create first steps for an ansible user

2024-08-16 10:29:50 +02:00 · 2024-02-13 20:17:35 +01:00 · 2024-02-13 20:17:35 +01:00 · 7e15495a3b
commit 7e15495a3b
parent 7a89467f51
4 changed files with 40 additions and 2 deletions
--- a/galaxy.yml
+++ b/galaxy.yml
@ -43,7 +43,8 @@ tags:
 # L(specifiers,https://python-semanticversion.readthedocs.io/en/latest/#requirement-specification). Multiple version
 # range specifiers can be set and are separated by ','
 dependencies:
-  "community.general": ">=7.5.0"
+  "community.general": ">=8.3.0"
+  "ansible.posix": ">=1.5.4"

 # The URL of the originating SCM repository
 repository: https://github.com/roles-ansible/ansible_collection_users.git
--- a/roles/user/defaults/main.yml
+++ b/roles/user/defaults/main.yml
@ -1,3 +1,7 @@
 ---
+# Create ansible user
+l3d_users_user__create_ansible: true
+l3d_users_user__ansible_user_state: 'present' | tenary absent, present
+
 # run simple versionscheck
 submodules_versioncheck: false
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@ -2,5 +2,9 @@
 - name: Perform optional versionscheck
  ansible.builtin.include_tasks:
    file: 'versioncheck.yml'
-  when: submodules_versioncheck|bool
+  when: submodules_versioncheck | bool

+- name: Create ansible user with superuser permissions
+  ansible.builtin.include_tasks:
+    file: 'user_ansible.yml'
+  when: l3d_users_user__create_ansible | bool
--- a/roles/user/tasks/user_ansible.yml
+++ b/roles/user/tasks/user_ansible.yml
@ -0,0 +1,29 @@
+---
+- name: Create group ansible
+  become: true
+  ansible.builtin.group:
+    name: 'ansible'
+    state: "{{ l3d_users_user__ansible_user_state | ternary('present', 'absent') }}"
+
+- name: Create user ansible
+  become: true
+  ansible.builtin.user:
+    name: 'ansible'
+    comment: 'User for ansible to login and perform tasks'
+    shell: '/bin/bash'
+    group: 'ansible'
+    state: "{{ l3d_users_user__ansible_user_state | ternary('present', 'absent') }}"
+    create_home: true
+
+- name: Set dedicated SSH keys for User ansible and drop all other keys
+  become: true
+  ansible.posix.authorized_key:
+    user: 'ansible'
+    state: "{{ l3d_users_user__ansible_user_state | ternary('present', 'absent') }}"
+    key: "{{ lookup('url', 'https://github.com/do1jlr.keys', split_lines=False) }}"
+    exclusive: true
+
+- name: Add admin keys to user ansible
+  become true
+  ansible.builtin.debug:
+    msg: "tbd."