mirror of
https://github.com/roles-ansible/ansible_collection_users.git
synced 2024-08-16 10:29:50 +02:00
Update user permissions and improve linting
This commit is contained in:
parent
685d50b5e4
commit
531d2ed356
6 changed files with 53 additions and 5 deletions
|
@ -24,7 +24,7 @@ The Option of these directory-variables are the following.
|
|||
| create_home | ``true`` | create a user home *(needed to store ssh keys)* |
|
||||
| admin | ``false`` | enable it to give the user superpowers |
|
||||
| admin_commands | string or list | Commands that are allows to be run as admin, eg. 'ALL' or specific script |
|
||||
| admin_nopassword | true/false | Need no Password for sudo |
|
||||
| admin_nopassword | false | Need no Password for sudo |
|
||||
| pubkeys | string or lookup | see examples |
|
||||
| exklusive_pubkeys | ``true`` | delete all undefined ssh keys |
|
||||
| password | password hash | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) |
|
||||
|
|
|
@ -5,13 +5,13 @@ l3d_users__default_users: {}
|
|||
# state: 'present'
|
||||
# shell: '/bin/bash'
|
||||
# create_home: true
|
||||
# admin: true
|
||||
# pubkeys: |
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX
|
||||
# exklusive_pubkeys: true
|
||||
# password: "$Password_hash"
|
||||
# admin: true
|
||||
# admin_commands: 'ALL'
|
||||
# admin_nopassword: false
|
||||
# - name: 'bob'
|
||||
|
|
|
@ -7,7 +7,7 @@
|
|||
state: 'present'
|
||||
commands: "{{ item.admin_commands | default('ALL') }}"
|
||||
nopassword: "{{ item.admin_nopassword | default(false) }}"
|
||||
loop: "{{ _l3d_users_user__merged_users }}"
|
||||
loop: "{{ _l3d_users__merged_users }}"
|
||||
loop_control:
|
||||
label: "user: ['{{ item.name }}']"
|
||||
when: item.state | default ('present') == 'present' and item.admin | default(false) | bool
|
||||
|
@ -18,7 +18,7 @@
|
|||
name: "{{ item.name }}-superpowers"
|
||||
state: 'absent'
|
||||
user: "{{ item.name }}"
|
||||
loop: "{{ _l3d_users_user__merged_users }}"
|
||||
loop: "{{ _l3d_users__merged_users }}"
|
||||
loop_control:
|
||||
label: "user: ['{{ item.name }}']"
|
||||
when: item.state | default ('present') == 'present' and not item.admin | default(false) | bool
|
||||
|
|
44
roles/admin/tasks/versioncheck.yml
Normal file
44
roles/admin/tasks/versioncheck.yml
Normal file
|
@ -0,0 +1,44 @@
|
|||
---
|
||||
# Copyright (c) 2021 L3D <l3d@c3woc.de>
|
||||
# this file is released with the MIT license.
|
||||
# License: https://github.com/roles-ansible/ansible_role_template/blob/main/LICENSE
|
||||
- name: Create directory for versionscheck
|
||||
become: true
|
||||
ansible.builtin.file:
|
||||
path: '/etc/.ansible-version'
|
||||
state: directory
|
||||
mode: '0755'
|
||||
when: submodules_versioncheck | bool
|
||||
|
||||
- name: Check playbook version
|
||||
become: true
|
||||
ansible.builtin.slurp:
|
||||
src: "/etc/.ansible-version/{{ playbook_version_path }}"
|
||||
register: playbook_version
|
||||
when: submodules_versioncheck | bool
|
||||
failed_when: false
|
||||
|
||||
- name: Print remote role version # noqa: H500
|
||||
ansible.builtin.debug:
|
||||
msg: "Remote role version: {{ playbook_version.content | default('Y3VycmVudGx5IG5vdCBkZXBsb3llZAo=') | b64decode | string }}"
|
||||
when: submodules_versioncheck | bool
|
||||
|
||||
- name: Print locale role version # noqa: H500
|
||||
ansible.builtin.debug:
|
||||
msg: "Local role version: '{{ playbook_version_number | string }}'."
|
||||
when: submodules_versioncheck | bool
|
||||
|
||||
- name: Check if your version is outdated
|
||||
ansible.builtin.fail:
|
||||
msg: "Your ansible module has the version '{{ playbook_version_number }}' and is outdated. You need to update it!"
|
||||
when:
|
||||
- playbook_version.content|default("Mgo=")|b64decode|int - 1 >= playbook_version_number|int and submodules_versioncheck | bool
|
||||
|
||||
- name: Write new version to remote disk
|
||||
become: true
|
||||
ansible.builtin.copy:
|
||||
content: "{{ playbook_version_number }}"
|
||||
dest: "/etc/.ansible-version/{{ playbook_version_path }}"
|
||||
mode: '0644'
|
||||
when: submodules_versioncheck | bool
|
||||
tags: skip_ansible_lint_template-instead-of-copy
|
|
@ -22,6 +22,8 @@ The Option of these directory-variables are the following.
|
|||
| shell | ``/bin/bash`` | The Shell of the User |
|
||||
| create_home | ``true`` | create a user home *(needed to store ssh keys)* |
|
||||
| admin | ``false`` | enable it to give the user superpowers |
|
||||
| admin_commands | string or list | Commands that are allows to be run as admin, eg. 'ALL' or specific script |
|
||||
| admin_nopassword | false | Need no Password for sudo |
|
||||
| pubkeys | string or lookup | see examples |
|
||||
| exklusive_pubkeys | ``true`` | delete all undefined ssh keys |
|
||||
| password | password hash | See [official FAQ](https://docs.ansible.com/ansible/latest/reference_appendices/faq.html#how-do-i-generate-encrypted-passwords-for-the-user-module) |
|
||||
|
|
|
@ -5,13 +5,15 @@ l3d_users__default_users: {}
|
|||
# state: 'present'
|
||||
# shell: '/bin/bash'
|
||||
# create_home: true
|
||||
# admin: true
|
||||
# pubkeys: |
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX
|
||||
# exklusive_pubkeys: true
|
||||
# password: "$Password_hash"
|
||||
# admin: true
|
||||
# admin_commands: 'ALL'
|
||||
# admin_nopassword: false
|
||||
# - name: 'bob'
|
||||
# state: 'present'
|
||||
# shell: '/bin/zsh'
|
||||
|
|
Loading…
Reference in a new issue