diff options
author | Christian Pointner <equinox@spreadspace.org> | 2017-12-16 18:27:38 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2017-12-16 18:27:38 +0100 |
commit | 8e366699a69045664758f7496b7a145bee33e0b7 (patch) | |
tree | 2daa8c94e0c697b0d27ce9d6604c12c8a97187ce | |
parent | kubernetes base for dione and helene (diff) |
added admin-user role
-rw-r--r-- | group_vars/all/vars.yaml | 6 | ||||
-rw-r--r-- | host_vars/dione.yaml | 6 | ||||
-rw-r--r-- | host_vars/helene.yaml | 6 | ||||
-rw-r--r-- | playbooks/dione.yaml | 1 | ||||
-rw-r--r-- | playbooks/helene.yaml | 1 | ||||
-rw-r--r-- | roles/admin-user/tasks/main.yaml | 17 | ||||
-rw-r--r-- | roles/base/tasks/main.yaml | 1 | ||||
-rw-r--r-- | roles/zsh/tasks/main.yaml | 6 |
8 files changed, 39 insertions, 5 deletions
diff --git a/group_vars/all/vars.yaml b/group_vars/all/vars.yaml index 89980566..65417f03 100644 --- a/group_vars/all/vars.yaml +++ b/group_vars/all/vars.yaml @@ -1,4 +1,10 @@ --- +equinox_user: + name: equinox + # password: "{{ vault_equinox_password }}" + shell: /bin/zsh + + ssh_keys: equinox: chaos: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDL8afqxWieebpxezBuLj2CIx/iAuTY9ziJt8JCJE0qYh+B2wXe9e+sPaKwz5yyS0X0MoEPHbYuVytxGQfGhdVR57gWWTYq5MBBFEqmu5MexAFKlNxad4TNQQwhs7rnI+lptKJO+rqeG/vaQBgao+61ZVwRR5Zr1zsXEoo5m4VB8VPo3TW0nSb97LdMyUmb1TaqDKJ5hrtrV6YcokXzE8FwHMK15oJsuJC7YUReijol3hGsRVw1H5S1zu4uDz7G32dPVxoLOPgupnf0SxnXdNVfNU50MHHSK68HzBXz4/rE1YLacRPloOhO7xegkWd5KGa09opEbUGzGu/lSXgHuAJpPgloy14cehDhLJ7F7SbXK4QBBtVgV+1CYXG2eJsRHIdkWiTWLuG+QZ4oEFLjQBjWpUYsEiDt9FEtSVCtKH2vBk26ps5yIoSCtYq6POvg9miGgcpQA6HHwh5ekVUaKRGWuMdAIvjvQSlCsFjYkxD1NpCgU1RhyWWTI3xTSKzTxcXiCWWZoBDJVoW46EpSvySsOpxL/hLxJwMR8ouc6cPRZZl3m51824Rv3LdEXNBmn3vnojzIvrOed3sxpD0+7+tbA4J1uTbAxtkOMhK94WXKiUAOD7e5bJYdzajvDD2T9tkj/Mqdo8z3iR2/yjkGMEAeWWVOQEh7QhQS7OFEAKK4fw== equinox@chaos-at-home.org diff --git a/host_vars/dione.yaml b/host_vars/dione.yaml index b8982921..7b6e8265 100644 --- a/host_vars/dione.yaml +++ b/host_vars/dione.yaml @@ -1,6 +1,8 @@ --- -sshserver_allowusers_host: -- equinox +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" docker_lvm: vg: dione diff --git a/host_vars/helene.yaml b/host_vars/helene.yaml index f9a5a373..8726164e 100644 --- a/host_vars/helene.yaml +++ b/host_vars/helene.yaml @@ -1,6 +1,8 @@ --- -sshserver_allowusers_host: -- equinox +admin_user_host: +- "{{ equinox_user }}" + +sshserver_allowusers_host: "{{ admin_user_host | map(attribute='name') | list }}" docker_lvm: vg: helene diff --git a/playbooks/dione.yaml b/playbooks/dione.yaml index 8598ef06..c159ceb7 100644 --- a/playbooks/dione.yaml +++ b/playbooks/dione.yaml @@ -6,3 +6,4 @@ - role: sshserver - role: zsh - role: kubernetes-base + - role: admin-user diff --git a/playbooks/helene.yaml b/playbooks/helene.yaml index d7a39354..dd014ac8 100644 --- a/playbooks/helene.yaml +++ b/playbooks/helene.yaml @@ -6,3 +6,4 @@ - role: sshserver - role: zsh - role: kubernetes-base + - role: admin-user diff --git a/roles/admin-user/tasks/main.yaml b/roles/admin-user/tasks/main.yaml new file mode 100644 index 00000000..e6fc3572 --- /dev/null +++ b/roles/admin-user/tasks/main.yaml @@ -0,0 +1,17 @@ +--- +- name: install sudo + apt: + name: sudo + state: present + +- name: add admin users + with_items: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" + user: + name: "{{ item.name }}" + state: present + password: "{{ item.password | default(omit) }}" + groups: + - sudo + - adm + append: yes + shell: "{{ item.shell | default(omit) }}" diff --git a/roles/base/tasks/main.yaml b/roles/base/tasks/main.yaml index fa4efc07..dae87269 100644 --- a/roles/base/tasks/main.yaml +++ b/roles/base/tasks/main.yaml @@ -20,7 +20,6 @@ - mtr-tiny - tcpdump - unp - - sudo - haveged - dbus - libpam-systemd diff --git a/roles/zsh/tasks/main.yaml b/roles/zsh/tasks/main.yaml index c1d63b7a..23e8e9f5 100644 --- a/roles/zsh/tasks/main.yaml +++ b/roles/zsh/tasks/main.yaml @@ -20,6 +20,12 @@ shell: /bin/zsh with_items: "{{ [ 'root' ] | union(zsh_loginshell_user | default([])) }}" +- name: make zsh the default shell for useradd + lineinfile: + regexp: '^#?SHELL=' + line: 'SHELL=/bin/zsh' + path: /etc/adduser.conf + - name: make zsh the default shell for adduser lineinfile: regexp: '^#?DSHELL=' |