diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2024-04-22 19:53:43 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2024-04-22 19:53:43 +0200 |
| commit | c17fccec08689065c8f4f902544e984521c7437b (patch) | |
| tree | 762e7e346682fefa054e69391bdb85ba6f8f76b0 /roles | |
| parent | ch-apps: upgrade whawty-auth to latest release (diff) | |
revamp: user/group handling
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/core/groups/tasks/main.yml | 26 | ||||
| -rw-r--r-- | roles/core/groups/vars/main.yml | 3 | ||||
| -rw-r--r-- | roles/core/users/tasks/Debian.yml (renamed from roles/core/admin-users/tasks/Debian.yml) | 1 | ||||
| -rw-r--r-- | roles/core/users/tasks/OpenBSD.yml (renamed from roles/core/admin-users/tasks/OpenBSD.yml) | 2 | ||||
| -rw-r--r-- | roles/core/users/tasks/main.yml (renamed from roles/core/admin-users/tasks/main.yml) | 15 | ||||
| -rw-r--r-- | roles/core/users/vars/Debian.yml (renamed from roles/core/admin-users/vars/Debian.yml) | 0 | ||||
| -rw-r--r-- | roles/core/users/vars/OpenBSD.yml (renamed from roles/core/admin-users/vars/OpenBSD.yml) | 0 | ||||
| -rw-r--r-- | roles/core/users/vars/main.yml | 3 |
8 files changed, 47 insertions, 3 deletions
diff --git a/roles/core/groups/tasks/main.yml b/roles/core/groups/tasks/main.yml new file mode 100644 index 00000000..aa19aabc --- /dev/null +++ b/roles/core/groups/tasks/main.yml @@ -0,0 +1,26 @@ +--- +- name: add system groups + loop: "{{ system_groups | list }}" + group: + name: "{{ item }}" + state: present + system: yes + +- name: add normal groups + loop: "{{ normal_groups | list }}" + group: + name: "{{ item }}" + state: present + + ## TODO: until something like this https://github.com/ansible/ansible/issues/11024 lands + ## we will do this the quick and dirty way + +- name: set group members the hacky way + loop: "{{ normal_groups | combine(system_groups) | dict2items }}" + loop_control: + label: "{{ item.key }}" + lineinfile: + path: /etc/group + regexp: '^{{ item.key }}:(.*):[^:]*$' + backrefs: yes + line: '{{ item.key }}:\1:{{ item.value | sort | join(",") }}' diff --git a/roles/core/groups/vars/main.yml b/roles/core/groups/vars/main.yml new file mode 100644 index 00000000..e09ecea3 --- /dev/null +++ b/roles/core/groups/vars/main.yml @@ -0,0 +1,3 @@ +--- +normal_groups: "{{ normal_groups_group | combine(normal_groups_host) }}" +system_groups: "{{ system_groups_group | combine(system_groups_host) }}" diff --git a/roles/core/admin-users/tasks/Debian.yml b/roles/core/users/tasks/Debian.yml index 6d8d6f95..a4827df9 100644 --- a/roles/core/admin-users/tasks/Debian.yml +++ b/roles/core/users/tasks/Debian.yml @@ -1,5 +1,6 @@ --- - name: install sudo + when: (admin_users | length) > 0 apt: name: sudo state: present diff --git a/roles/core/admin-users/tasks/OpenBSD.yml b/roles/core/users/tasks/OpenBSD.yml index 1a04a3d3..d04d3d7a 100644 --- a/roles/core/admin-users/tasks/OpenBSD.yml +++ b/roles/core/users/tasks/OpenBSD.yml @@ -1,10 +1,12 @@ --- - name: install sudo + when: (admin_users | length) > 0 openbsd_pkg: name: sudo-- state: present - name: allow wheel group to use sudo + when: (admin_users | length) > 0 lineinfile: regexp: '^#?\s*%wheel(\s+)ALL=\(ALL\) SETENV: ALL$' line: '%wheel\1ALL=(ALL) SETENV: ALL' diff --git a/roles/core/admin-users/tasks/main.yml b/roles/core/users/tasks/main.yml index a5b1c7bd..43fe92f4 100644 --- a/roles/core/admin-users/tasks/main.yml +++ b/roles/core/users/tasks/main.yml @@ -19,8 +19,16 @@ loop_var: tasks_file include_tasks: "{{ tasks_file }}" +- name: add normal users + loop: "{{ normal_users | difference(admin_users) }}" + user: + name: "{{ item }}" + state: present + password: "{{ hostvars[inventory_hostname]['vault_user_password_'+item] }}" ## TODO: find nicer way to do this + shell: "{{ users[item].shell | default(admin_users_default_shell) }}" + - name: add admin users - loop: "{{ admin_users_group | union(admin_users_host) }}" + loop: "{{ admin_users }}" user: name: "{{ item }}" state: present @@ -29,8 +37,9 @@ append: yes shell: "{{ users[item].shell | default(admin_users_default_shell) }}" -- name: install ssh keys for admin users - loop: "{{ admin_users_group | union(admin_users_host) }}" +- name: install ssh keys for users + loop: "{{ normal_users | union(admin_users) }}" + when: "'ssh' in users[item]" authorized_key: user: "{{ item }}" key: "{{ users[item].ssh | join('\n') }}" diff --git a/roles/core/admin-users/vars/Debian.yml b/roles/core/users/vars/Debian.yml index af8d20ca..af8d20ca 100644 --- a/roles/core/admin-users/vars/Debian.yml +++ b/roles/core/users/vars/Debian.yml diff --git a/roles/core/admin-users/vars/OpenBSD.yml b/roles/core/users/vars/OpenBSD.yml index a1d958d6..a1d958d6 100644 --- a/roles/core/admin-users/vars/OpenBSD.yml +++ b/roles/core/users/vars/OpenBSD.yml diff --git a/roles/core/users/vars/main.yml b/roles/core/users/vars/main.yml new file mode 100644 index 00000000..7d34279b --- /dev/null +++ b/roles/core/users/vars/main.yml @@ -0,0 +1,3 @@ +--- +normal_users: "{{ normal_users_group | union(normal_users_host) }}" +admin_users: "{{ admin_users_group | union(admin_users_host) }}" |