feat: move user task in dedicated playbook and role

This commit is contained in:
vincent 2023-01-15 14:39:10 +01:00
parent b00763ddce
commit f8a19d3e65
6 changed files with 81 additions and 47 deletions

View File

@ -1,9 +1,20 @@
##ansible_python_interpreter: /usr/bin/python2 ##ansible_python_interpreter: /usr/bin/python2
user: user:
name: vincent name: vincent
home: /home/vincent
uid: 1024 uid: 1024
mail: vincent@ducamps.win mail: vincent@ducamps.win
groups:
- docker
authorized_keys:
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc
privatekey:
- keyname: "id_gitea"
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
user_config_repo: "ssh://git@git.{{ domain.name }}:2222/vincent/conf2.git"
domain: domain:
name: ducamps.win name: ducamps.win
@ -11,14 +22,14 @@ hass_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfVei9iC/Ra5qmSZcLu8z2CTa
system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch" system_arch_local_mirror: "https://arch.{{domain.name}}/repo/archlinux_$arch"
privatekeytodeploy:
- user: "{{user.name}}" system_sudoers_group: "serverAdmin"
keyfile: "/home/{{user.name}}/.ssh/id_gitea"
privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" user_custom_host:
- user: root - host: "git.ducamps.win"
keyfile: /root/.ssh/id_gitea user: "git"
privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" keyfile: "~/.ssh/id_gitea"
- user: ansible - host: "gitlab.com"
keyfile: "/home/ansible/.ssh/id_gitea" user: "git"
privatekey: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}" keyfile: "~/.ssh/id_consort"

View File

@ -17,25 +17,26 @@ msmtp_mailhub: smtp.{{ domain.name }}
msmtp_auth_user: "{{ user.mail }}" msmtp_auth_user: "{{ user.mail }}"
msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}" msmtp_auth_pass: "{{ lookup('hashi_vault','secret=secrets/data/ansible/other:email') }}"
docker_users: "{{user.name}}"
system_user: system_user:
- name: drone-deploy - name: drone-deploy
home: /home/drone-deploy home: /home/drone-deploy
shell: /bin/bash shell: /bin/bash
privatekey:
keystodeploy: - keyname: id_gitea
- name: juicessh with password key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"
user: "{{user.name}}"
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5V9WPPi2/HwAQuDeaJO3hUPf8HxNMHqVmkf1pDjWg JuiceSSH
- name: fixe-pc new authorized_keys:
user: "{{user.name}}" - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDBrP9akjyailPU9tUMvKrtDsqjI191W1L95u3OFjBqqapXgbDVx1FVtSlIIKcCHZyTII1zgC7woZmNRpmaIJRh6N+VIuRrRs29xx2GUVc4pxflUwwIAK36hgZS3nqmA2biacmPR9HogZLZMcPtZdLhWGlLuUv1cWqbqW7UcDa0lbubCo2v4OQMx/zt37voKAZSkkbH9mVszH6eKxNFy1KXbLYhwXiKfYBnAHbivhiSkZUGV6D4HNj8Jx6IY1YF3bfwMXmt841Q/7OY+t3RTIS8ewvSF+jpQ7GKHBEsZTZUGwIoSyZFFvCgKQVOJu/ZJJS4HNkluilir9Sxtx2LRgy+HHQ251trnsVsJp3ts4uTiMkKJQy1PXy1ZvQXYkip9Af3vlXUMmTyVj8cv+No07G1rZ1pZ3wXKX4RkTsoep5GsYlhyUd7GzsAQQiX9YhYyWDQ6NHBYAGAWbw2BLNxltWa4AyWOa1C8v+1+mRwdvpdMY7powJNCXQaIJmiOZiI/Us= vincent@fixe-pc-2020-03-01
- name: zen-pc - name: ansible
user: "{{user.name}}" home: /home/ansible
sshkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCYHkEIa38p3e4+m/LScHm8Ei7H2X/pDksjVAzoJ4fHr8oXc6DKkC8SWwMnh3L4WzWBhfTbzwUgFTNpsxhp/UyJf+fdzmzetlbVlYSuA6yWuSmgMeFbXFImhZ+Sn3i59hLeqAAyrkQLjba2waehdEsuOQ/AGoDbMYm38Xf9Wka/1YIeUPE4gLeLvymRnGw7BSug6Unycy52WlFAquollObOvc7tNiX0uLDh81Dp0KZhqWRs75hfmQ9du4g4uNhFLiF11hOGNgj3PWV+nWe8GWNQYVUBChWX1dsP8ct/ahG9IFXSPEaFD1IZeFp29u2ln3mgKkBtcRTRe1e3CLQqiRsUq2aixVFbSgFMFgGSUiNGNqKR4f9DeyJrYBplSj6HXjWoBny4Wm8+yfk8qR2RtQpS6AUu81xtKnXOaj9Q5VZO3kVF0U3EXHAZutTYDj9mDlhLSBS7x7hmrkRBbIy7adSx9Gx5Ck3/RllqG6KD+LdJa4I0pUTRNetpLpYDeZpwjnDP1r7udaSQMyRMH5YKLzhtHqIV/imn9QO4KCxNxTgwxt9ho6HDvlDGERCxm+yeHUu3CPyq2ZGSF5HHsYTGUtYvQw4JfQyw/5DrZ7IIdU1e7ZuaE3h/NvFgKJPVTP52nmUtIW7pIOkHpn9mddjm/oKMayOzMspLn9HLFVbqi7A5Xw== vincent@zen-pc shell: /bin/bash
- name: drone
user: drone-deploy - name: root
sshkey: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUaK+pQlosmopbZfucll9UdqDOTaODOBwoxRwkJEk1i drone@oscar home: /root
privatekey:
- keyname: id_gitea
key: "{{lookup('hashi_vault', 'secret=secrets/data/ansible/privatekey:gitea')}}"

