forked from Netz39_Admin/netz39-infra-ansible
Merge branch 'users'
This commit is contained in:
commit
8b94db4898
6 changed files with 90 additions and 14 deletions
46
inventory
46
inventory
|
@ -1,5 +1,49 @@
|
||||||
all:
|
all:
|
||||||
|
vars:
|
||||||
|
users:
|
||||||
|
- logname: "alex"
|
||||||
|
viewname: "Alexander Dahl"
|
||||||
|
email: "alex@netz39.de"
|
||||||
|
ssh_pub:
|
||||||
|
- !unsafe >
|
||||||
|
ssh-rsa
|
||||||
|
AAAAB3NzaC1yc2EAAAADAQABAAABAQDVZPAE3XE8Ek1Ji4sCIHxLVx+bi2qpsTSsYhBqtYysnFn9AHJj14BR59D0Si05sfVkmL4OQoo7Q98oIxy33PgtqoUfgXk9dc7dlsye3t/gsAb25ABnqG/ZYe65nZLN7BzRM1/QZIbd6sSu6eXrNFCh0ikB5se4zgVkDO8t6h2dnz4FvTuIM2Bi/PnIJTqb8+uLQE1vS3A7tTx100ZKXxr81dlo2Y1JBP6WrS1W1IyFiG6wofl2XTY02ssyoENQyR89lLMJYKvm5xlhL/L69gtMsqIX9UBQFk8Rpq04ZIwN6b0K4R142GZvxdJNdQULgtI3gPkKgH7FDoFsRHNA6b/9
|
||||||
|
adahl@ada
|
||||||
|
- !unsafe >
|
||||||
|
ssh-rsa
|
||||||
|
AAAAB3NzaC1yc2EAAAADAQABAAABAQDvczlb1+9d1BjuLk5ZcQt2Z0Dh61Vg91i47tM48CN2koJ4I/9vgN37l6mnr383zD8kQkXDGmCYpXOa48WocyyUuP3h75DCjANYcWOsohQfFu2F1ZOiiVCGduDntzS2nbZEF2W3nZNLQ6/dKKEeaSxu5RjKflkWakghkMt3H4KN20bxzYzHQMLhRYFEGHpskOqeaXKPkqqEP+u5kToINtmXwegCvQFnlx4fNrysFII79buBNlcLsO1X4ABucVMYT/OJnBpJEfEcNFUKrJZRGgM8aDbUpkV9LRY2lywvoKJhiRMc7x7kK0LWOTdPJri+SJhW6fEW4JKCRTSHVN8OS8S/
|
||||||
|
alex@buffy
|
||||||
|
- !unsafe >
|
||||||
|
ssh-rsa
|
||||||
|
AAAAB3NzaC1yc2EAAAABIwAAAQEAsGvQ1COtwA4ERf+Z/IMxlw4RadCVKIQzB6v8n20dDM+bfBmTxk7NeSGbdB/vjvUV0Oq47KfDISDAlwhSv0aSpij3d7twPWrFz7eoFWAGO2mnz39btA1i9ygMypsP56NHZDsgokPoCSX3viKyFhh6qgt6cCOJYwLZix4VoFKaQ7GlqoVKAHz9v3r/Lq15oTRcCoqP7FID4Fp1a51fY2XQltALoQnfZVhqpnJB30U0uv79QCAHS5IC75fmRjm1vo/mmu0Kbu4+KfU2+MIpzx2Y6xyntIpB1Nuk9Xn1ptKw1CmgKcNOKNGkKuegripoAHv6oylTjge61ksDPjhAyisNGQ==
|
||||||
|
alex@falbala
|
||||||
|
- !unsafe >
|
||||||
|
ssh-rsa
|
||||||
|
AAAAB3NzaC1yc2EAAAABIwAAAQEAqx9VCxrcbUrGJ9MOTcS0Jq09bZz3gNKL4mvOXhnMhjbt0IrEENcexwVbk4pSHsezz4LKapvqmT+0U4WiCsU/DtwzLlV7Qgbjoo+Buwzll9Hi+xGn6xIHwvAZoltj2IioIIQgRxF+B/mqGaOU2KN/Yq/2ODMGvPj00VQ2+otLX3XrFoUJX5oot7GsonY2RxrSgOhWCosApgt4MxcuKjyS6VS8RDfdNn522VEPlKevUz5gY7sK5cKcAS3j29+VdXpqewa6jcz0KmQroLXFyJzPkTH2lt5AIurojGtZqbkas/TQPSExun9XpkA3gxuwVKD/uLl/R/7ecagNKdl/+Rtsbw==
|
||||||
|
alex@tiffy
|
||||||
|
- !unsafe >
|
||||||
|
ssh-rsa
|
||||||
|
