feat: move user task in dedicated playbook and role

ansible/group_vars/all/all

@@ -1,9 +1,20 @@
 ##ansible_python_interpreter: /usr/bin/python2
 user:
     name: vincent
+    home: /home/vincent
     uid: 1024
     mail: vincent@ducamps.win
+    groups:
+        - docker
+    authorized_keys:
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
+        - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
+    privatekey:
+        - keyname: "id_gitea"
+          key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
 
+user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git"
 domain:
     name: ducamps.win
 
@@ -11,14 +22,14 @@ hass_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfVei9iC/Ra5qmSZcLu8z2CTa
 
 system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch"
 
-privatekeytodeploy:
+
-    - user: "{{user.name}}"
+system_sudoers_group: "serverAdmin"
-      keyfile: "/home/{{user.name}}/.ssh/id_gitea"
+
-      privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
+user_custom_host:
-    - user: root
+  - host: "git.ducamps.win"
-      keyfile: /root/.ssh/id_gitea
+    user: "git"
-      privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
+    keyfile: "~/.ssh/id_gitea"
-    - user: ansible
+  - host: "gitlab.com"
-      keyfile: "/home/ansible/.ssh/id_gitea"
+    user: "git"
-      privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
+    keyfile: "~/.ssh/id_consort"
 

ansible/group_vars/all/server

@@ -17,25 +17,26 @@ msmtp_mailhub: smtp.{{ domain.name }}
 msmtp_auth_user: "{{ user.mail }}"
 msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
 
-docker_users: "{{user.name}}"
-
 system_user:
     - name: drone-deploy
       home: /home/drone-deploy
       shell: /bin/bash
-
+      privatekey:
-keystodeploy:
+        - keyname: id_gitea
-    - name: juicessh with password
+          key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
-      user: "{{user.name}}"
+
-      sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
+
-    - name: fixe-pc new
+      authorized_keys: 
-      user: "{{user.name}}"
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
-      sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
+
-    - name: zen-pc
+    - name: ansible
-      user: "{{user.name}}"
+      home: /home/ansible
-      sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
+      shell: /bin/bash
-    - name: drone
+
-      user: drone-deploy
+    - name: root
-      sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
+      home: /root
+      privatekey:
+        - keyname: id_gitea
+          key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
 
 

ansible/playbooks/server.yml

@@ -4,6 +4,22 @@
     - VPS
   vars:
   # certbot_force: true
+  tasks:
+    - name: create user
+      include_role:
+        name: "ansible-user"
+        apply:
+          become: true
+      vars:
+        user_name: "{{ create.name }}"
+        user_home: "{{ create.home }}"
+        user_groups: "{{ create.groups|default('') }}"
+        user_shell: "{{ create.shell|default('') }}"
+        user_authorized_key: "{{ create.authorized_keys|default([]) }}"
+        user_privatekey: "{{ create.privatekey|default([])}}"
+      loop: "{{system_user}}"
+      loop_control:
+        loop_var: create
   roles:
     - system
     - autofs

ansible/playbooks/sssd.yml

@@ -3,22 +3,4 @@
   roles:
     - role: ansible-role-sssd
       become: true
-  tasks:
+
-    - name: simulate login
-      stat:
-        path: "/home/{{user.name}}"
-      become: true
-      become_user: "{{user.name}}"
-      when: sssd_configure == true
-    - name: create profil
-      user:
-        name: "{{user.name}}"
-        create_home: yes 
-        password: "{{userPassword}}" 
-        system: no 
-        state: present 
-        ssh_key_file: .ssh/id_rsa 
-        uid: "{{ user.uid }}"
-        shell: /bin/bash
-      when: sssd_configure is not defined or sssd_configure == false
-      become: true

ansible/playbooks/user_config.yml

@@ -1,5 +1,27 @@
 ---
 - hosts: all
-  vars:
+
   roles:
-    - user_config
+    - role: ansible-user
+      vars:
+        user_name: "{{ user.name }}"
+        user_ldap: "{{ sssd_configure}}"
+        user_password: "{{ userPassword }}"
+        user_authorized_key: "{{ user.authorized_keys}}"
+        user_privatekey: "{{ user.privatekey}}"
+        user_shell: "/bin/zsh"
+        user_uid: "{{ user.uid }}"
+        user_groups:
+          - docker
+      become: true
+      become_user: "{{ user.name }}"
+    - role: user_config
+      vars:
+        user_config_username: "{{ user.name }}"
+      become_user: "{{ user.name }}"
+      become: true
+    - role: user_config
+      vars:
+        user_config_username: root
+      become: true
+

ansible/roles/requirements.yml

@@ -35,3 +35,5 @@
   scm: git
 - src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-dhcpd.git
   scm: git
+- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-user.git
+  scm: git