users: add more flexible user management

Now user data is in roles/users/defaults/main.yml and each server should have a hash like this users: 'foo': sudo 'bar': true 'baz': false #'qux': false This means the user foo will be created with sudo access, the user bar will be created without sudo access, while baz and qux will be removed.
author: Emil Renner Berthing <esmil@labitat.dk> 2019-01-13 20:07:50 +0100
committer: Emil Renner Berthing <esmil@labitat.dk> 2019-01-13 21:30:45 +0100
commit: bbced59f27d07563734cd0b3cb3da5e4e77634ae (patch)
tree: 500a7735c9700a97adaa4ae381a4ebaf65a7c2f5 /roles
parent: 47611fb28c90050bce9c6a1f25722b9f96523b64 (diff)
download: labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.gz
labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.xz
labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.zip
13 files changed, 126 insertions, 160 deletions
diff --git a/roles/jumbotron/vars/main.yml b/roles/jumbotron/vars/main.yml
index f1a105d..8a817da 100644
--- a/roles/jumbotron/vars/main.yml
+++ b/roles/jumbotron/vars/main.yml
@@ -25,4 +25,9 @@ apt_packages:
   'libjson-perl': present
   'libwww-perl': present
 
+users:
+  'esmil': sudo
+  'riiiis': sudo
+  'knielsen': sudo
+
 # vim: set ts=2 sw=2 et:
diff --git a/roles/space_server/vars/main.yml b/roles/space_server/vars/main.yml
index b208c34..e455e1b 100644
--- a/roles/space_server/vars/main.yml
+++ b/roles/space_server/vars/main.yml
@@ -42,6 +42,16 @@ dnf_packages:
   'avahi-tools': present # pulls in avahi package
   'nss-mdns': present
 
+users:
+  'esmil': sudo
+  'ast': sudo
+  'flummer': sudo
+  'riiiis': sudo
+  'knielsen': sudo
+  'k2OS': true
+  'semi': true
+  'signout': sudo
+
 boot:
   device: 'LABEL=BOOT'
   options: 'noauto,noatime,iocharset=iso8859-15,utf8,tz=UTC,dmask=0022,fmask=0133,x-systemd.automount,x-systemd.device-timeout=5min,x-systemd.idle-timeout=5min'
diff --git a/roles/users/defaults/main.yml b/roles/users/defaults/main.yml
index b7d58a5..9af1b4d 100644
--- a/roles/users/defaults/main.yml
+++ b/roles/users/defaults/main.yml
@@ -1,5 +1,62 @@
 ---
-user_groups:
-- '{{ sudo_group }}'
+userdata:
+  'esmil':
+    name: 'Emil Renner Berthing'
+    uid: 2000
+    tasks: true
+    password: '$6$1RwgF85UfHCIPzNd$Ow9pn9muQ2raoB0andBcrDkB9UqqmXylqWVXDsxgFqhHc5uNk7MZdhtGnz9P5UOSwadEpHkSG0VrP9eOPM8nj0'
+    authorized_keys:
+    - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUS/4G4YgI7LeJll8BUHCcdkCK3klSxzhqEY3X2df5+ esmil@stitch'