AAAAB3NzaC1yc2EAAAADAQABAAABAQC92+JJ7C0WYgripJ9hSIb2D/QMzw/rMmeFTTcO34DJNAVIQtq9nb8Ev7s8Bjz3VR7/LS4kQlyB6dp1RLuObPYRafY0695lja4lwgy7iY1OAYCNM71OYyyztcoHEz3fGO4tzNx5Z1tI9zLpS1Wr7ENeKOKBqmFIgZno67Gq+NZr3LHNvnvAsbMsZXOdnld0LmG0Um35WEN60UYz3k6QUYBfaYrHnX2OP9auK5QDnd2jVTdNLRbBus7VtIsCfK3szLa+dFyd/ISPCB/YsZj1i0WmO766Y4GqFTZhIZUok4JuU8pl/7Y9CSKRMx4sp/3LYIAyOsL5EJxmg3fEfYsRK0gb
|
||||||
|
alex@toshy
|
||||||
|
- !unsafe >
|
||||||
|
ssh-ed25519
|
||||||
|
AAAAC3NzaC1lZDI1NTE5AAAAIGmU7MfOFuc6z5Vbwh4CbBFSg19f8B9rUO2ITjgmEvkY
|
||||||
|
alex@lemmy
|
||||||
|
sudo: yes
|
||||||
|
docker: yes
|
||||||
|
- logname: "tux"
|
||||||
|
viewname: "Stefan Haun"
|
||||||
|
email: "tux@netz39.de"
|
||||||
|
ssh_pub:
|
||||||
|
- !unsafe >
|
||||||
|
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvxbl9eiBojG2zKw2eSftwaMpA4XeONJpPK++WBUBJi+4RhvtN+8YX55cGsRlAA2pvW1a6hxjuR/NEA0+EAZ8ueNaOrMJjHvuUSzO76YF1gHlusAbhYvNl4EYZz/lkrFM4oaa/4/WirgUvSKnpPQx2YgX/AEkIwzk6nQLve+NmijkWdWzaww5snjbAEsgo+iEqeLPRfzbxX4Esp8bqFy3qD0SGgJM8iWlUaWCoQI1HhU4lVBtwdR6cJQ3QnmhUidRLOpIpX1sBRM8Cnwc5g2u3OpsaxPd77+5hXtxKjQUby/YLGmr6L2x1tWYqkV+GZA0Lh3fwM0BjDVT/Y/a+HUVh tux@netz39.de
|
||||||
|
sudo: yes
|
||||||
|
docker: yes
|
||||||
|
|
||||||
|
hosts:
|
||||||
|
tau.netz39.de:
|
||||||
|
|
||||||
children:
|
children:
|
||||||
tau:
|
tau:
|
||||||
hosts:
|
hosts:
|
||||||
tau.netz39.de
|
tau.netz39.de:
|
||||||
|
|
6
main.yml
6
main.yml
|
@ -6,7 +6,6 @@
|
||||||
ansible_python_interpreter: /usr/bin/python3
|
ansible_python_interpreter: /usr/bin/python3
|
||||||
|
|
||||||
server_admin: "admin@netz39.de"
|
server_admin: "admin@netz39.de"
|
||||||
admin_users: [tux, alex]
|
|
||||||
|
|
||||||
ag_timezone: Europe/Berlin
|
ag_timezone: Europe/Berlin
|
||||||
|
|
||||||
|
@ -47,13 +46,12 @@
|
||||||
unattended_mail: 'root'
|
unattended_mail: 'root'
|
||||||
|
|
||||||
- name: Setup users
|
- name: Setup users
|
||||||
include_tasks: tasks/users.yml
|
include_role:
|
||||||
|
name: users
|
||||||
|
|
||||||
- name: Install Docker
|
- name: Install Docker
|
||||||
include_role:
|
include_role:
|
||||||
name: install-docker
|
name: install-docker
|
||||||
vars:
|
|
||||||
docker_users: "{{ admin_users }}"
|
|
||||||
|
|
||||||
- name: Setup Docker Environment
|
