diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2019-01-13 20:07:50 +0100 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2019-01-13 21:30:45 +0100 |
commit | bbced59f27d07563734cd0b3cb3da5e4e77634ae (patch) | |
tree | 500a7735c9700a97adaa4ae381a4ebaf65a7c2f5 /roles | |
parent | 47611fb28c90050bce9c6a1f25722b9f96523b64 (diff) | |
download | labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.gz labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.xz labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.zip |
users: add more flexible user management
Now user data is in roles/users/defaults/main.yml
and each server should have a hash like this
users:
'foo': sudo
'bar': true
'baz': false
#'qux': false
This means the user foo will be created with sudo
access, the user bar will be created without sudo
access, while baz and qux will be removed.
Diffstat (limited to 'roles')
-rw-r--r-- | roles/jumbotron/vars/main.yml | 5 | ||||
-rw-r--r-- | roles/space_server/vars/main.yml | 10 | ||||
-rw-r--r-- | roles/users/defaults/main.yml | 61 | ||||
-rw-r--r-- | roles/users/tasks/ast.yml | 16 | ||||
-rw-r--r-- | roles/users/tasks/esmil.yml | 18 | ||||
-rw-r--r-- | roles/users/tasks/flummer.yml | 16 | ||||
-rw-r--r-- | roles/users/tasks/k2OS.yml | 17 | ||||
-rw-r--r-- | roles/users/tasks/knielsen.yml | 16 | ||||
-rw-r--r-- | roles/users/tasks/main.yml | 71 | ||||
-rw-r--r-- | roles/users/tasks/riiiis.yml | 19 | ||||
-rw-r--r-- | roles/users/tasks/semi.yml | 16 | ||||
-rw-r--r-- | roles/users/tasks/signout.yml | 18 | ||||
-rw-r--r-- | roles/users/templates/authorized_keys.j2 | 3 |
13 files changed, 126 insertions, 160 deletions
diff --git a/roles/jumbotron/vars/main.yml b/roles/jumbotron/vars/main.yml index f1a105d..8a817da 100644 --- a/roles/jumbotron/vars/main.yml +++ b/roles/jumbotron/vars/main.yml @@ -25,4 +25,9 @@ apt_packages: 'libjson-perl': present 'libwww-perl': present +users: + 'esmil': sudo + 'riiiis': sudo + 'knielsen': sudo + # vim: set ts=2 sw=2 et: diff --git a/roles/space_server/vars/main.yml b/roles/space_server/vars/main.yml index b208c34..e455e1b 100644 --- a/roles/space_server/vars/main.yml +++ b/roles/space_server/vars/main.yml @@ -42,6 +42,16 @@ dnf_packages: 'avahi-tools': present # pulls in avahi package 'nss-mdns': present +users: + 'esmil': sudo + 'ast': sudo + 'flummer': sudo + 'riiiis': sudo + 'knielsen': sudo + 'k2OS': true + 'semi': true + 'signout': sudo + boot: device: 'LABEL=BOOT' options: 'noauto,noatime,iocharset=iso8859-15,utf8,tz=UTC,dmask=0022,fmask=0133,x-systemd.automount,x-systemd.device-timeout=5min,x-systemd.idle-timeout=5min' diff --git a/roles/users/defaults/main.yml b/roles/users/defaults/main.yml