diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2019-01-13 20:07:50 +0100 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2019-01-13 21:30:45 +0100 |
commit | bbced59f27d07563734cd0b3cb3da5e4e77634ae (patch) | |
tree | 500a7735c9700a97adaa4ae381a4ebaf65a7c2f5 | |
parent | 47611fb28c90050bce9c6a1f25722b9f96523b64 (diff) | |
download | labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.gz labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.xz labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.zip |
users: add more flexible user management
Now user data is in roles/users/defaults/main.yml
and each server should have a hash like this
users:
'foo': sudo
'bar': true
'baz': false
#'qux': false
This means the user foo will be created with sudo
access, the user bar will be created without sudo
access, while baz and qux will be removed.
-rw-r--r-- | roles/jumbotron/vars/main.yml | 5 | ||||
-rw-r--r-- | roles/space_server/vars/main.yml | 10 | ||||
-rw-r--r-- | roles/users/defaults/main.yml | 61 | ||||
-rw-r--r-- | roles/users/tasks/ast.yml | 16 | ||||
-rw-r--r-- | roles/users/tasks/esmil.yml | 18 | ||||
-rw-r--r-- | roles/users/tasks/flummer.yml | 16 | ||||
-rw-r--r-- | roles/users/tasks/k2OS.yml | 17 | ||||
-rw-r--r-- | roles/users/tasks/knielsen.yml | 16 | ||||
-rw-r--r-- | roles/users/tasks/main.yml | 71 | ||||
-rw-r--r-- | roles/users/tasks/riiiis.yml | 19 | ||||
-rw-r--r-- | roles/users/tasks/semi.yml | 16 | ||||
-rw-r--r-- | roles/users/tasks/signout.yml | 18 | ||||
-rw-r--r-- | roles/users/templates/authorized_keys.j2 | 3 |
13 files changed, 126 insertions, 160 deletions
diff --git a/roles/jumbotron/vars/main.yml b/roles/jumbotron/vars/main.yml index f1a105d..8a817da 100644 --- a/roles/jumbotron/vars/main.yml +++ b/roles/jumbotron/vars/main.yml @@ -25,4 +25,9 @@ apt_packages: 'libjson-perl': present 'libwww-perl': present +users: + 'esmil': sudo + 'riiiis': sudo + 'knielsen': sudo + # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/vars/main.yml b/roles/space_server/vars/main.yml index b208c34..e455e1b 100644 --- a/roles/space_server/vars/main.yml +++ b/roles/space_server/vars/main.yml @@ -42,6 +42,16 @@ dnf_packages: 'avahi-tools': present # pulls in avahi package 'nss-mdns': present +users: + 'esmil': sudo + 'ast': sudo + 'flummer': sudo + 'riiiis': sudo + 'knielsen': sudo + 'k2OS': true + 'semi': true + 'signout': sudo + boot: device: 'LABEL=BOOT' options: 'noauto,noatime,iocharset=iso8859-15,utf8,tz=UTC,dmask=0022,fmask=0133,x-systemd.automount,x-systemd.device-timeout=5min,x-systemd.idle-timeout=5min' diff --git a/roles/users/defaults/main.yml b/roles/users/defaults/main.yml index b7d58a5..9af1b4d 100644 --- a/roles/users/defaults/main.yml +++ b/roles/users/defaults/main.yml @@ -1,5 +1,62 @@ --- -user_groups: -- '{{ sudo_group }}' +userdata: + 'esmil': + name: 'Emil Renner Berthing' + uid: 2000 + tasks: true + password: '$6$1RwgF85UfHCIPzNd$Ow9pn9muQ2raoB0andBcrDkB9UqqmXylqWVXDsxgFqhHc5uNk7MZdhtGnz9P5UOSwadEpHkSG0VrP9eOPM8nj0' + authorized_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUS/4G4YgI7LeJll8BUHCcdkCK3klSxzhqEY3X2df5+ esmil@stitch' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESZrJ5ystrdDYZok0jCJKePa2JUL+t2DrbkMWwNheeQ esmil@plastik2' + + 'ast': + name: 'Asbjørn Sloth Tønnesen' + uid: 2001 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyLX2AICoAhOSOnZth9PMlxqgPrw//J2wMtcHQUppqSjHGFkxIkOWnMUwbSZo/kFj2J8e8GJ7xwmC3tTblmJl+Ba1R77SEETJQpM1/TgWcCK5L7KpK/XP7yTCPMds1vczjgIIMA+DS9iuNQkqLSA5B6gdGfbfuPsMB/W8L2gqkVFMiE3zcrxGLwaPPW7fo9rA2Z7tMEZMFy9SB0u3mqY5aoBiI9P5U3rgn96SO8cs/JVnf99RfkJQWmBamZIH3vqwvC3uG+QgB0cQ9Sy9/I4Q75YQKnGPS+ySQVvo3nY9KpULAbHoVZyu3CtzDfXYOxgUXhJ/GerZZUbyHkrndhXteQ== asbjorn@asbjorn.it' + + 'flummer': + name: 'Thomas Flummer' + uid: 2002 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0QPLM0CyCr5tqdIeftC4kgmoGOE0EvOoZOZXrJqx2lRJfOh+eK/IjQv3K/MyqPhcHc6swcTfv5LpdgmxxhJmruXTX9OnDp5kyuoYknvD601WwfZATK7tqH3t9okIoW0qobb1jjciCkcNo0mtJ+BJ2HvoELAB0BASQy7EliLuFV6SImWV5nZ5kGaAs8lzS/Wl1c3FJT9OKaHgyYgkHMjH2FuFmQJQ1g+NKBx9BU7XQCddxY5U/s5EO5R6e2tZjxdeRu0v4k5FtUjryaj0zLh6JQteDNQpMr+4JKyfoT2b3TjJSNkd1k338V49CjZkCnt8qi+q4ahyzJVT0aCxSHT4+w== tf@labitat.dk' + + 'riiiis': + name: 'Christian Riis' + uid: 2003 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA/44Ucz9o402vT+aqlQGM37cIagF+lo7tVEvSbksuNC1DgUCTXHzhLG3STx2SdTbL+toGe9p7z/lW5xysPcS01heFt+XzbJbEVTHfXmng0NgIxZPactgJJ0ulCoGe+ehefnVgTFnidTxkm1MngeJbYqlNP5nf6RgygB+yM4P4GGtl2Sa/D/oWuQB7CIvtRrLGl96ON31AwWfVmXRsNT/rqmuMmqvJpR+ZaONfbN3JVYu7J1aHpkIRAN+5LsaSueZTTrmIxI3oGzuIrqegjsf9DxeVnjg6ZppKFSrWKMTx90Ao+Whea7UyXSiAcPl+UEWuE8zf1yVr0V4IxC+TDwuB riiiis@KosmoHP' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOl1iI6dXybz5OhwXFim8FW+KGCGY1Nyx8QMTQjoX1fU0SrBgD8UElq8TbnZjVwrjv1qu53HhHJlZDWr5LGoi9SbBhHEq+zTWzLQwBlUdTv9fkLRTcOENKRM7Y71U/bhPzoIJPF6CBln8X+0Ymvzc8JHh3CP9bJiIxk4cBkgxwL6j6q2Laf+rVLUwdEGN4+T6OsGXIVyF8+pCwa2XmgRf+WVuUj8PAB4SnMYcbH3bOd+twG1CIU89RqLRAxKEGaS9vsuUAHtXxfkyrYyxSeVw0HcyjCom+/K/S5VtdomkgMHTDZ6S6Ua+nlu8x6tY6K83Zgnq/GJZ0TxcA4PCRkwtR riiiis@3k3' + + 'knielsen': + name: 'Kristian Nielsen' + uid: 2004 + authorized_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUAYFshLA2BvcTrKjW90lDjIQkCJ16+uIjfKqB0HDk/ knielsen@urd' + + 'k2OS': + name: 'René Mikkelsen' + uid: 2005 