- name: Setup Docker Environment
|
||||||
include_tasks: tasks/docker_env.yml
|
include_tasks: tasks/docker_env.yml
|
||||||
|
|
|
@ -79,7 +79,8 @@
|
||||||
|
|
||||||
- name: Place admin users in docker group
|
- name: Place admin users in docker group
|
||||||
user:
|
user:
|
||||||
name: "{{ item }}"
|
name: "{{ item.logname }}"
|
||||||
groups: docker
|
groups: docker
|
||||||
append: yes
|
append: yes
|
||||||
with_items: "{{ docker_users }}"
|
when: item.docker == true
|
||||||
|
with_items: "{{ users }}"
|
||||||
|
|
40
roles/users/tasks/main.yml
Normal file
40
roles/users/tasks/main.yml
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
---
|
||||||
|
|
||||||
|
- name: Ensure sudo is installed
|
||||||
|
package:
|
||||||
|
name:
|
||||||
|
- sudo
|
||||||
|
state: present
|
||||||
|
|
||||||
|
- name: Configure group sudo for sudoers without password
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/sudoers
|
||||||
|
state: present
|
||||||
|
regexp: '^%sudo\s'
|
||||||
|
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
||||||
|
validate: /usr/sbin/visudo -cf %s
|
||||||
|
|
||||||
|
- name: Add users | create users' shell and home dir
|
||||||
|
user:
|
||||||
|
name: "{{ item.logname }}"
|
||||||
|
shell: /bin/bash
|
||||||
|
createhome: yes
|
||||||
|
comment: "{{ item.viewname }}"
|
||||||
|
with_items: "{{ users }}"
|
||||||
|
|
||||||
|
- name: Add authorized keys for user
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ item.0.logname }}"
|
||||||
|
key: "{{ item.1 }}"
|
||||||
|
state: present
|
||||||
|
with_subelements:
|
||||||
|
- "{{ users }}"
|
||||||
|
- ssh_pub
|
||||||
|
|
||||||
|
- name: Place user in sudo group
|
||||||
|
user:
|
||||||
|
name: "{{ item.logname }}"
|
||||||
|
groups: sudo
|
||||||
|
append: yes
|
||||||
|
when: item.sudo == true
|
||||||
|
with_items: "{{ users }}"
|
|
@ -1,6 +0,0 @@
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDVZPAE3XE8Ek1Ji4sCIHxLVx+bi2qpsTSsYhBqtYysnFn9AHJj14BR59D0Si05sfVkmL4OQoo7Q98oIxy33PgtqoUfgXk9dc7dlsye3t/gsAb25ABnqG/ZYe65nZLN7BzRM1/QZIbd6sSu6eXrNFCh0ikB5se4zgVkDO8t6h2dnz4FvTuIM2Bi/PnIJTqb8+uLQE1vS3A7tTx100ZKXxr81dlo2Y1JBP6WrS1W1IyFiG6wofl2XTY02ssyoENQyR89lLMJYKvm5xlhL/L69gtMsqIX9UBQFk8Rpq04ZIwN6b0K4R142GZvxdJNdQULgtI3gPkKgH7FDoFsRHNA6b/9 adahl@ada
