feat: move user task in dedicated playbook and role
This commit is contained in:
parent
b00763ddce
commit
f8a19d3e65
@ -1,9 +1,20 @@
|
|||||||
##ansible_python_interpreter: /usr/bin/python2
|
##ansible_python_interpreter: /usr/bin/python2
|
||||||
user:
|
user:
|
||||||
name: vincent
|
name: vincent
|
||||||
|
home: /home/vincent
|
||||||
uid: 1024
|
uid: 1024
|
||||||
mail: vincent@ducamps.win
|
mail: vincent@ducamps.win
|
||||||
|
groups:
|
||||||
|
- docker
|
||||||
|
authorized_keys:
|
||||||
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
|
||||||
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
|
||||||
|
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
|
||||||
|
privatekey:
|
||||||
|
- keyname: "id_gitea"
|
||||||
|
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
||||||
|
|
||||||
|
user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git"
|
||||||
domain:
|
domain:
|
||||||
name: ducamps.win
|
name: ducamps.win
|
||||||
|
|
||||||
@ -11,14 +22,14 @@ hass_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfVei9iC/Ra5qmSZcLu8z2CTa
|
|||||||
|
|
||||||
system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch"
|
system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch"
|
||||||
|
|
||||||
privatekeytodeploy:
|
|
||||||
- user: "{{user.name}}"
|
system_sudoers_group: "serverAdmin"
|
||||||
keyfile: "/home/{{user.name}}/.ssh/id_gitea"
|
|
||||||
privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
user_custom_host:
|
||||||
- user: root
|
- host: "git.ducamps.win"
|
||||||
keyfile: /root/.ssh/id_gitea
|
user: "git"
|
||||||
privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
keyfile: "~/.ssh/id_gitea"
|
||||||
- user: ansible
|
- host: "gitlab.com"
|
||||||
keyfile: "/home/ansible/.ssh/id_gitea"
|
user: "git"
|
||||||
privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
keyfile: "~/.ssh/id_consort"
|
||||||
|
|
||||||
|
@ -17,25 +17,26 @@ msmtp_mailhub: smtp.{{ domain.name }}
|
|||||||
msmtp_auth_user: "{{ user.mail }}"
|
msmtp_auth_user: "{{ user.mail }}"
|
||||||
msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
|
msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
|
||||||
|
|
||||||
docker_users: "{{user.name}}"
|
|
||||||
|
|
||||||
system_user:
|
system_user:
|
||||||
- name: drone-deploy
|
- name: drone-deploy
|
||||||
home: /home/drone-deploy
|
home: /home/drone-deploy
|
||||||
shell: /bin/bash
|
shell: /bin/bash
|
||||||
|
privatekey:
|
||||||
keystodeploy:
|
- keyname: id_gitea
|
||||||
- name: juicessh with password
|
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
||||||
user: "{{user.name}}"
|
|
||||||
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
|
|
||||||
- name: fixe-pc new
|
authorized_keys:
|
||||||
user: "{{user.name}}"
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
|
||||||
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
|
|
||||||
- name: zen-pc
|
- name: ansible
|
||||||
user: "{{user.name}}"
|
home: /home/ansible
|
||||||
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
|
shell: /bin/bash
|
||||||
- name: drone
|
|
||||||
user: drone-deploy
|
- name: root
|
||||||
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
|
home: /root
|
||||||
|
privatekey:
|
||||||
|
- keyname: id_gitea
|
||||||
|
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
|
||||||
|
|
||||||
|
|
||||||
|
@ -4,6 +4,22 @@
|
|||||||
- VPS
|
- VPS
|
||||||
vars:
|
vars:
|
||||||
# certbot_force: true
|
# certbot_force: true
|
||||||
|
tasks:
|
||||||
|
- name: create user
|
||||||
|
include_role:
|
||||||
|
name: "ansible-user"
|
||||||
|
apply:
|
||||||
|
become: true
|
||||||
|
vars:
|
||||||
|
user_name: "{{ create.name }}"
|
||||||
|
user_home: "{{ create.home }}"
|
||||||
|
user_groups: "{{ create.groups|default('') }}"
|
||||||
|
user_shell: "{{ create.shell|default('') }}"
|
||||||
|
user_authorized_key: "{{ create.authorized_keys|default([]) }}"
|
||||||
|
user_privatekey: "{{ create.privatekey|default([])}}"
|
||||||
|
loop: "{{system_user}}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: create
|
||||||
roles:
|
roles:
|
||||||
- system
|
- system
|
||||||
- autofs
|
- autofs
|
||||||
|
@ -3,22 +3,4 @@
|
|||||||
roles:
|
roles:
|
||||||
- role: ansible-role-sssd
|
- role: ansible-role-sssd
|
||||||
become: true
|
become: true
|
||||||
tasks:
|
|
||||||
- name: simulate login
|
|
||||||
stat:
|
|
||||||
path: "/home/{{user.name}}"
|
|
||||||
become: true
|
|
||||||
become_user: "{{user.name}}"
|
|
||||||
when: sssd_configure == true
|
|
||||||
- name: create profil
|
|
||||||
user:
|
|
||||||
name: "{{user.name}}"
|
|
||||||
create_home: yes
|
|
||||||
password: "{{userPassword}}"
|
|
||||||
system: no
|
|
||||||
state: present
|
|
||||||
ssh_key_file: .ssh/id_rsa
|
|
||||||
uid: "{{ user.uid }}"
|
|
||||||
shell: /bin/bash
|
|
||||||
when: sssd_configure is not defined or sssd_configure == false
|
|
||||||
become: true
|
|
||||||
|
@ -1,5 +1,27 @@
|
|||||||
---
|
---
|
||||||
- hosts: all
|
- hosts: all
|
||||||
vars:
|
|
||||||
roles:
|
roles:
|
||||||
- user_config
|
- role: ansible-user
|
||||||
|
vars:
|
||||||
|
user_name: "{{ user.name }}"
|
||||||
|
user_ldap: "{{ sssd_configure}}"
|
||||||
|
user_password: "{{ userPassword }}"
|
||||||
|
user_authorized_key: "{{ user.authorized_keys}}"
|
||||||
|
user_privatekey: "{{ user.privatekey}}"
|
||||||
|
user_shell: "/bin/zsh"
|
||||||
|
user_uid: "{{ user.uid }}"
|
||||||
|
user_groups:
|
||||||
|
- docker
|
||||||
|
become: true
|
||||||
|
become_user: "{{ user.name }}"
|
||||||
|
- role: user_config
|
||||||
|
vars:
|
||||||
|
user_config_username: "{{ user.name }}"
|
||||||
|
become_user: "{{ user.name }}"
|
||||||
|
become: true
|
||||||
|
- role: user_config
|
||||||
|
vars:
|
||||||
|
user_config_username: root
|
||||||
|
become: true
|
||||||
|
|
||||||
|
@ -35,3 +35,5 @@
|
|||||||
scm: git
|
scm: git
|
||||||
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-dhcpd.git
|
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-dhcpd.git
|
||||||
scm: git
|
scm: git
|
||||||
|
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-user.git
|
||||||
|
scm: git
|
||||||
|
Loading…
Reference in New Issue
Block a user