+    - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESZrJ5ystrdDYZok0jCJKePa2JUL+t2DrbkMWwNheeQ esmil@plastik2'
+
+  'ast':
+    name: 'Asbjørn Sloth Tønnesen'
+    uid: 2001
+    authorized_keys:
+    - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyLX2AICoAhOSOnZth9PMlxqgPrw//J2wMtcHQUppqSjHGFkxIkOWnMUwbSZo/kFj2J8e8GJ7xwmC3tTblmJl+Ba1R77SEETJQpM1/TgWcCK5L7KpK/XP7yTCPMds1vczjgIIMA+DS9iuNQkqLSA5B6gdGfbfuPsMB/W8L2gqkVFMiE3zcrxGLwaPPW7fo9rA2Z7tMEZMFy9SB0u3mqY5aoBiI9P5U3rgn96SO8cs/JVnf99RfkJQWmBamZIH3vqwvC3uG+QgB0cQ9Sy9/I4Q75YQKnGPS+ySQVvo3nY9KpULAbHoVZyu3CtzDfXYOxgUXhJ/GerZZUbyHkrndhXteQ== asbjorn@asbjorn.it'
+
+  'flummer':
+    name: 'Thomas Flummer'
+    uid: 2002
+    authorized_keys:
+    - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0QPLM0CyCr5tqdIeftC4kgmoGOE0EvOoZOZXrJqx2lRJfOh+eK/IjQv3K/MyqPhcHc6swcTfv5LpdgmxxhJmruXTX9OnDp5kyuoYknvD601WwfZATK7tqH3t9okIoW0qobb1jjciCkcNo0mtJ+BJ2HvoELAB0BASQy7EliLuFV6SImWV5nZ5kGaAs8lzS/Wl1c3FJT9OKaHgyYgkHMjH2FuFmQJQ1g+NKBx9BU7XQCddxY5U/s5EO5R6e2tZjxdeRu0v4k5FtUjryaj0zLh6JQteDNQpMr+4JKyfoT2b3TjJSNkd1k338V49CjZkCnt8qi+q4ahyzJVT0aCxSHT4+w== tf@labitat.dk'
+
+  'riiiis':
+    name: 'Christian Riis'
+    uid: 2003
+    authorized_keys:
+    - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA/44Ucz9o402vT+aqlQGM37cIagF+lo7tVEvSbksuNC1DgUCTXHzhLG3STx2SdTbL+toGe9p7z/lW5xysPcS01heFt+XzbJbEVTHfXmng0NgIxZPactgJJ0ulCoGe+ehefnVgTFnidTxkm1MngeJbYqlNP5nf6RgygB+yM4P4GGtl2Sa/D/oWuQB7CIvtRrLGl96ON31AwWfVmXRsNT/rqmuMmqvJpR+ZaONfbN3JVYu7J1aHpkIRAN+5LsaSueZTTrmIxI3oGzuIrqegjsf9DxeVnjg6ZppKFSrWKMTx90Ao+Whea7UyXSiAcPl+UEWuE8zf1yVr0V4IxC+TDwuB riiiis@KosmoHP'
+    - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOl1iI6dXybz5OhwXFim8FW+KGCGY1Nyx8QMTQjoX1fU0SrBgD8UElq8TbnZjVwrjv1qu53HhHJlZDWr5LGoi9SbBhHEq+zTWzLQwBlUdTv9fkLRTcOENKRM7Y71U/bhPzoIJPF6CBln8X+0Ymvzc8JHh3CP9bJiIxk4cBkgxwL6j6q2Laf+rVLUwdEGN4+T6OsGXIVyF8+pCwa2XmgRf+WVuUj8PAB4SnMYcbH3bOd+twG1CIU89RqLRAxKEGaS9vsuUAHtXxfkyrYyxSeVw0HcyjCom+/K/S5VtdomkgMHTDZ6S6Ua+nlu8x6tY6K83Zgnq/GJZ0TxcA4PCRkwtR riiiis@3k3'
+
+  'knielsen':
+    name: 'Kristian Nielsen'
+    uid: 2004
+    authorized_keys:
+    - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUAYFshLA2BvcTrKjW90lDjIQkCJ16+uIjfKqB0HDk/ knielsen@urd'
+
+  'k2OS':
+    name: 'René Mikkelsen'
+    uid: 2005
+    authorized_keys:
+    - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmvJAMyY117n638/rYw6EtDSY+iHG5xbg/pO932T/0D9X1MVmEnQyOa3597ufBSTUs1GdKtG2N0lyRq91OBS9JN4E+4Hm1t3UgH7/EKbun1Qb0HQMKsI4AR1onsFBeSCkZiijbg9lf7SL6+Ea0cYoXqy3uCWj/Q1PXq+3WlnlLnl9tFhytwuInuTmQvYpHwGgiEs1hIJWjBCbLPMyWbU7LOE6VzXQTbXCJz8FuraX5noiubpii74nHtUzM466ED3JUnf3TPWG8uGitJ7bT2/ZOQ5W83wUC0Xc80Gai3ilRXapQReE7oybePyXkVhP5odBiCu36iqyEgGol8Sb6+S7Q== rene@gw'
+    - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC46lbGFV/7kM4w1C1dLfnIAAanX+IV9vDHw3D8uzEGmwWV0XL8e5rdv1RpKZKHpkAgBcD1m2Y1jVDj1R8QdbGZNSDUoP8z3dMemBDJkqunJjTPIPPeyQFprk/hVkJ4pK0Y+w1lKJquIVDkhQYIQCzuxZraAAq4AgVT3L5ft9WuJm3Apk1w+GESK0oQCZNDOhT8MblqiR+JZBUo2gd68jxr9+Wq3ekE7I/N3sO9HFeze4axcTQKcTs39Oi+RYNKJh44sAdxeo2HUX0IYasyxEr2z8H3BmMn1R/Fxwzj2seLYFu1U21UDZdqN+AfgpEabox0HOKvrNDNBGTC5KwWgWBB rene@denada.dk'
+
+  'semi':
+    name: 'Troels Bang Jensen'
+    uid: 2010
+    authorized_keys:
+    - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqzAFehYCGZNUZkpARApPI4P/RjrL3qS8KniOyZOpL2YLE7WzzQWoLFhlmuKPygWqHBSPkZNm6JMi36fI5NurIk9GkLw8RnWhcqlA1miaD2wC3iQ2hoFOko2artgM7urZ2HCO0ILfjNzMdWvdBnQQWHudzUvPFNKmOuagp6GvEbs0X7kXi3X1+8lfCkRe0H6i4/RuHakUGQ9xipiIR5SoYdpnwHWlJp3trEM4WQtmQcxFkZZbW0yrujo2iqZ3MwWBkfA9PZG9BuooAWGZzUt/NxF5ImZISyaKG/DTlsEe+cEvjRmLYXZHKcgngC3zsQZAfoNjGXqlbsXbjont1u5p marvin@merlin'
+
+  'signout':
+    name: 'Dennis K Jensen'
+    uid: 2024
+    authorized_keys:
+    - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA7cxO8aWOEk5GL+clhJanzRaC9wJI2foWqiwfVKWoVzihPz05OaIqzeJO/ffz11PeJCkuEH/lJXWtyRCmHDDOwkHZVEMT1Sfw73k0a8yGJh6w+IyaVFlL5cbZ9BTkxATr5JakU8dygJqcelg+kbMcFVUuRylla1sIOgrnDBWLVQK3DvAaPptseNy5tYT2gNRuZLgwWQHOXTMdnp5dV0Bwdimnd8iRvQq/I7PQYKfPKrBFnv9ccjNtK+BByh+nZcKkXmbTjniExwXFbbiECEHf+p+19LcA8oJyKJQUv1VgN0w0qrAijMF+Y+pHswMohb6sT1VfloOPD2viPEcuEDeYil+8106MLnMJzYrOvpotYatCqLAekiN2NpH6Ld4pJbhLdK9FiJreRDT82NgFXUIvPoROFBi04F5L4sNEoiCPXGE/Vb4m5M7u+UBwKtNaoz7JS2Y6XiBVQNXGM63Qgev9E3RKaU5Xi9I6ZoIqK6wbXIPkb6GwPeUD9jm0NlwCQopSz2RDgzrQGRnebEB5pdGKJQ3Xpds+7+jka5rMP2zcRIbhhornz4IiMqnuu91M8URtiTfz7D11lV7ipuwNWhT+ao4hapZGlbN6ToORCsQkPDQw5HGmQZLj/BKMwLGcP0iDtm3pX6dUsXshqvoCGIX8z1HizOhDusVZmnbXvIuzgjM= sign@work-x200s'
+    - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZQFV1lnkbpxGLb8vzatymPoQBQ8J8CRBdBV4IvmMevGTWBAlOvlr9tIKntkl+GS7lP71i7df7EGD2Oiwgv+3L+gdyTmReo9gl8h2z/uh1AUtL27PK6BMP7SXzv7tqQbO69saSBpljCbuiYWbO6T1lOT6KQMRUkqDfIUYHsK+IktXvvaFWJfRrCZ2B98lg18srWcz1AO4GJjoZtzNhy2KUFnQsp3gPCRdXI1PJMVuvhL997aa2vaCXhPPIIwXh8HhmV3mlNCx6oP1cNoMzsymloKqvX0v3hbsp+kPQXRLIt7d5sxjgb2C3E9DVNAOPHO4CJA9G24IFEq2/ZMvNO/3c56ZROW/KuIDFeUez1iJ8uu81TtQ0TU3t+35LOIyv47jkt6zjaj3CciAZGiJHvafyblSWk7+UDRSzkwtyc2X+XIWQG0LSKxhsXYB3FHMSqmMuRJViN/kAVIkCJU0WuEdhZqswjzfSgR9COoroGQGsbM7kXCk+U7ekXcxNP5ttgv8p4qamS9u6w8WIMvLJK5cOU4OIVtsPsFmk2ot6zQYEQTnRCiqscsPMLLFsapnvydLJ8TtDjhWtFzQ4tD8XkN9+/fxd8G45qk8R921Y7Ftb6qhphIXW/vCH6n/+hN920nj1S/AnWiVPTrBW0tRlI6sUfLkJKyI+Nld/yBPwb+PMmw== foldefrugt'