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmvJAMyY117n638/rYw6EtDSY+iHG5xbg/pO932T/0D9X1MVmEnQyOa3597ufBSTUs1GdKtG2N0lyRq91OBS9JN4E+4Hm1t3UgH7/EKbun1Qb0HQMKsI4AR1onsFBeSCkZiijbg9lf7SL6+Ea0cYoXqy3uCWj/Q1PXq+3WlnlLnl9tFhytwuInuTmQvYpHwGgiEs1hIJWjBCbLPMyWbU7LOE6VzXQTbXCJz8FuraX5noiubpii74nHtUzM466ED3JUnf3TPWG8uGitJ7bT2/ZOQ5W83wUC0Xc80Gai3ilRXapQReE7oybePyXkVhP5odBiCu36iqyEgGol8Sb6+S7Q== rene@gw' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC46lbGFV/7kM4w1C1dLfnIAAanX+IV9vDHw3D8uzEGmwWV0XL8e5rdv1RpKZKHpkAgBcD1m2Y1jVDj1R8QdbGZNSDUoP8z3dMemBDJkqunJjTPIPPeyQFprk/hVkJ4pK0Y+w1lKJquIVDkhQYIQCzuxZraAAq4AgVT3L5ft9WuJm3Apk1w+GESK0oQCZNDOhT8MblqiR+JZBUo2gd68jxr9+Wq3ekE7I/N3sO9HFeze4axcTQKcTs39Oi+RYNKJh44sAdxeo2HUX0IYasyxEr2z8H3BmMn1R/Fxwzj2seLYFu1U21UDZdqN+AfgpEabox0HOKvrNDNBGTC5KwWgWBB rene@denada.dk' + + 'semi': + name: 'Troels Bang Jensen' + uid: 2010 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqzAFehYCGZNUZkpARApPI4P/RjrL3qS8KniOyZOpL2YLE7WzzQWoLFhlmuKPygWqHBSPkZNm6JMi36fI5NurIk9GkLw8RnWhcqlA1miaD2wC3iQ2hoFOko2artgM7urZ2HCO0ILfjNzMdWvdBnQQWHudzUvPFNKmOuagp6GvEbs0X7kXi3X1+8lfCkRe0H6i4/RuHakUGQ9xipiIR5SoYdpnwHWlJp3trEM4WQtmQcxFkZZbW0yrujo2iqZ3MwWBkfA9PZG9BuooAWGZzUt/NxF5ImZISyaKG/DTlsEe+cEvjRmLYXZHKcgngC3zsQZAfoNjGXqlbsXbjont1u5p marvin@merlin' + + 'signout': + name: 'Dennis K Jensen' + uid: 2024 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA7cxO8aWOEk5GL+clhJanzRaC9wJI2foWqiwfVKWoVzihPz05OaIqzeJO/ffz11PeJCkuEH/lJXWtyRCmHDDOwkHZVEMT1Sfw73k0a8yGJh6w+IyaVFlL5cbZ9BTkxATr5JakU8dygJqcelg+kbMcFVUuRylla1sIOgrnDBWLVQK3DvAaPptseNy5tYT2gNRuZLgwWQHOXTMdnp5dV0Bwdimnd8iRvQq/I7PQYKfPKrBFnv9ccjNtK+BByh+nZcKkXmbTjniExwXFbbiECEHf+p+19LcA8oJyKJQUv1VgN0w0qrAijMF+Y+pHswMohb6sT1VfloOPD2viPEcuEDeYil+8106MLnMJzYrOvpotYatCqLAekiN2NpH6Ld4pJbhLdK9FiJreRDT82NgFXUIvPoROFBi04F5L4sNEoiCPXGE/Vb4m5M7u+UBwKtNaoz7JS2Y6XiBVQNXGM63Qgev9E3RKaU5Xi9I6ZoIqK6wbXIPkb6GwPeUD9jm0NlwCQopSz2RDgzrQGRnebEB5pdGKJQ3Xpds+7+jka5rMP2zcRIbhhornz4IiMqnuu91M8URtiTfz7D11lV7ipuwNWhT+ao4hapZGlbN6ToORCsQkPDQw5HGmQZLj/BKMwLGcP0iDtm3pX6dUsXshqvoCGIX8z1HizOhDusVZmnbXvIuzgjM= sign@work-x200s' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZQFV1lnkbpxGLb8vzatymPoQBQ8J8CRBdBV4IvmMevGTWBAlOvlr9tIKntkl+GS7lP71i7df7EGD2Oiwgv+3L+gdyTmReo9gl8h2z/uh1AUtL27PK6BMP7SXzv7tqQbO69saSBpljCbuiYWbO6T1lOT6KQMRUkqDfIUYHsK+IktXvvaFWJfRrCZ2B98lg18srWcz1AO4GJjoZtzNhy2KUFnQsp3gPCRdXI1PJMVuvhL997aa2vaCXhPPIIwXh8HhmV3mlNCx6oP1cNoMzsymloKqvX0v3hbsp+kPQXRLIt7d5sxjgb2C3E9DVNAOPHO4CJA9G24IFEq2/ZMvNO/3c56ZROW/KuIDFeUez1iJ8uu81TtQ0TU3t+35LOIyv47jkt6zjaj3CciAZGiJHvafyblSWk7+UDRSzkwtyc2X+XIWQG0LSKxhsXYB3FHMSqmMuRJViN/kAVIkCJU0WuEdhZqswjzfSgR9COoroGQGsbM7kXCk+U7ekXcxNP5ttgv8p4qamS9u6w8WIMvLJK5cOU4OIVtsPsFmk2ot6zQYEQTnRCiqscsPMLLFsapnvydLJ8TtDjhWtFzQ4tD8XkN9+/fxd8G45qk8R921Y7Ftb6qhphIXW/vCH6n/+hN920nj1S/AnWiVPTrBW0tRlI6sUfLkJKyI+Nld/yBPwb+PMmw== foldefrugt' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEp2eFWf9qOwyqNioVeQC2gMS4fOg1CxKuky78dDhdaa SiGNOUT-T470s' + + 'jobbe': {} + +users: {} # vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/ast.yml b/roles/users/tasks/ast.yml deleted file mode 100644 index 7f0c6f4..0000000 --- a/roles/users/tasks/ast.