From 508602b0426bdf1412bd6fb3350fece0cae2e7c8 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Mon, 1 Jun 2020 06:41:24 +0200 Subject: port admin-users role to openbsd and move to core --- roles/admin-user/tasks/main.yml | 28 ------------------- roles/core/admin-users/tasks/Debian.yml | 5 ++++ roles/core/admin-users/tasks/OpenBSD.yml | 12 +++++++++ roles/core/admin-users/tasks/main.yml | 37 ++++++++++++++++++++++++++ roles/core/admin-users/vars/Debian.yml | 5 ++++ roles/core/admin-users/vars/OpenBSD.yml | 4 +++ roles/kubernetes/kubeadm/master/tasks/main.yml | 2 +- 7 files changed, 64 insertions(+), 29 deletions(-) delete mode 100644 roles/admin-user/tasks/main.yml create mode 100644 roles/core/admin-users/tasks/Debian.yml create mode 100644 roles/core/admin-users/tasks/OpenBSD.yml create mode 100644 roles/core/admin-users/tasks/main.yml create mode 100644 roles/core/admin-users/vars/Debian.yml create mode 100644 roles/core/admin-users/vars/OpenBSD.yml (limited to 'roles') diff --git a/roles/admin-user/tasks/main.yml b/roles/admin-user/tasks/main.yml deleted file mode 100644 index 53eea376..00000000 --- a/roles/admin-user/tasks/main.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -- name: install sudo - apt: - name: sudo - state: present - -- name: add admin users - loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" - loop_control: - label: "{{ item.name }}" - user: - name: "{{ item.name }}" - state: present - password: "{{ item.password }}" - groups: - - sudo - - adm - append: yes - shell: "{{ item.shell | default(omit) }}" - -- name: install ssh keys for admin users - loop: "{{ admin_user_group | default([]) | union(admin_user_host | default([])) }}" - loop_control: - label: "{{ item.name }}" - authorized_key: - user: "{{ item.name }}" - key: "{{ item.ssh_keys | join('\n') }}" - exclusive: yes diff --git a/roles/core/admin-users/tasks/Debian.yml b/roles/core/admin-users/tasks/Debian.yml new file mode 100644 index 00000000..6d8d6f95 --- /dev/null +++ b/roles/core/admin-users/tasks/Debian.yml @@ -0,0 +1,5 @@ +--- +- name: install sudo + apt: + name: sudo + state: present diff --git a/roles/core/admin-users/tasks/OpenBSD.yml b/roles/core/admin-users/tasks/OpenBSD.yml new file mode 100644 index 00000000..1a04a3d3 --- /dev/null +++ b/roles/core/admin-users/tasks/OpenBSD.yml @@ -0,0 +1,12 @@ +--- +- name: install sudo + openbsd_pkg: + name: sudo-- + state: present + +- name: allow wheel group to use sudo + lineinfile: + regexp: '^#?\s*%wheel(\s+)ALL=\(ALL\) SETENV: ALL$' + line: '%wheel\1ALL=(ALL) SETENV: ALL' + backrefs: yes + dest: /etc/sudoers diff --git a/roles/core/admin-users/tasks/main.yml b/roles/core/admin-users/tasks/main.yml new file mode 100644 index 00000000..c8a4c756 --- /dev/null +++ b/roles/core/admin-users/tasks/main.yml @@ -0,0 +1,37 @@ +--- +- name: load os/distrubtion/version specific variables + include_vars: "{{ item }}" + with_first_found: + - files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + +- name: load os/distrubtion/version specific tasks + vars: + params: + files: + - "{{ ansible_distribution_release }}.yml" + - "{{ ansible_distribution }}.yml" + - "{{ ansible_os_family }}.yml" + loop: "{{ q('first_found', params) }}" + loop_control: + loop_var: tasks_file + include_tasks: "{{ tasks_file }}" + +- name: add admin users + loop: "{{ admin_users_group | union(admin_users_host) }}" + user: + name: "{{ item }}" + state: present + password: "{{ user_passwords[item] }}" + groups: "{{ admin_users_groups }}" + append: yes + shell: "{{ users[item].shell | default(admin_users_default_shell) }}" + +- name: install ssh keys for admin users + loop: "{{ admin_users_group | union(admin_users_host) }}" + authorized_key: + user: "{{ item }}" + key: "{{ users[item].ssh | join('\n') }}" + exclusive: yes diff --git a/roles/core/admin-users/vars/Debian.yml b/roles/core/admin-users/vars/Debian.yml new file mode 100644 index 00000000..af8d20ca --- /dev/null +++ b/roles/core/admin-users/vars/Debian.yml @@ -0,0 +1,5 @@ +--- +admin_users_default_shell: /bin/zsh +admin_users_groups: + - sudo + - adm diff --git a/roles/core/admin-users/vars/OpenBSD.yml b/roles/core/admin-users/vars/OpenBSD.yml new file mode 100644 index 00000000..a1d958d6 --- /dev/null +++ b/roles/core/admin-users/vars/OpenBSD.yml @@ -0,0 +1,4 @@ +--- +admin_users_default_shell: /usr/local/bin/zsh +admin_users_groups: + - wheel diff --git a/roles/kubernetes/kubeadm/master/tasks/main.yml b/roles/kubernetes/kubeadm/master/tasks/main.yml index bc238c0a..19037adc 100644 --- a/roles/kubernetes/kubeadm/master/tasks/main.yml +++ b/roles/kubernetes/kubeadm/master/tasks/main.yml @@ -52,7 +52,7 @@ state: link - name: add kubectl completion config for shells - with_items: + loop: - zsh - bash blockinfile: -- cgit v1.2.3