vincent/ansible
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

feat: kepp user config in dedicated role
Some checks failed
continuous-integration/drone/push Build is failing
Details

Browse Source
This commit is contained in:
vincent 2023-01-15 16:57:12 +01:00
parent 506225b7f8
commit 417e6adf0b
5 changed files with 86 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
group_vars/all/all
View File

@ -1,8 +1,24 @@
##ansible_python_interpreter: /usr/bin/python2 ##ansible_python_interpreter: /usr/bin/python2
user: user:
name: vincent name: vincent
home: /home/vincent
uid: 1024 uid: 1024
mail: vincent@ducamps.win mail: vincent@ducamps.win
groups:
- docker
authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
privatekey:
- keyname: "id_gitea"
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
- keyname: "id_consort"
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:consort')}}"
domain: domain:
name: ducamps.win name: ducamps.win
@ -14,21 +30,26 @@ JD_myJDPassword: "{{ vault_MyJdownloader }}"
JD_defaultdownloadfolder: /mnt/diskstation/media/download/incomplete JD_defaultdownloadfolder: /mnt/diskstation/media/download/incomplete
system_arch_local_mirror: "https://arch.{{domain.name}}" system_arch_local_mirror: "https://arch.{{domain.name}}"
privatekeytodeploy: system_sudoers_group: "workstationAdmin"
- user: "{{user.name}}"
keyfile: "/home/{{user.name}}/.ssh/id_consort" user_custom_host:
privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:consort')}}" - host: "git.ducamps.win"
- user: "{{user.name}}" user: "git"
keyfile: "/home/{{user.name}}/.ssh/id_gitea" keyfile: "~/.ssh/id_gitea"
privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" - host: "gitlab.com"
- user: root user: "git"
keyfile: /root/.ssh/id_gitea keyfile: "~/.ssh/id_consort"
privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git"
system_user:
- name: ansible
home: /home/ansible
shell: /bin/bash
- name: root
home: /root
privatekey:
- keyname: id_gitea
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
system_ssh_custom_host:
- host: git.ducamps.win
user: git
keyfile: ~/.ssh/id_gitea
- host: gitlab.com
user: git
keyfile: ~/.ssh/id_consort

27
playbooks/user_config.yml Normal file
View File

@ -0,0 +1,27 @@
---
- hosts: all
roles:
- role: ansible-user
vars:
user_name: "{{ user.name }}"
user_ldap: "{{ sssd_configure}}"
user_password: "{{ userPassword }}"
user_authorized_key: "{{ user.authorized_keys}}"
user_privatekey: "{{ user.privatekey}}"
user_shell: "/bin/zsh"
user_uid: "{{ user.uid }}"
user_groups:
- docker
become: true
become_user: "{{ user.name }}"
- role: user_config
vars:
user_config_username: "{{ user.name }}"
become_user: "{{ user.name }}"
become: true
- role: user_config
vars:
user_config_username: root
become: true

18
playbooks/workstation.yml
View File

@ -1,10 +1,26 @@
--- ---
- hosts: workstation - hosts: workstation
tasks:
- name: create user
ansible.builtin.include_role:
name: "ansible-user"
apply:
become: true
vars:
user_name: "{{ create.name }}"
user_home: "{{ create.home }}"
user_groups: "{{ create.groups|default('') }}"
user_shell: "{{ create.shell|default('') }}"
user_authorized_key: "{{ create.authorized_keys|default([]) }}"
user_privatekey: "{{ create.privatekey|default([])}}"
loop: "{{system_user}}"
loop_control:
loop_var: create
roles: roles:
- system - system
- autofs - autofs
- syncthing - syncthing
- user_config
- ansible-manager - ansible-manager
- mpd - mpd
- virt - virt

3
roles/requirements.yml
View File

@ -37,3 +37,6 @@
scm: git scm: git
- src: ssh://git@git.ducamps.win:2222/ansible-roles/syncthing.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/syncthing.git
scm: git scm: git
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-user.git
scm: git

1
site.yml
View File

@ -1,3 +1,4 @@
--- ---
- import_playbook: playbooks/sssd.yml - import_playbook: playbooks/sssd.yml
- import_playbook: playbooks/workstation.yml - import_playbook: playbooks/workstation.yml
- import_playbook: playbooks/user_config.yml