View File

@ -4,6 +4,22 @@
- VPS - VPS
vars: vars:
# certbot_force: true # certbot_force: true
tasks:
- name: create user
include_role:
name: "ansible-user"
apply:
become: true
vars:
user_name: "{{ create.name }}"
user_home: "{{ create.home }}"
user_groups: "{{ create.groups|default('') }}"
user_shell: "{{ create.shell|default('') }}"
user_authorized_key: "{{ create.authorized_keys|default([]) }}"
user_privatekey: "{{ create.privatekey|default([])}}"
loop: "{{system_user}}"
loop_control:
loop_var: create
roles: roles:
- system - system
- autofs - autofs

View File

@ -3,22 +3,4 @@
roles: roles:
- role: ansible-role-sssd - role: ansible-role-sssd
become: true become: true
tasks:
- name: simulate login
stat:
path: "/home/{{user.name}}"
become: true
become_user: "{{user.name}}"
when: sssd_configure == true
- name: create profil
user:
name: "{{user.name}}"
create_home: yes
password: "{{userPassword}}"
system: no
state: present
ssh_key_file: .ssh/id_rsa
uid: "{{ user.uid }}"
shell: /bin/bash
when: sssd_configure is not defined or sssd_configure == false
become: true

View File

@ -1,5 +1,27 @@
--- ---
- hosts: all - hosts: all
vars:
roles: roles:
- user_config - role: ansible-user
vars:
user_name: "{{ user.name }}"
user_ldap: "{{ sssd_configure}}"
user_password: "{{ userPassword }}"
user_authorized_key: "{{ user.authorized_keys}}"
user_privatekey: "{{ user.privatekey}}"
user_shell: "/bin/zsh"
user_uid: "{{ user.uid }}"
user_groups:
- docker
become: true
become_user: "{{ user.name }}"
- role: user_config
vars:
user_config_username: "{{ user.name }}"
become_user: "{{ user.name }}"
become: true
- role: user_config
vars:
user_config_username: root
become: true

View File

@ -35,3 +35,5 @@
scm: git scm: git
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-dhcpd.git - src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-dhcpd.git
scm: git scm: git
- src: ssh://git@git.ducamps.win:2222/ansible-roles/ansible-user.git
scm: git