diff --git a/group_vars/all/all b/group_vars/all/all index 7eb77f3..2d841ab 100644 --- a/group_vars/all/all +++ b/group_vars/all/all @@ -1,8 +1,24 @@ ##ansible_python_interpreter: /usr/bin/python2 user: name: vincent + home: /home/vincent uid: 1024 mail: vincent@ducamps.win + groups: + - docker + + authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc + privatekey: + - keyname: "id_gitea" + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" + - keyname: "id_consort" + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:consort')}}" + + + domain: name: ducamps.win @@ -14,21 +30,26 @@ JD_myJDPassword: "{{ vault_MyJdownloader }}" JD_defaultdownloadfolder: /mnt/diskstation/media/download/incomplete system_arch_local_mirror: "https://arch.{{domain.name}}" -privatekeytodeploy: - - user: "{{user.name}}" - keyfile: "/home/{{user.name}}/.ssh/id_consort" - privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:consort')}}" - - user: "{{user.name}}" - keyfile: "/home/{{user.name}}/.ssh/id_gitea" - privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" - - user: root - keyfile: /root/.ssh/id_gitea - privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" +system_sudoers_group: "workstationAdmin" + +user_custom_host: + - host: "git.ducamps.win" + user: "git" + keyfile: "~/.ssh/id_gitea" + - host: "gitlab.com" + user: "git" + keyfile: "~/.ssh/id_consort" + +user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git" +system_user: + - name: ansible + home: /home/ansible + shell: /bin/bash + + - name: root + home: /root + privatekey: + - keyname: id_gitea + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" + -system_ssh_custom_host: - - host: git.ducamps.win - user: git - keyfile: ~/.ssh/id_gitea - - host: gitlab.com - user: git - keyfile: ~/.ssh/id_consort diff --git a/playbooks/user_config.yml b/playbooks/user_config.yml new file mode 100644 index 0000000..f88f133 --- /dev/null +++ b/playbooks/user_config.yml @@ -0,0 +1,27 @@ +--- +- hosts: all + + roles: + - role: ansible-user + vars: + user_name: "{{ user.name }}" + user_ldap: "{{ sssd_configure}}" + user_password: "{{ userPassword }}" + user_authorized_key: "{{ user.authorized_keys}}" + user_privatekey: "{{ user.privatekey}}" + user_shell: "/bin/zsh" + user_uid: "{{ user.uid }}" + user_groups: + - docker + become: true + become_user: "{{ user.name }}" + - role: user_config + vars: + user_config_username: "{{ user.name }}" + become_user: "{{ user.name }}" + become: true + - role: user_config + vars: + user_config_username: root + become: true + diff --git a/playbooks/workstation.yml b/playbooks/workstation.yml index b81f815..81011a8 100644 --- a/playbooks/workstation.yml +++ b/playbooks/workstation.yml @@ -1,10 +1,26 @@ --- - hosts: workstation + tasks: + - name: create user + ansible.builtin.include_role: + name: "ansible-user" + apply: + become: true + vars: + user_name: "{{ create.name }}" + user_home: "{{ create.home }}" + user_groups: "{{ create.groups|default('') }}" + user_shell: "{{ create.shell|default('') }}" + user_authorized_key: "{{ create.authorized_keys|default([]) }}" + user_privatekey: "{{ create.privatekey|default([])}}" + loop: "{{system_user}}" + loop_control: + loop_var: create + roles: - system - autofs - syncthing - - user_config - ansible-manager - mpd - virt diff --git a/roles/requirements.yml b/roles/requirements.yml index 248ad3d..ce8cf15 100644 --- a/roles/requirements.yml +++ b/roles/requirements.yml @@ -37,3 +37,6 @@ scm: git - src: ssh://git@git.ducamps.win:2222/ansible-roles/syncthing.git scm: git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-user.git + scm: git + diff --git a/site.yml b/site.yml index fd02b19..c4210cf 100644 --- a/site.yml +++ b/site.yml @@ -1,3 +1,4 @@ --- - import_playbook: playbooks/sssd.yml - import_playbook: playbooks/workstation.yml +- import_playbook: playbooks/user_config.yml