmT+0U4WiCsU/DtwzLlV7Qgbjoo+Buwzll9Hi+xGn6xIHwvAZoltj2IioIIQgRxF+B/mqGaOU2KN/Yq/2ODMGvPj00VQ2+otLX3XrFoUJX5oot7GsonY2RxrSgOhWCosApgt4MxcuKjyS6VS8RDfdNn522VEPlKevUz5gY7sK5cKcAS3j29+VdXpqewa6jcz0KmQroLXFyJzPkTH2lt5AIurojGtZqbkas/TQPSExun9XpkA3gxuwVKD/uLl/R/7ecagNKdl/+Rtsbw== alex@tiffy
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC92+JJ7C0WYgripJ9hSIb2D/QMzw/rMmeFTTcO34DJNAVIQtq9nb8Ev7s8Bjz3VR7/LS4kQlyB6dp1RLuObPYRafY0695lja4lwgy7iY1OAYCNM71OYyyztcoHEz3fGO4tzNx5Z1tI9zLpS1Wr7ENeKOKBqmFIgZno67Gq+NZr3LHNvnvAsbMsZXOdnld0LmG0Um35WEN60UYz3k6QUYBfaYrHnX2OP9auK5QDnd2jVTdNLRbBus7VtIsCfK3szLa+dFyd/ISPCB/YsZj1i0WmO766Y4GqFTZhIZUok4JuU8pl/7Y9CSKRMx4sp/3LYIAyOsL5EJxmg3fEfYsRK0gb alex@toshy
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmU7MfOFuc6z5Vbwh4CbBFSg19f8B9rUO2ITjgmEvkY alex@lemmy

1
users/tux_authorized_keys
View file

@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvxbl9eiBojG2zKw2eSftwaMpA4XeONJpPK++WBUBJi+4RhvtN+8YX55cGsRlAA2pvW1a6hxjuR/NEA0+EAZ8ueNaOrMJjHvuUSzO76YF1gHlusAbhYvNl4EYZz/lkrFM4oaa/4/WirgUvSKnpPQx2YgX/AEkIwzk6nQLve+NmijkWdWzaww5snjbAEsgo+iEqeLPRfzbxX4Esp8bqFy3qD0SGgJM8iWlUaWCoQI1HhU4lVBtwdR6cJQ3QnmhUidRLOpIpX1sBRM8Cnwc5g2u3OpsaxPd77+5hXtxKjQUby/YLGmr6L2x1tWYqkV+GZA0Lh3fwM0BjDVT/Y/a+HUVh tux@netz39.de