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDvczlb1+9d1BjuLk5ZcQt2Z0Dh61Vg91i47tM48CN2koJ4I/9vgN37l6mnr383zD8kQkXDGmCYpXOa48WocyyUuP3h75DCjANYcWOsohQfFu2F1ZOiiVCGduDntzS2nbZEF2W3nZNLQ6/dKKEeaSxu5RjKflkWakghkMt3H4KN20bxzYzHQMLhRYFEGHpskOqeaXKPkqqEP+u5kToINtmXwegCvQFnlx4fNrysFII79buBNlcLsO1X4ABucVMYT/OJnBpJEfEcNFUKrJZRGgM8aDbUpkV9LRY2lywvoKJhiRMc7x7kK0LWOTdPJri+SJhW6fEW4JKCRTSHVN8OS8S/ alex@buffy
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsGvQ1COtwA4ERf+Z/IMxlw4RadCVKIQzB6v8n20dDM+bfBmTxk7NeSGbdB/vjvUV0Oq47KfDISDAlwhSv0aSpij3d7twPWrFz7eoFWAGO2mnz39btA1i9ygMypsP56NHZDsgokPoCSX3viKyFhh6qgt6cCOJYwLZix4VoFKaQ7GlqoVKAHz9v3r/Lq15oTRcCoqP7FID4Fp1a51fY2XQltALoQnfZVhqpnJB30U0uv79QCAHS5IC75fmRjm1vo/mmu0Kbu4+KfU2+MIpzx2Y6xyntIpB1Nuk9Xn1ptKw1CmgKcNOKNGkKuegripoAHv6oylTjge61ksDPjhAyisNGQ== alex@falbala
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqx9VCxrcbUrGJ9MOTcS0Jq09bZz3gNKL4mvOXhnMhjbt0IrEENcexwVbk4pSHsezz4LKapvqmT+0U4WiCsU/DtwzLlV7Qgbjoo+Buwzll9Hi+xGn6xIHwvAZoltj2IioIIQgRxF+B/mqGaOU2KN/Yq/2ODMGvPj00VQ2+otLX3XrFoUJX5oot7GsonY2RxrSgOhWCosApgt4MxcuKjyS6VS8RDfdNn522VEPlKevUz5gY7sK5cKcAS3j29+VdXpqewa6jcz0KmQroLXFyJzPkTH2lt5AIurojGtZqbkas/TQPSExun9XpkA3gxuwVKD/uLl/R/7ecagNKdl/+Rtsbw== alex@tiffy
|
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC92+JJ7C0WYgripJ9hSIb2D/QMzw/rMmeFTTcO34DJNAVIQtq9nb8Ev7s8Bjz3VR7/LS4kQlyB6dp1RLuObPYRafY0695lja4lwgy7iY1OAYCNM71OYyyztcoHEz3fGO4tzNx5Z1tI9zLpS1Wr7ENeKOKBqmFIgZno67Gq+NZr3LHNvnvAsbMsZXOdnld0LmG0Um35WEN60UYz3k6QUYBfaYrHnX2OP9auK5QDnd2jVTdNLRbBus7VtIsCfK3szLa+dFyd/ISPCB/YsZj1i0WmO766Y4GqFTZhIZUok4JuU8pl/7Y9CSKRMx4sp/3LYIAyOsL5EJxmg3fEfYsRK0gb alex@toshy
|
|
||||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmU7MfOFuc6z5Vbwh4CbBFSg19f8B9rUO2ITjgmEvkY alex@lemmy
|
|
|
@ -1 +0,0 @@
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvxbl9eiBojG2zKw2eSftwaMpA4XeONJpPK++WBUBJi+4RhvtN+8YX55cGsRlAA2pvW1a6hxjuR/NEA0+EAZ8ueNaOrMJjHvuUSzO76YF1gHlusAbhYvNl4EYZz/lkrFM4oaa/4/WirgUvSKnpPQx2YgX/AEkIwzk6nQLve+NmijkWdWzaww5snjbAEsgo+iEqeLPRfzbxX4Esp8bqFy3qD0SGgJM8iWlUaWCoQI1HhU4lVBtwdR6cJQ3QnmhUidRLOpIpX1sBRM8Cnwc5g2u3OpsaxPd77+5hXtxKjQUby/YLGmr6L2x1tWYqkV+GZA0Lh3fwM0BjDVT/Y/a+HUVh tux@netz39.de
|
|
Loading…
Reference in a new issue