+    - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEp2eFWf9qOwyqNioVeQC2gMS4fOg1CxKuky78dDhdaa SiGNOUT-T470s'
+
+  'jobbe': {}
+
+users: {}
 
 # vim: set ts=2 sw=2 et:
diff --git a/roles/users/tasks/ast.yml b/roles/users/tasks/ast.yml
deleted file mode 100644
index 7f0c6f4..0000000
--- a/roles/users/tasks/ast.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- name: ast
-  user:
-    comment: 'Asbjørn Sloth Tønnesen'
-    name: ast
-    shell: '/bin/bash'
-    uid: 2001
-    group: users
-    groups: '{{ user_groups }}'
-
-- name: ast - authorized_keys
-  authorized_key:
-    user: ast
-    key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyLX2AICoAhOSOnZth9PMlxqgPrw//J2wMtcHQUppqSjHGFkxIkOWnMUwbSZo/kFj2J8e8GJ7xwmC3tTblmJl+Ba1R77SEETJQpM1/TgWcCK5L7KpK/XP7yTCPMds1vczjgIIMA+DS9iuNQkqLSA5B6gdGfbfuPsMB/W8L2gqkVFMiE3zcrxGLwaPPW7fo9rA2Z7tMEZMFy9SB0u3mqY5aoBiI9P5U3rgn96SO8cs/JVnf99RfkJQWmBamZIH3vqwvC3uG+QgB0cQ9Sy9/I4Q75YQKnGPS+ySQVvo3nY9KpULAbHoVZyu3CtzDfXYOxgUXhJ/GerZZUbyHkrndhXteQ== asbjorn@asbjorn.it'
-
-# vim: set ts=2 sw=2 et:
diff --git a/roles/users/tasks/esmil.yml b/roles/users/tasks/esmil.yml
index 7785468..3bd4966 100644
--- a/roles/users/tasks/esmil.yml
+++ b/roles/users/tasks/esmil.yml
@@ -1,22 +1,4 @@
 ---
-- name: esmil
-  user:
-    comment: 'Emil Renner Berthing'
-    name: esmil
-    shell: '/bin/bash'
-    uid: 2000
-    group: users
-    groups: '{{ user_groups }}'
-    password: '$6$1RwgF85UfHCIPzNd$Ow9pn9muQ2raoB0andBcrDkB9UqqmXylqWVXDsxgFqhHc5uNk7MZdhtGnz9P5UOSwadEpHkSG0VrP9eOPM8nj0'
-
-- name: esmil - authorized_keys
-  authorized_key:
-    user: esmil
-    key: '{{ item }}'
-  with_items:
-  - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUS/4G4YgI7LeJll8BUHCcdkCK3klSxzhqEY3X2df5+ esmil@stitch'
-  - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESZrJ5ystrdDYZok0jCJKePa2JUL+t2DrbkMWwNheeQ esmil@plastik2'
-
 - name: esmil - copy dotfiles
   copy:
     dest: '~esmil/.{{ item }}'
diff --git a/roles/users/tasks/flummer.yml b/roles/users/tasks/flummer.yml
deleted file mode 100644
index 96b737d..0000000
