port admin-users role to openbsd and move to core

author: Christian Pointner <equinox@spreadspace.org> 2020-06-01 06:41:24 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2020-06-01 06:41:24 +0200
commit: 508602b0426bdf1412bd6fb3350fece0cae2e7c8 (patch)
tree: 10a85d780359d65e67ed3ab45004b808f10cb63c /roles
parent: major refactoring of users database (diff)
7 files changed, 64 insertions, 29 deletions
diff --git a/roles/admin-user/tasks/main.yml b/roles/admin-user/tasks/main.yml
deleted file mode 100644
index 53eea376..00000000
--- a/roles/admin-user/tasks/main.yml
+++ /dev/null
@@ -1,28 +0,0 @@
----
-- name: install sudo
-  apt:
-    name: sudo
-    state: present
-
-- name: add admin users
-  loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}"
-  loop_control:
-    label: "{{ item.name }}"
-  user:
-    name: "{{ item.name }}"
-    state: present
-    password: "{{ item.password }}"
-    groups:
-    - sudo
-    - adm
-    append: yes
-    shell: "{{ item.shell | default(omit) }}"
-
-- name: install ssh keys for admin users
-  loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}"
-  loop_control:
-    label: "{{ item.name }}"
-  authorized_key:
-    user: "{{ item.name }}"
-    key: "{{ item.ssh_keys | join('\n') }}"
-    exclusive: yes
diff --git a/roles/core/admin-users/tasks/Debian.yml b/roles/core/admin-users/tasks/Debian.yml
new file mode 100644
index 00000000..6d8d6f95
--- /dev/null
+++ b/roles/core/admin-users/tasks/Debian.yml
@@ -0,0 +1,5 @@
+---
+- name: install sudo
+  apt:
+    name: sudo
+    state: present
diff --git a/roles/core/admin-users/tasks/OpenBSD.yml b/roles/core/admin-users/tasks/OpenBSD.yml
new file mode 100644
index 00000000..1a04a3d3
--- /dev/null
+++ b/roles/core/admin-users/tasks/OpenBSD.yml
@@ -0,0 +1,12 @@
+---
+- name: install sudo
+  openbsd_pkg:
+    name: sudo--
+    state: present
+
+- name: allow wheel group to use sudo
+  lineinfile:
+    regexp: '^#?\s*%wheel(\s+)ALL=\(ALL\) SETENV: ALL$'
+    line: '%wheel\1ALL=(ALL) SETENV: ALL'
+    backrefs: yes
+    dest: /etc/sudoers
diff --git a/roles/core/admin-users/tasks/main.yml b/roles/core/admin-users/tasks/main.yml
new file mode 100644
index 00000000..c8a4c756
--- /dev/null
+++ b/roles/core/admin-users/tasks/main.yml
@@ -0,0 +1,37 @@
+---
+- name: load os/distrubtion/version specific variables
+  include_vars: "{{ item }}"
+  with_first_found:
+    - files:
+        - "{{ ansible_distribution_release }}.yml"
+        - "{{ ansible_distribution }}.yml"
+        - "{{ ansible_os_family }}.yml"
+
+- name: load os/distrubtion/version specific tasks
+  vars:
+    params:
+      files:
+      - "{{ ansible_distribution_release }}.yml"
+      - "{{ ansible_distribution }}.yml"
+      - "{{ ansible_os_family }}.yml"
+  loop: "{{ q('first_found', params) }}"
+  loop_control:
+    loop_var: tasks_file
+  include_tasks: "{{ tasks_file }}"
+
+- name: add admin users
+  loop: "{{ admin_users_group | union(admin_users_host) }}"
+  user:
+    name: "{{ item }}"
+    state: present
+    password: "{{ user_passwords[item] }}"
+    groups: "{{ admin_users_groups }}"
+    append: yes
+    shell: "{{ users[item].shell | default(admin_users_default_shell) }}"
+
+- name: install ssh keys for admin users
+  loop: "{{ admin_users_group | union(admin_users_host) }}"
+  authorized_key:
+    user: "{{ item }}"
+    key: "{{ users[item].ssh | join('\n') }}"
+    exclusive: yes
diff --git a/roles/core/admin-users/vars/Debian.yml b/roles/core/admin-users/vars/Debian.yml
new file mode 100644
index 00000000..af8d20ca
--- /dev/null
+++ b/roles/core/admin-users/vars/Debian.yml
@@ -0,0 +1,5 @@
+---
+admin_users_default_shell: /bin/zsh
+admin_users_groups:
+  - sudo
+  - adm
diff --git a/roles/core/admin-users/vars/OpenBSD.yml b/roles/core/admin-users/vars/OpenBSD.yml
new file mode 100644
index 00000000..a1d958d6
--- /dev/null
+++ b/roles/core/admin-users/vars/OpenBSD.yml
@@ -0,0 +1,4 @@
+---
+admin_users_default_shell: /usr/local/bin/zsh
+admin_users_groups:
+  - wheel
diff --git a/roles/kubernetes/kubeadm/master/tasks/main.yml b/roles/kubernetes/kubeadm/master/tasks/main.yml
index bc238c0a..19037adc 100644
--- a/roles/kubernetes/kubeadm/master/tasks/main.yml
+++ b/roles/kubernetes/kubeadm/master/tasks/main.yml
@@ -52,7 +52,7 @@
     state: link
 
 - name: add kubectl completion config for shells
-  with_items:
+  loop:
     - zsh
     - bash
   blockinfile:
author	Christian Pointner <equinox@spreadspace.org>	2020-06-01 06:41:24 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2020-06-01 06:41:24 +0200
commit	508602b0426bdf1412bd6fb3350fece0cae2e7c8 (patch)
tree	10a85d780359d65e67ed3ab45004b808f10cb63c /roles
parent	major refactoring of users database (diff)