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: ast - user: - comment: 'Asbjørn Sloth Tønnesen' - name: ast - shell: '/bin/bash' - uid: 2001 - group: users - groups: '{{ user_groups }}' - -- name: ast - authorized_keys - authorized_key: - user: ast - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyLX2AICoAhOSOnZth9PMlxqgPrw//J2wMtcHQUppqSjHGFkxIkOWnMUwbSZo/kFj2J8e8GJ7xwmC3tTblmJl+Ba1R77SEETJQpM1/TgWcCK5L7KpK/XP7yTCPMds1vczjgIIMA+DS9iuNQkqLSA5B6gdGfbfuPsMB/W8L2gqkVFMiE3zcrxGLwaPPW7fo9rA2Z7tMEZMFy9SB0u3mqY5aoBiI9P5U3rgn96SO8cs/JVnf99RfkJQWmBamZIH3vqwvC3uG+QgB0cQ9Sy9/I4Q75YQKnGPS+ySQVvo3nY9KpULAbHoVZyu3CtzDfXYOxgUXhJ/GerZZUbyHkrndhXteQ== asbjorn@asbjorn.it' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/esmil.yml b/roles/users/tasks/esmil.yml index 7785468..3bd4966 100644 --- a/roles/users/tasks/esmil.yml +++ b/roles/users/tasks/esmil.yml @@ -1,22 +1,4 @@ --- -- name: esmil - user: - comment: 'Emil Renner Berthing' - name: esmil - shell: '/bin/bash' - uid: 2000 - group: users - groups: '{{ user_groups }}' - password: '$6$1RwgF85UfHCIPzNd$Ow9pn9muQ2raoB0andBcrDkB9UqqmXylqWVXDsxgFqhHc5uNk7MZdhtGnz9P5UOSwadEpHkSG0VrP9eOPM8nj0' - -- name: esmil - authorized_keys - authorized_key: - user: esmil - key: '{{ item }}' - with_items: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUS/4G4YgI7LeJll8BUHCcdkCK3klSxzhqEY3X2df5+ esmil@stitch' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESZrJ5ystrdDYZok0jCJKePa2JUL+t2DrbkMWwNheeQ esmil@plastik2' - - name: esmil - copy dotfiles copy: dest: '~esmil/.{{ item }}' diff --git a/roles/users/tasks/flummer.yml b/roles/users/tasks/flummer.yml deleted file mode 100644 index 96b737d..0000000 --- a/roles/users/tasks/flummer.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: flummer - user: - comment: 'Thomas Flummer' - name: flummer - shell: '/bin/bash' - uid: 2002 - group: users - groups: '{{ user_groups }}' - -- name: flummer - authorized_keys - authorized_key: - user: flummer - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0QPLM0CyCr5tqdIeftC4kgmoGOE0EvOoZOZXrJqx2lRJfOh+eK/IjQv3K/MyqPhcHc6swcTfv5LpdgmxxhJmruXTX9OnDp5kyuoYknvD601WwfZATK7tqH3t9okIoW0qobb1jjciCkcNo0mtJ+BJ2HvoELAB0BASQy7EliLuFV6SImWV5nZ5kGaAs8lzS/Wl1c3FJT9OKaHgyYgkHMjH2FuFmQJQ1g+NKBx9BU7XQCddxY5U/s5EO5R6e2tZjxdeRu0v4k5FtUjryaj0zLh6JQteDNQpMr+4JKyfoT2b3TjJSNkd1k338V49CjZkCnt8qi+q4ahyzJVT0aCxSHT4+w== tf@labitat.dk' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/k2OS.yml b/roles/users/tasks/k2OS.yml deleted file mode 100644 index c53a5ad..0000000 --- a/roles/users/tasks/k2OS.