--- a/roles/users/tasks/flummer.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- name: flummer
-  user:
-    comment: 'Thomas Flummer'
-    name: flummer
-    shell: '/bin/bash'
-    uid: 2002
-    group: users
-    groups: '{{ user_groups }}'
-
-- name: flummer - authorized_keys
-  authorized_key:
-    user: flummer
-    key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0QPLM0CyCr5tqdIeftC4kgmoGOE0EvOoZOZXrJqx2lRJfOh+eK/IjQv3K/MyqPhcHc6swcTfv5LpdgmxxhJmruXTX9OnDp5kyuoYknvD601WwfZATK7tqH3t9okIoW0qobb1jjciCkcNo0mtJ+BJ2HvoELAB0BASQy7EliLuFV6SImWV5nZ5kGaAs8lzS/Wl1c3FJT9OKaHgyYgkHMjH2FuFmQJQ1g+NKBx9BU7XQCddxY5U/s5EO5R6e2tZjxdeRu0v4k5FtUjryaj0zLh6JQteDNQpMr+4JKyfoT2b3TjJSNkd1k338V49CjZkCnt8qi+q4ahyzJVT0aCxSHT4+w== tf@labitat.dk'
-
-# vim: set ts=2 sw=2 et:
diff --git a/roles/users/tasks/k2OS.yml b/roles/users/tasks/k2OS.yml
deleted file mode 100644
index c53a5ad..0000000
--- a/roles/users/tasks/k2OS.yml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-- name: k2OS
-  user:
-    comment: 'René Mikkelsen'
-    name: k2OS
-    shell: '/bin/bash'
-    uid: 2005
-    group: users
-    groups: '{{ user_groups }}'
-
-- name: k2OS - authorized_keys
-  authorized_key:
-    user: k2OS
-    key: '{{ item }}'
-  with_items:
-  - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmvJAMyY117n638/rYw6EtDSY+iHG5xbg/pO932T/0D9X1MVmEnQyOa3597ufBSTUs1GdKtG2N0lyRq91OBS9JN4E+4Hm1t3UgH7/EKbun1Qb0HQMKsI4AR1onsFBeSCkZiijbg9lf7SL6+Ea0cYoXqy3uCWj/Q1PXq+3WlnlLnl9tFhytwuInuTmQvYpHwGgiEs1hIJWjBCbLPMyWbU7LOE6VzXQTbXCJz8FuraX5noiubpii74nHtUzM466ED3JUnf3TPWG8uGitJ7bT2/ZOQ5W83wUC0Xc80Gai3ilRXapQReE7oybePyXkVhP5odBiCu36iqyEgGol8Sb6+S7Q== rene@gw'
-  - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC46lbGFV/7kM4w1C1dLfnIAAanX+IV9vDHw3D8uzEGmwWV0XL8e5rdv1RpKZKHpkAgBcD1m2Y1jVDj1R8QdbGZNSDUoP8z3dMemBDJkqunJjTPIPPeyQFprk/hVkJ4pK0Y+w1lKJquIVDkhQYIQCzuxZraAAq4AgVT3L5ft9WuJm3Apk1w+GESK0oQCZNDOhT8MblqiR+JZBUo2gd68jxr9+Wq3ekE7I/N3sO9HFeze4axcTQKcTs39Oi+RYNKJh44sAdxeo2HUX0IYasyxEr2z8H3BmMn1R/Fxwzj2seLYFu1U21UDZdqN+AfgpEabox0HOKvrNDNBGTC5KwWgWBB rene@denada.dk'
diff --git a/roles/users/tasks/knielsen.yml b/roles/users/tasks/knielsen.yml
deleted file mode 100644
index 6ba4f75..0000000
--- a/roles/users/tasks/knielsen.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- name: knielsen
-  user:
-    comment: 'Kristian Nielsen'
-    name: knielsen
-    shell: '/bin/bash'
-    uid: 2004
-    group: users
-    groups: '{{ user_groups }}'
-
-- name: knielsen - authorized_keys
-  authorized_key:
-    user: knielsen
-    key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUAYFshLA2BvcTrKjW90lDjIQkCJ16+uIjfKqB0HDk/ knielsen@urd'
-
-# vim: set ts=2 sw=2 et:
diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml
index cf21626..23a4945 100644
--- a/roles/users/tasks/main.yml
+++ b/roles/users/tasks/main.yml
@@ -3,37 +3,64 @@
   tags:
   - users
   - root
-- import_tasks: esmil.yml
-  tags:
-  - users
-  - esmil
-- import_tasks: ast.yml
-  tags:
-  - users
-  - ast
-- import_tasks: flummer.yml
-  tags:
-  - users
-  - flummer
-- import_tasks: riiiis.yml
+
+- name: Create users
+  user:
+    name: '{{ item }}'
+    state: present
+    comment: '{{ userdata[item].name }}'
+    shell: "{{ ('shell' in userdata[item])|ternary(userdata[item].shell,'/bin/bash') }}"
+    uid: '{{ userdata[item].uid }}'
+    group: users
+    groups: "{{ (users[item] == 'sudo')|ternary([sudo_group],[]) }}"
+  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
   tags:
   - users
-  - riiiis
-- import_tasks: knielsen.yml
+
+- name: Create .ssh directories
+  file:
+    path: '~{{ item }}/.ssh'
+    state: directory
+    owner: '{{ item }}'
+    group: users
+    mode: 0700
+  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
+  when: "'authorized_keys' in userdata[item]"
   tags:
   - users
-  - knielsen
-- import_tasks: k2OS.yml
+
+- name: Create authorized_keys
+  template:
+    dest: '~{{ item }}/.ssh/authorized_keys'
+    src: authorized_keys.j2
+    owner: '{{ item }}'
+    group: users
+    mode: 0600
+  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
+  when: "'authorized_keys' in userdata[item]"
   tags:
   - users
-  - k2OS
-- import_tasks: signout.yml
+
+- name: Include user tasks
+  include_tasks:
+    file: '{{ user }}.yml'
+    apply:
+      tags:
+      - users
+  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
+  loop_control:
+    loop_var: user
+  when: "'tasks' in userdata[user] and userdata[user].tasks"
   tags:
   - users
-  - signout
-- import_tasks: semi.yml
+
+- name: Remove users
+  user:
+    name: '{{ item }}'
+    state: absent
+    remove: yes
+  with_items: '{{ userdata|dictsort()|map(attribute=0)|difference(users|dictsort()|selectattr(1)|map(attribute=0))|list }}'
   tags:
   - users
-  - semi
 
 # vim: set ts=2 sw=2 et:
diff --git a/roles/users/tasks/riiiis.yml b/roles/users/tasks/riiiis.yml
deleted file mode 100644
index b5e0437..0000000
--- a/roles/users/tasks/riiiis.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: riiiis
