diff --git a/ansible/group_vars/all/all b/ansible/group_vars/all/all index ac54a13..a1e4ecc 100644 --- a/ansible/group_vars/all/all +++ b/ansible/group_vars/all/all @@ -1,9 +1,20 @@ ##ansible_python_interpreter: /usr/bin/python2 user: name: vincent + home: /home/vincent uid: 1024 mail: vincent@ducamps.win + groups: + - docker + authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc + privatekey: + - keyname: "id_gitea" + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" +user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git" domain: name: ducamps.win @@ -11,14 +22,14 @@ hass_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfVei9iC/Ra5qmSZcLu8z2CTa system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch" -privatekeytodeploy: - - user: "{{user.name}}" - keyfile: "/home/{{user.name}}/.ssh/id_gitea" - privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" - - user: root - keyfile: /root/.ssh/id_gitea - privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" - - user: ansible - keyfile: "/home/ansible/.ssh/id_gitea" - privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" + +system_sudoers_group: "serverAdmin" + +user_custom_host: + - host: "git.ducamps.win" + user: "git" + keyfile: "~/.ssh/id_gitea" + - host: "gitlab.com" + user: "git" + keyfile: "~/.ssh/id_consort" diff --git a/ansible/group_vars/all/server b/ansible/group_vars/all/server index 6e403ca..b2f08ea 100644 --- a/ansible/group_vars/all/server +++ b/ansible/group_vars/all/server @@ -17,25 +17,26 @@ msmtp_mailhub: smtp.{{ domain.name }} msmtp_auth_user: "{{ user.mail }}" msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}" -docker_users: "{{user.name}}" - system_user: - name: drone-deploy home: /home/drone-deploy shell: /bin/bash - -keystodeploy: - - name: juicessh with password - user: "{{user.name}}" - sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH - - name: fixe-pc new - user: "{{user.name}}" - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01 - - name: zen-pc - user: "{{user.name}}" - sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc - - name: drone - user: drone-deploy - sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar + privatekey: + - keyname: id_gitea + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" + + + authorized_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar + + - name: ansible + home: /home/ansible + shell: /bin/bash + + - name: root + home: /root + privatekey: + - keyname: id_gitea + key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" diff --git a/ansible/playbooks/server.yml b/ansible/playbooks/server.yml index 505072d..5bf33e0 100644 --- a/ansible/playbooks/server.yml +++ b/ansible/playbooks/server.yml @@ -4,6 +4,22 @@ - VPS vars: # certbot_force: true + tasks: + - name: create user + include_role: + name: "ansible-user" + apply: + become: true + vars: + user_name: "{{ create.name }}" + user_home: "{{ create.home }}" + user_groups: "{{ create.groups|default('') }}" + user_shell: "{{ create.shell|default('') }}" + user_authorized_key: "{{ create.authorized_keys|default([]) }}" + user_privatekey: "{{ create.privatekey|default([])}}" + loop: "{{system_user}}" + loop_control: + loop_var: create roles: - system - autofs diff --git a/ansible/playbooks/sssd.yml b/ansible/playbooks/sssd.yml index 7058140..086ca14 100644 --- a/ansible/playbooks/sssd.yml +++ b/ansible/playbooks/sssd.yml @@ -3,22 +3,4 @@ roles: - role: ansible-role-sssd become: true - tasks: - - name: simulate login - stat: - path: "/home/{{user.name}}" - become: true - become_user: "{{user.name}}" - when: sssd_configure == true - - name: create profil - user: - name: "{{user.name}}" - create_home: yes - password: "{{userPassword}}" - system: no - state: present - ssh_key_file: .ssh/id_rsa - uid: "{{ user.uid }}" - shell: /bin/bash - when: sssd_configure is not defined or sssd_configure == false - become: true + diff --git a/ansible/playbooks/user_config.yml b/ansible/playbooks/user_config.yml index e2c0d2e..f88f133 100644 --- a/ansible/playbooks/user_config.yml +++ b/ansible/playbooks/user_config.yml @@ -1,5 +1,27 @@ --- - hosts: all - vars: + roles: - - user_config + - role: ansible-user + vars: + user_name: "{{ user.name }}" + user_ldap: "{{ sssd_configure}}" + user_password: "{{ userPassword }}" + user_authorized_key: "{{ user.authorized_keys}}" + user_privatekey: "{{ user.privatekey}}" + user_shell: "/bin/zsh" + user_uid: "{{ user.uid }}" + user_groups: + - docker + become: true + become_user: "{{ user.name }}" + - role: user_config + vars: + user_config_username: "{{ user.name }}" + become_user: "{{ user.name }}" + become: true + - role: user_config + vars: + user_config_username: root + become: true + diff --git a/ansible/roles/requirements.yml b/ansible/roles/requirements.yml index b9d9b12..4e2b2c9 100644 --- a/ansible/roles/requirements.yml +++ b/ansible/roles/requirements.yml @@ -35,3 +35,5 @@ scm: git - src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-dhcpd.git scm: git +- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-user.git + scm: git