1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_collection_users.git synced 2024-08-16 10:29:50 +02:00

Update user permissions and improve linting

This commit is contained in:
L3D 2024-02-15 00:25:34 +01:00
parent 685d50b5e4
commit 531d2ed356
No known key found for this signature in database
GPG key ID: AD65B920933B4B20
6 changed files with 53 additions and 5 deletions

View file

@ -24,7 +24,7 @@ The Option of these directory-variables are the following.
| create_home | ``true`` | create a user home *(needed to store ssh keys)* |
| admin | ``false`` | enable it to give the user superpowers |
| admin_commands | string or list | Commands that are allows to be run as admin, eg. 'ALL' or specific script |
| admin_nopassword | true/false | Need no Password for sudo |
| admin_nopassword | false | Need no Password for sudo |
| pubkeys | string or lookup | see examples |
| exklusive_pubkeys | ``true`` | delete all undefined ssh keys |
| password | password hash | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) |

View file

@ -5,13 +5,13 @@ l3d_users__default_users: {}
# state: 'present'
# shell: '/bin/bash'
# create_home: true
# admin: true
# pubkeys: |
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX
# exklusive_pubkeys: true
# password: "$Password_hash"
# admin: true
# admin_commands: 'ALL'
# admin_nopassword: false
# - name: 'bob'

View file

@ -7,7 +7,7 @@
state: 'present'
commands: "{{ item.admin_commands | default('ALL') }}"
nopassword: "{{ item.admin_nopassword | default(false) }}"
loop: "{{ _l3d_users_user__merged_users }}"
loop: "{{ _l3d_users__merged_users }}"
loop_control:
label: "user: ['{{ item.name }}']"
when: item.state | default ('present') == 'present' and item.admin | default(false) | bool
@ -18,7 +18,7 @@
name: "{{ item.name }}-superpowers"
state: 'absent'
user: "{{ item.name }}"
loop: "{{ _l3d_users_user__merged_users }}"
loop: "{{ _l3d_users__merged_users }}"
loop_control:
label: "user: ['{{ item.name }}']"
when: item.state | default ('present') == 'present' and not item.admin | default(false) | bool

View file

@ -0,0 +1,44 @@
---
# Copyright (c) 2021 L3D <l3d@c3woc.de>
# this file is released with the MIT license.
# License: https://github.com/roles-ansible/ansible_role_template/blob/main/LICENSE
- name: Create directory for versionscheck
become: true
ansible.builtin.file:
path: '/etc/.ansible-version'
state: directory
mode: '0755'
when: submodules_versioncheck | bool
- name: Check playbook version
become: true
ansible.builtin.slurp:
src: "/etc/.ansible-version/{{ playbook_version_path }}"
register: playbook_version
when: submodules_versioncheck | bool
failed_when: false
- name: Print remote role version # noqa: H500
ansible.builtin.debug:
msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
when: submodules_versioncheck | bool
- name: Print locale role version # noqa: H500
ansible.builtin.debug:
msg: "Local role version: '{{ playbook_version_number | string }}'."
when: submodules_versioncheck | bool
- name: Check if your version is outdated
ansible.builtin.fail:
msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
when:
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
- name: Write new version to remote disk
become: true
ansible.builtin.copy:
content: "{{ playbook_version_number }}"
dest: "/etc/.ansible-version/{{ playbook_version_path }}"
mode: '0644'
when: submodules_versioncheck | bool
tags: skip_ansible_lint_template-instead-of-copy

View file

@ -22,6 +22,8 @@ The Option of these directory-variables are the following.
| shell | ``/bin/bash`` | The Shell of the User |
| create_home | ``true`` | create a user home *(needed to store ssh keys)* |
| admin | ``false`` | enable it to give the user superpowers |
| admin_commands | string or list | Commands that are allows to be run as admin, eg. 'ALL' or specific script |
| admin_nopassword | false | Need no Password for sudo |
| pubkeys | string or lookup | see examples |
| exklusive_pubkeys | ``true`` | delete all undefined ssh keys |
| password | password hash | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) |

View file

@ -5,13 +5,15 @@ l3d_users__default_users: {}
# state: 'present'
# shell: '/bin/bash'
# create_home: true
# admin: true
# pubkeys: |
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX
# exklusive_pubkeys: true
# password: "$Password_hash"
# admin: true
# admin_commands: 'ALL'
# admin_nopassword: false
# - name: 'bob'
# state: 'present'
# shell: '/bin/zsh'