-  user:
-    comment: 'Christian Riis'
-    name: riiiis
-    shell: '/bin/bash'
-    uid: 2003
-    group: users
-    groups: '{{ user_groups }}'
-
-- name: riiiis - authorized_keys
-  authorized_key:
-    user: riiiis
-    key: '{{ item }}'
-  with_items:
-  - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA/44Ucz9o402vT+aqlQGM37cIagF+lo7tVEvSbksuNC1DgUCTXHzhLG3STx2SdTbL+toGe9p7z/lW5xysPcS01heFt+XzbJbEVTHfXmng0NgIxZPactgJJ0ulCoGe+ehefnVgTFnidTxkm1MngeJbYqlNP5nf6RgygB+yM4P4GGtl2Sa/D/oWuQB7CIvtRrLGl96ON31AwWfVmXRsNT/rqmuMmqvJpR+ZaONfbN3JVYu7J1aHpkIRAN+5LsaSueZTTrmIxI3oGzuIrqegjsf9DxeVnjg6ZppKFSrWKMTx90Ao+Whea7UyXSiAcPl+UEWuE8zf1yVr0V4IxC+TDwuB riiiis@KosmoHP'
-  - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOl1iI6dXybz5OhwXFim8FW+KGCGY1Nyx8QMTQjoX1fU0SrBgD8UElq8TbnZjVwrjv1qu53HhHJlZDWr5LGoi9SbBhHEq+zTWzLQwBlUdTv9fkLRTcOENKRM7Y71U/bhPzoIJPF6CBln8X+0Ymvzc8JHh3CP9bJiIxk4cBkgxwL6j6q2Laf+rVLUwdEGN4+T6OsGXIVyF8+pCwa2XmgRf+WVuUj8PAB4SnMYcbH3bOd+twG1CIU89RqLRAxKEGaS9vsuUAHtXxfkyrYyxSeVw0HcyjCom+/K/S5VtdomkgMHTDZ6S6Ua+nlu8x6tY6K83Zgnq/GJZ0TxcA4PCRkwtR riiiis@3k3'
-
-# vim: set ts=2 sw=2 et:
diff --git a/roles/users/tasks/semi.yml b/roles/users/tasks/semi.yml
deleted file mode 100644
index 8c05bfb..0000000
--- a/roles/users/tasks/semi.yml
+++ /dev/null
@@ -1,16 +0,0 @@
----
-- name: semi
-  user:
-    comment: 'Troels Bang Jensen'
-    name: semi
-    shell: '/bin/bash'
-    uid: 2010
-    group: users
-    groups: '{{ user_groups }}'
-
-- name: semi - authorized_keys
-  authorized_key:
-    user: semi
-    key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqzAFehYCGZNUZkpARApPI4P/RjrL3qS8KniOyZOpL2YLE7WzzQWoLFhlmuKPygWqHBSPkZNm6JMi36fI5NurIk9GkLw8RnWhcqlA1miaD2wC3iQ2hoFOko2artgM7urZ2HCO0ILfjNzMdWvdBnQQWHudzUvPFNKmOuagp6GvEbs0X7kXi3X1+8lfCkRe0H6i4/RuHakUGQ9xipiIR5SoYdpnwHWlJp3trEM4WQtmQcxFkZZbW0yrujo2iqZ3MwWBkfA9PZG9BuooAWGZzUt/NxF5ImZISyaKG/DTlsEe+cEvjRmLYXZHKcgngC3zsQZAfoNjGXqlbsXbjont1u5p marvin@merlin'
-
-# vim: set ts=2 sw=2 et:
diff --git a/roles/users/tasks/signout.yml b/roles/users/tasks/signout.yml
deleted file mode 100644
index 631e3e4..0000000
--- a/roles/users/tasks/signout.yml
+++ /dev/null
@@ -1,18 +0,0 @@
----
-- name: signout
-  user:
-    comment: 'Dennis K Jensen'
-    name: signout
-    shell: '/bin/bash'
-    uid: 2024
-    group: users
-    groups: '{{ user_groups }}'
-
-- name: signout - authorized_keys
-  authorized_key:
-    user: signout