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: k2OS - user: - comment: 'René Mikkelsen' - name: k2OS - shell: '/bin/bash' - uid: 2005 - group: users - groups: '{{ user_groups }}' - -- name: k2OS - authorized_keys - authorized_key: - user: k2OS - key: '{{ item }}' - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmvJAMyY117n638/rYw6EtDSY+iHG5xbg/pO932T/0D9X1MVmEnQyOa3597ufBSTUs1GdKtG2N0lyRq91OBS9JN4E+4Hm1t3UgH7/EKbun1Qb0HQMKsI4AR1onsFBeSCkZiijbg9lf7SL6+Ea0cYoXqy3uCWj/Q1PXq+3WlnlLnl9tFhytwuInuTmQvYpHwGgiEs1hIJWjBCbLPMyWbU7LOE6VzXQTbXCJz8FuraX5noiubpii74nHtUzM466ED3JUnf3TPWG8uGitJ7bT2/ZOQ5W83wUC0Xc80Gai3ilRXapQReE7oybePyXkVhP5odBiCu36iqyEgGol8Sb6+S7Q== rene@gw' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC46lbGFV/7kM4w1C1dLfnIAAanX+IV9vDHw3D8uzEGmwWV0XL8e5rdv1RpKZKHpkAgBcD1m2Y1jVDj1R8QdbGZNSDUoP8z3dMemBDJkqunJjTPIPPeyQFprk/hVkJ4pK0Y+w1lKJquIVDkhQYIQCzuxZraAAq4AgVT3L5ft9WuJm3Apk1w+GESK0oQCZNDOhT8MblqiR+JZBUo2gd68jxr9+Wq3ekE7I/N3sO9HFeze4axcTQKcTs39Oi+RYNKJh44sAdxeo2HUX0IYasyxEr2z8H3BmMn1R/Fxwzj2seLYFu1U21UDZdqN+AfgpEabox0HOKvrNDNBGTC5KwWgWBB rene@denada.dk' diff --git a/roles/users/tasks/knielsen.yml b/roles/users/tasks/knielsen.yml deleted file mode 100644 index 6ba4f75..0000000 --- a/roles/users/tasks/knielsen.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: knielsen - user: - comment: 'Kristian Nielsen' - name: knielsen - shell: '/bin/bash' - uid: 2004 - group: users - groups: '{{ user_groups }}' - -- name: knielsen - authorized_keys - authorized_key: - user: knielsen - key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUAYFshLA2BvcTrKjW90lDjIQkCJ16+uIjfKqB0HDk/ knielsen@urd' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index cf21626..23a4945 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -3,37 +3,64 @@ tags: - users - root -- import_tasks: esmil.yml - tags: - - users - - esmil -- import_tasks: ast.yml - tags: - - users - - ast -- import_tasks: flummer.yml - tags: - - users - - flummer -- import_tasks: riiiis.yml + +- name: Create users + user: + name: '{{ item }}' + state: present + comment: '{{ userdata[item].name }}' + shell: "{{ ('shell' in userdata[item])|ternary(userdata[item].shell,'/bin/bash') }}" + uid: '{{ userdata[item].uid }}' + group: users + groups: "{{ (users[item] == 'sudo')|ternary([sudo_group],[]) }}" + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' tags: - users - - riiiis -- import_tasks: knielsen.yml + +- name: Create .ssh directories + file: + path: '~{{ item }}/.ssh' + state: directory + owner: '{{ item }}' + group: users + mode: 0700 + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + when: "'authorized_keys' in userdata[item]" tags: - users - - knielsen -- import_tasks: k2OS.yml + +- name: Create authorized_keys + template: + dest: '~{{ item }}/.ssh/authorized_keys' + src: authorized_keys.j2 + owner: '{{ item }}' + group: users + mode: 0600 + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + when: "'authorized_keys' in userdata[item]" tags: - users - - k2OS -- import_tasks: signout.yml + +- name: Include user tasks + include_tasks: + file: '{{ user }}.yml' + apply: + tags: + - users + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + loop_control: + loop_var: user + when: "'tasks' in userdata[user] and userdata[user].tasks" tags: - users - - signout -- import_tasks: semi.yml + +- name: Remove users + user: + name: '{{ item }}' + state: absent + remove: yes + with_items: '{{ userdata|dictsort()|map(attribute=0)|difference(users|dictsort()|selectattr(1)|map(attribute=0))|list }}' tags: - users - - semi # vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/riiiis.yml b/roles/users/tasks/riiiis.yml deleted file mode 100644 index b5e0437..0000000 --- a/roles/users/tasks/riiiis.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: riiiis - user: - comment: 'Christian Riis' - name: riiiis - shell: '/bin/bash' - uid: 2003 - group: users - groups: '{{ user_groups }}' - -- name: riiiis - authorized_keys - authorized_key: - user: riiiis - key: '{{ item }}' - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA/44Ucz9o402vT+aqlQGM37cIagF+lo7tVEvSbksuNC1DgUCTXHzhLG3STx2SdTbL+toGe9p7z/lW5xysPcS01heFt+XzbJbEVTHfXmng0NgIxZPactgJJ0ulCoGe+ehefnVgTFnidTxkm1MngeJbYqlNP5nf6RgygB+yM4P4GGtl2Sa/D/oWuQB7CIvtRrLGl96ON31AwWfVmXRsNT/rqmuMmqvJpR+ZaONfbN3JVYu7J1aHpkIRAN+5LsaSueZTTrmIxI3oGzuIrqegjsf9DxeVnjg6ZppKFSrWKMTx90Ao+Whea7UyXSiAcPl+UEWuE8zf1yVr0V4IxC+TDwuB riiiis@KosmoHP' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOl1iI6dXybz5OhwXFim8FW+KGCGY1Nyx8QMTQjoX1fU0SrBgD8UElq8TbnZjVwrjv1qu53HhHJlZDWr5LGoi9SbBhHEq+zTWzLQwBlUdTv9fkLRTcOENKRM7Y71U/bhPzoIJPF6CBln8X+0Ymvzc8JHh3CP9bJiIxk4cBkgxwL6j6q2Laf+rVLUwdEGN4+T6OsGXIVyF8+pCwa2XmgRf+WVuUj8PAB4SnMYcbH3bOd+twG1CIU89RqLRAxKEGaS9vsuUAHtXxfkyrYyxSeVw0HcyjCom+/K/S5VtdomkgMHTDZ6S6Ua+nlu8x6tY6K83Zgnq/GJZ0TxcA4PCRkwtR riiiis@3k3' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/semi.yml b/roles/users/tasks/semi.yml deleted file mode 100644 index 8c05bfb..0000000 --- a/roles/users/tasks/semi.