diff options
author | Christian Pointner <equinox@spreadspace.org> | 2024-04-22 19:53:43 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2024-04-22 19:53:43 +0200 |
commit | c17fccec08689065c8f4f902544e984521c7437b (patch) | |
tree | 762e7e346682fefa054e69391bdb85ba6f8f76b0 /roles/core/users/tasks | |
parent | ch-apps: upgrade whawty-auth to latest release (diff) |
revamp: user/group handling
Diffstat (limited to 'roles/core/users/tasks')
-rw-r--r-- | roles/core/users/tasks/Debian.yml | 6 | ||||
-rw-r--r-- | roles/core/users/tasks/OpenBSD.yml | 14 | ||||
-rw-r--r-- | roles/core/users/tasks/main.yml | 46 |
3 files changed, 66 insertions, 0 deletions
diff --git a/roles/core/users/tasks/Debian.yml b/roles/core/users/tasks/Debian.yml new file mode 100644 index 00000000..a4827df9 --- /dev/null +++ b/roles/core/users/tasks/Debian.yml @@ -0,0 +1,6 @@ +--- +- name: install sudo + when: (admin_users | length) > 0 + apt: + name: sudo + state: present diff --git a/roles/core/users/tasks/OpenBSD.yml b/roles/core/users/tasks/OpenBSD.yml new file mode 100644 index 00000000..d04d3d7a --- /dev/null +++ b/roles/core/users/tasks/OpenBSD.yml @@ -0,0 +1,14 @@ +--- +- name: install sudo + when: (admin_users | length) > 0 + openbsd_pkg: + name: sudo-- + state: present + +- name: allow wheel group to use sudo + when: (admin_users | length) > 0 + lineinfile: + regexp: '^#?\s*%wheel(\s+)ALL=\(ALL\) SETENV: ALL$' + line: '%wheel\1ALL=(ALL) SETENV: ALL' + backrefs: yes + dest: /etc/sudoers diff --git a/roles/core/users/tasks/main.yml b/roles/core/users/tasks/main.yml new file mode 100644 index 00000000..43fe92f4 --- /dev/null +++ b/roles/core/users/tasks/main.yml @@ -0,0 +1,46 @@ +--- +- name: load os/distrubtion/version specific variables + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + +- name: load os/distrubtion/version specific tasks + vars: + params: + files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + loop: "{{ q('first_found', params) }}" + loop_control: + loop_var: tasks_file + include_tasks: "{{ tasks_file }}" + +- name: add normal users + loop: "{{ normal_users | difference(admin_users) }}" + user: + name: "{{ item }}" + state: present + password: "{{ hostvars[inventory_hostname]['vault_user_password_'+item] }}" ## TODO: find nicer way to do this + shell: "{{ users[item].shell | default(admin_users_default_shell) }}" + +- name: add admin users + loop: "{{ admin_users }}" + user: + name: "{{ item }}" + state: present + password: "{{ hostvars[inventory_hostname]['vault_user_password_'+item] }}" ## TODO: find nicer way to do this + groups: "{{ admin_users_groups }}" + append: yes + shell: "{{ users[item].shell | default(admin_users_default_shell) }}" + +- name: install ssh keys for users + loop: "{{ normal_users | union(admin_users) }}" + when: "'ssh' in users[item]" + authorized_key: + user: "{{ item }}" + key: "{{ users[item].ssh | join('\n') }}" + exclusive: yes |