-    key: '{{ item }}'
-  with_items:
-  - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA7cxO8aWOEk5GL+clhJanzRaC9wJI2foWqiwfVKWoVzihPz05OaIqzeJO/ffz11PeJCkuEH/lJXWtyRCmHDDOwkHZVEMT1Sfw73k0a8yGJh6w+IyaVFlL5cbZ9BTkxATr5JakU8dygJqcelg+kbMcFVUuRylla1sIOgrnDBWLVQK3DvAaPptseNy5tYT2gNRuZLgwWQHOXTMdnp5dV0Bwdimnd8iRvQq/I7PQYKfPKrBFnv9ccjNtK+BByh+nZcKkXmbTjniExwXFbbiECEHf+p+19LcA8oJyKJQUv1VgN0w0qrAijMF+Y+pHswMohb6sT1VfloOPD2viPEcuEDeYil+8106MLnMJzYrOvpotYatCqLAekiN2NpH6Ld4pJbhLdK9FiJreRDT82NgFXUIvPoROFBi04F5L4sNEoiCPXGE/Vb4m5M7u+UBwKtNaoz7JS2Y6XiBVQNXGM63Qgev9E3RKaU5Xi9I6ZoIqK6wbXIPkb6GwPeUD9jm0NlwCQopSz2RDgzrQGRnebEB5pdGKJQ3Xpds+7+jka5rMP2zcRIbhhornz4IiMqnuu91M8URtiTfz7D11lV7ipuwNWhT+ao4hapZGlbN6ToORCsQkPDQw5HGmQZLj/BKMwLGcP0iDtm3pX6dUsXshqvoCGIX8z1HizOhDusVZmnbXvIuzgjM= sign@work-x200s'
-  - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZQFV1lnkbpxGLb8vzatymPoQBQ8J8CRBdBV4IvmMevGTWBAlOvlr9tIKntkl+GS7lP71i7df7EGD2Oiwgv+3L+gdyTmReo9gl8h2z/uh1AUtL27PK6BMP7SXzv7tqQbO69saSBpljCbuiYWbO6T1lOT6KQMRUkqDfIUYHsK+IktXvvaFWJfRrCZ2B98lg18srWcz1AO4GJjoZtzNhy2KUFnQsp3gPCRdXI1PJMVuvhL997aa2vaCXhPPIIwXh8HhmV3mlNCx6oP1cNoMzsymloKqvX0v3hbsp+kPQXRLIt7d5sxjgb2C3E9DVNAOPHO4CJA9G24IFEq2/ZMvNO/3c56ZROW/KuIDFeUez1iJ8uu81TtQ0TU3t+35LOIyv47jkt6zjaj3CciAZGiJHvafyblSWk7+UDRSzkwtyc2X+XIWQG0LSKxhsXYB3FHMSqmMuRJViN/kAVIkCJU0WuEdhZqswjzfSgR9COoroGQGsbM7kXCk+U7ekXcxNP5ttgv8p4qamS9u6w8WIMvLJK5cOU4OIVtsPsFmk2ot6zQYEQTnRCiqscsPMLLFsapnvydLJ8TtDjhWtFzQ4tD8XkN9+/fxd8G45qk8R921Y7Ftb6qhphIXW/vCH6n/+hN920nj1S/AnWiVPTrBW0tRlI6sUfLkJKyI+Nld/yBPwb+PMmw== foldefrugt'
-  - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEp2eFWf9qOwyqNioVeQC2gMS4fOg1CxKuky78dDhdaa SiGNOUT-T470s'
diff --git a/roles/users/templates/authorized_keys.j2 b/roles/users/templates/authorized_keys.j2
new file mode 100644
index 0000000..33a30f2
--- /dev/null
+++ b/roles/users/templates/authorized_keys.j2
@@ -0,0 +1,3 @@
+{% for key in userdata[item].authorized_keys %}
+{{ key }}
+{% endfor %}
author	Emil Renner Berthing <esmil@labitat.dk>	2019-01-13 20:07:50 +0100
committer	Emil Renner Berthing <esmil@labitat.dk>	2019-01-13 21:30:45 +0100
commit	bbced59f27d07563734cd0b3cb3da5e4e77634ae (patch)
tree	500a7735c9700a97adaa4ae381a4ebaf65a7c2f5 /roles
parent	47611fb28c90050bce9c6a1f25722b9f96523b64 (diff)
download	labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.gz labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.xz labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.zip