1
0
Fork 0
mirror of https://github.com/roles-ansible/ansible_collection_users.git synced 2024-08-16 10:29:50 +02:00

Create and delete users and pubkeys

+ create users and groups
+ delete them too
+ add ssh keys
This commit is contained in:
L3D 2024-02-14 03:16:24 +01:00
parent e1cdffd631
commit 6c5b794e41
No known key found for this signature in database
GPG key ID: AD65B920933B4B20
6 changed files with 107 additions and 5 deletions

View file

@ -1,5 +1,31 @@
---
# Create ansible user
# create users
l3d_users__default_users: {}
# - name: 'alice'
# state: 'present'
# shell: '/bin/bash'
# create_home: true
# admin: true
# pubkeys: |
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX
# exklusive_pubkeys: true
# password: "$Password_hash"
# - name: 'bob'
# state: 'present'
# shell: '/bin/zsh'
# admin: false
# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
# exklusive_pubkeys: false
l3d_users__local_users: {}
# - name: 'charlie'
# state: 'present'
# admin: false
# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
# Create ansible mamagement user
l3d_users_user__create_ansible: true
l3d_users_user__ansible_user_state: 'present'
l3d_users_user__set_ansible_ssh_keys: false

View file

@ -4,7 +4,20 @@
file: 'versioncheck.yml'
when: submodules_versioncheck | bool
- name: Merge default and locale Users
ansible.builtin.set_fact:
_l3d_users_user__merged_users: "{{ l3d_users__default_users + l3d_users__local_users }}"
- name: Create ansible user with superuser permissions
ansible.builtin.include_tasks:
file: 'user_ansible.yml'
when: l3d_users_user__create_ansible | bool
- name: Create Groups and Users
ansible.builtin.include_tasks:
file: 'users.yml'
- name: Manage SSH public keys
ansible.builtin.include_tasks:
file: 'pubkeys.yml'

View file

@ -0,0 +1,12 @@
---
- name: Set SSH Public Keys for Users
become: true
ansible.posix.authorized_key:
user: "{{ item.name }}"
state: 'present'
key: "{{ item.pubkeys | default() }}"
exclusive: true
loop: "{{ _l3d_users_user__merged_users }}"
loop_control:
label: "user: ['{{ item.name }}']"
when: item.state | default ('present') == 'present'

View file

@ -26,6 +26,11 @@
- name: Add admin keys to user ansible
become: true
ansible.builtin.debug:
msg: "tbd."
when: l3d_users_user__set_ansible_ssh_keys
ansible.posix.authorized_key:
user: 'ansible'
state: "{{ l3d_users_user__ansible_user_state | ternary('present', 'absent') }}"
key: "{{ item.pubkeys | default () }}"
loop: "{{ _l3d_users_user__merged_users }}"
when: item.admin | default(false) | bool
loop_control:
label: "user: ['{{ item.name }}']"

View file

@ -0,0 +1,46 @@
---
- name: Create Groups for Users
become: true
ansible.builtin.group:
name: "{{ item.name }}"
state: 'present'
loop: "{{ _l3d_users_user__merged_users }}"
loop_control:
label: "user: ['{{ item.name }}']"
when: item.state | default ('present') == 'present'
- name: Create Accounts for Users
become: true
ansible.builtin.user:
name: "{{ item.name }}"
group: "{{ item.name }}"
state: 'present'
create_home: "{{ item.create_home | default(true) }}"
comment: "User created by ansible"
shell: "{{ item.shell | default('/bin/bash') }}"
password: "{{ item.password | default() }}"
loop: "{{ _l3d_users_user__merged_users }}"
loop_control:
label: "user: ['{{ item.name }}']"
when: item.state | default ('present') == 'present'
- name: Remove Accounts for Users
become: true
ansible.builtin.user:
name: "{{ item.name }}"
state: 'absent'
remove: "{{ item.remove | default(false) }}"
loop: "{{ _l3d_users_user__merged_users }}"
loop_control:
label: "user: ['{{ item.name }}']"
when: item.state | default ('present') == 'absent' and item.remove | default(false) | bool
- name: Remove Groups for Users
become: true
ansible.builtin.group:
name: "{{ item.name }}"
state: 'absent'
loop: "{{ _l3d_users_user__merged_users }}"
loop_control:
label: "user: ['{{ item.name }}']"
when: item.state | default ('present') == 'absent' and item.remove | default(false) | bool

View file

@ -1,3 +1,3 @@
---
playbook_version_number: 3
playbook_version_number: 4
playbook_version_path: 'l3d.users.user.version'