diff --git a/roles/user/defaults/main.yml b/roles/user/defaults/main.yml index 9844e86..df80f77 100644 --- a/roles/user/defaults/main.yml +++ b/roles/user/defaults/main.yml @@ -1,5 +1,31 @@ --- -# Create ansible user +# create users +l3d_users__default_users: {} +# - name: 'alice' +# state: 'present' +# shell: '/bin/bash' +# create_home: true +# admin: true +# pubkeys: | +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvvXN33GwkTF4ZOwPgF21Un4R2z9hWUuQt1qIfzQyhC +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAG65EdcM+JLv0gnzT9LcqVU47Pkw0SqiIg7XipXENi8 +# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJz7zEvUVgJJJsIgfG3izsqYcM22IaKz4jGVUbNRL2PX +# exklusive_pubkeys: true +# password: "$Password_hash" +# - name: 'bob' +# state: 'present' +# shell: '/bin/zsh' +# admin: false +# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" +# exklusive_pubkeys: false + +l3d_users__local_users: {} +# - name: 'charlie' +# state: 'present' +# admin: false +# pubkeys: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}" + +# Create ansible mamagement user l3d_users_user__create_ansible: true l3d_users_user__ansible_user_state: 'present' l3d_users_user__set_ansible_ssh_keys: false diff --git a/roles/user/tasks/main.yml b/roles/user/tasks/main.yml index 7ba7d7f..8a6921e 100644 --- a/roles/user/tasks/main.yml +++ b/roles/user/tasks/main.yml @@ -4,7 +4,20 @@ file: 'versioncheck.yml' when: submodules_versioncheck | bool +- name: Merge default and locale Users + ansible.builtin.set_fact: + _l3d_users_user__merged_users: "{{ l3d_users__default_users + l3d_users__local_users }}" + + - name: Create ansible user with superuser permissions ansible.builtin.include_tasks: file: 'user_ansible.yml' when: l3d_users_user__create_ansible | bool + +- name: Create Groups and Users + ansible.builtin.include_tasks: + file: 'users.yml' + +- name: Manage SSH public keys + ansible.builtin.include_tasks: + file: 'pubkeys.yml' diff --git a/roles/user/tasks/pubkeys.yml b/roles/user/tasks/pubkeys.yml new file mode 100644 index 0000000..29667ec --- /dev/null +++ b/roles/user/tasks/pubkeys.yml @@ -0,0 +1,12 @@ +--- +- name: Set SSH Public Keys for Users + become: true + ansible.posix.authorized_key: + user: "{{ item.name }}" + state: 'present' + key: "{{ item.pubkeys | default() }}" + exclusive: true + loop: "{{ _l3d_users_user__merged_users }}" + loop_control: + label: "user: ['{{ item.name }}']" + when: item.state | default ('present') == 'present' diff --git a/roles/user/tasks/user_ansible.yml b/roles/user/tasks/user_ansible.yml index e7257e5..5044863 100644 --- a/roles/user/tasks/user_ansible.yml +++ b/roles/user/tasks/user_ansible.yml @@ -26,6 +26,11 @@ - name: Add admin keys to user ansible become: true - ansible.builtin.debug: - msg: "tbd." - when: l3d_users_user__set_ansible_ssh_keys + ansible.posix.authorized_key: + user: 'ansible' + state: "{{ l3d_users_user__ansible_user_state | ternary('present', 'absent') }}" + key: "{{ item.pubkeys | default () }}" + loop: "{{ _l3d_users_user__merged_users }}" + when: item.admin | default(false) | bool + loop_control: + label: "user: ['{{ item.name }}']" diff --git a/roles/user/tasks/users.yml b/roles/user/tasks/users.yml new file mode 100644 index 0000000..710eac4 --- /dev/null +++ b/roles/user/tasks/users.yml @@ -0,0 +1,46 @@ +--- +- name: Create Groups for Users + become: true + ansible.builtin.group: + name: "{{ item.name }}" + state: 'present' + loop: "{{ _l3d_users_user__merged_users }}" + loop_control: + label: "user: ['{{ item.name }}']" + when: item.state | default ('present') == 'present' + +- name: Create Accounts for Users + become: true + ansible.builtin.user: + name: "{{ item.name }}" + group: "{{ item.name }}" + state: 'present' + create_home: "{{ item.create_home | default(true) }}" + comment: "User created by ansible" + shell: "{{ item.shell | default('/bin/bash') }}" + password: "{{ item.password | default() }}" + loop: "{{ _l3d_users_user__merged_users }}" + loop_control: + label: "user: ['{{ item.name }}']" + when: item.state | default ('present') == 'present' + +- name: Remove Accounts for Users + become: true + ansible.builtin.user: + name: "{{ item.name }}" + state: 'absent' + remove: "{{ item.remove | default(false) }}" + loop: "{{ _l3d_users_user__merged_users }}" + loop_control: + label: "user: ['{{ item.name }}']" + when: item.state | default ('present') == 'absent' and item.remove | default(false) | bool + +- name: Remove Groups for Users + become: true + ansible.builtin.group: + name: "{{ item.name }}" + state: 'absent' + loop: "{{ _l3d_users_user__merged_users }}" + loop_control: + label: "user: ['{{ item.name }}']" + when: item.state | default ('present') == 'absent' and item.remove | default(false) | bool diff --git a/roles/user/vars/main.yml b/roles/user/vars/main.yml index c7bdee8..c48bd4d 100644 --- a/roles/user/vars/main.yml +++ b/roles/user/vars/main.yml @@ -1,3 +1,3 @@ --- -playbook_version_number: 3 +playbook_version_number: 4 playbook_version_path: 'l3d.users.user.version'