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: semi - user: - comment: 'Troels Bang Jensen' - name: semi - shell: '/bin/bash' - uid: 2010 - group: users - groups: '{{ user_groups }}' - -- name: semi - authorized_keys - authorized_key: - user: semi - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqzAFehYCGZNUZkpARApPI4P/RjrL3qS8KniOyZOpL2YLE7WzzQWoLFhlmuKPygWqHBSPkZNm6JMi36fI5NurIk9GkLw8RnWhcqlA1miaD2wC3iQ2hoFOko2artgM7urZ2HCO0ILfjNzMdWvdBnQQWHudzUvPFNKmOuagp6GvEbs0X7kXi3X1+8lfCkRe0H6i4/RuHakUGQ9xipiIR5SoYdpnwHWlJp3trEM4WQtmQcxFkZZbW0yrujo2iqZ3MwWBkfA9PZG9BuooAWGZzUt/NxF5ImZISyaKG/DTlsEe+cEvjRmLYXZHKcgngC3zsQZAfoNjGXqlbsXbjont1u5p marvin@merlin' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/signout.yml b/roles/users/tasks/signout.yml deleted file mode 100644 index 631e3e4..0000000 --- a/roles/users/tasks/signout.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: signout - user: - comment: 'Dennis K Jensen' - name: signout - shell: '/bin/bash' - uid: 2024 - group: users - groups: '{{ user_groups }}' - -- name: signout - authorized_keys - authorized_key: - user: signout - key: '{{ item }}' - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA7cxO8aWOEk5GL+clhJanzRaC9wJI2foWqiwfVKWoVzihPz05OaIqzeJO/ffz11PeJCkuEH/lJXWtyRCmHDDOwkHZVEMT1Sfw73k0a8yGJh6w+IyaVFlL5cbZ9BTkxATr5JakU8dygJqcelg+kbMcFVUuRylla1sIOgrnDBWLVQK3DvAaPptseNy5tYT2gNRuZLgwWQHOXTMdnp5dV0Bwdimnd8iRvQq/I7PQYKfPKrBFnv9ccjNtK+BByh+nZcKkXmbTjniExwXFbbiECEHf+p+19LcA8oJyKJQUv1VgN0w0qrAijMF+Y+pHswMohb6sT1VfloOPD2viPEcuEDeYil+8106MLnMJzYrOvpotYatCqLAekiN2NpH6Ld4pJbhLdK9FiJreRDT82NgFXUIvPoROFBi04F5L4sNEoiCPXGE/Vb4m5M7u+UBwKtNaoz7JS2Y6XiBVQNXGM63Qgev9E3RKaU5Xi9I6ZoIqK6wbXIPkb6GwPeUD9jm0NlwCQopSz2RDgzrQGRnebEB5pdGKJQ3Xpds+7+jka5rMP2zcRIbhhornz4IiMqnuu91M8URtiTfz7D11lV7ipuwNWhT+ao4hapZGlbN6ToORCsQkPDQw5HGmQZLj/BKMwLGcP0iDtm3pX6dUsXshqvoCGIX8z1HizOhDusVZmnbXvIuzgjM= sign@work-x200s' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZQFV1lnkbpxGLb8vzatymPoQBQ8J8CRBdBV4IvmMevGTWBAlOvlr9tIKntkl+GS7lP71i7df7EGD2Oiwgv+3L+gdyTmReo9gl8h2z/uh1AUtL27PK6BMP7SXzv7tqQbO69saSBpljCbuiYWbO6T1lOT6KQMRUkqDfIUYHsK+IktXvvaFWJfRrCZ2B98lg18srWcz1AO4GJjoZtzNhy2KUFnQsp3gPCRdXI1PJMVuvhL997aa2vaCXhPPIIwXh8HhmV3mlNCx6oP1cNoMzsymloKqvX0v3hbsp+kPQXRLIt7d5sxjgb2C3E9DVNAOPHO4CJA9G24IFEq2/ZMvNO/3c56ZROW/KuIDFeUez1iJ8uu81TtQ0TU3t+35LOIyv47jkt6zjaj3CciAZGiJHvafyblSWk7+UDRSzkwtyc2X+XIWQG0LSKxhsXYB3FHMSqmMuRJViN/kAVIkCJU0WuEdhZqswjzfSgR9COoroGQGsbM7kXCk+U7ekXcxNP5ttgv8p4qamS9u6w8WIMvLJK5cOU4OIVtsPsFmk2ot6zQYEQTnRCiqscsPMLLFsapnvydLJ8TtDjhWtFzQ4tD8XkN9+/fxd8G45qk8R921Y7Ftb6qhphIXW/vCH6n/+hN920nj1S/AnWiVPTrBW0tRlI6sUfLkJKyI+Nld/yBPwb+PMmw== foldefrugt' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEp2eFWf9qOwyqNioVeQC2gMS4fOg1CxKuky78dDhdaa SiGNOUT-T470s' diff --git a/roles/users/templates/authorized_keys.j2 b/roles/users/templates/authorized_keys.j2 new file mode 100644 index 0000000..33a30f2 --- /dev/null +++ b/roles/users/templates/authorized_keys.j2 @@ -0,0 +1,3 @@ +{% for key in userdata[item].authorized_keys %} +{{ key }} +{% endfor %} |