index b7d58a5..9af1b4d 100644 --- a/roles/users/defaults/main.yml +++ b/roles/users/defaults/main.yml @@ -1,5 +1,62 @@ --- -user_groups: -- '{{ sudo_group }}' +userdata: + 'esmil': + name: 'Emil Renner Berthing' + uid: 2000 + tasks: true + password: '$6$1RwgF85UfHCIPzNd$Ow9pn9muQ2raoB0andBcrDkB9UqqmXylqWVXDsxgFqhHc5uNk7MZdhtGnz9P5UOSwadEpHkSG0VrP9eOPM8nj0' + authorized_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUS/4G4YgI7LeJll8BUHCcdkCK3klSxzhqEY3X2df5+ esmil@stitch' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESZrJ5ystrdDYZok0jCJKePa2JUL+t2DrbkMWwNheeQ esmil@plastik2' + + 'ast': + name: 'Asbjørn Sloth Tønnesen' + uid: 2001 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyLX2AICoAhOSOnZth9PMlxqgPrw//J2wMtcHQUppqSjHGFkxIkOWnMUwbSZo/kFj2J8e8GJ7xwmC3tTblmJl+Ba1R77SEETJQpM1/TgWcCK5L7KpK/XP7yTCPMds1vczjgIIMA+DS9iuNQkqLSA5B6gdGfbfuPsMB/W8L2gqkVFMiE3zcrxGLwaPPW7fo9rA2Z7tMEZMFy9SB0u3mqY5aoBiI9P5U3rgn96SO8cs/JVnf99RfkJQWmBamZIH3vqwvC3uG+QgB0cQ9Sy9/I4Q75YQKnGPS+ySQVvo3nY9KpULAbHoVZyu3CtzDfXYOxgUXhJ/GerZZUbyHkrndhXteQ== asbjorn@asbjorn.it' + + 'flummer': + name: 'Thomas Flummer' + uid: 2002 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0QPLM0CyCr5tqdIeftC4kgmoGOE0EvOoZOZXrJqx2lRJfOh+eK/IjQv3K/MyqPhcHc6swcTfv5LpdgmxxhJmruXTX9OnDp5kyuoYknvD601WwfZATK7tqH3t9okIoW0qobb1jjciCkcNo0mtJ+BJ2HvoELAB0BASQy7EliLuFV6SImWV5nZ5kGaAs8lzS/Wl1c3FJT9OKaHgyYgkHMjH2FuFmQJQ1g+NKBx9BU7XQCddxY5U/s5EO5R6e2tZjxdeRu0v4k5FtUjryaj0zLh6JQteDNQpMr+4JKyfoT2b3TjJSNkd1k338V49CjZkCnt8qi+q4ahyzJVT0aCxSHT4+w== tf@labitat.dk' + + 'riiiis': + name: 'Christian Riis' + uid: 2003 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA/44Ucz9o402vT+aqlQGM37cIagF+lo7tVEvSbksuNC1DgUCTXHzhLG3STx2SdTbL+toGe9p7z/lW5xysPcS01heFt+XzbJbEVTHfXmng0NgIxZPactgJJ0ulCoGe+ehefnVgTFnidTxkm1MngeJbYqlNP5nf6RgygB+yM4P4GGtl2Sa/D/oWuQB7CIvtRrLGl96ON31AwWfVmXRsNT/rqmuMmqvJpR+ZaONfbN3JVYu7J1aHpkIRAN+5LsaSueZTTrmIxI3oGzuIrqegjsf9DxeVnjg6ZppKFSrWKMTx90Ao+Whea7UyXSiAcPl+UEWuE8zf1yVr0V4IxC+TDwuB riiiis@KosmoHP' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOl1iI6dXybz5OhwXFim8FW+KGCGY1Nyx8QMTQjoX1fU0SrBgD8UElq8TbnZjVwrjv1qu53HhHJlZDWr5LGoi9SbBhHEq+zTWzLQwBlUdTv9fkLRTcOENKRM7Y71U/bhPzoIJPF6CBln8X+0Ymvzc8JHh3CP9bJiIxk4cBkgxwL6j6q2Laf+rVLUwdEGN4+T6OsGXIVyF8+pCwa2XmgRf+WVuUj8PAB4SnMYcbH3bOd+twG1CIU89RqLRAxKEGaS9vsuUAHtXxfkyrYyxSeVw0HcyjCom+/K/S5VtdomkgMHTDZ6S6Ua+nlu8x6tY6K83Zgnq/GJZ0TxcA4PCRkwtR riiiis@3k3' + + 'knielsen': + name: 'Kristian Nielsen' + uid: 2004 + authorized_keys: + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUAYFshLA2BvcTrKjW90lDjIQkCJ16+uIjfKqB0HDk/ knielsen@urd' + + 'k2OS': + name: 'René Mikkelsen' + uid: 2005 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmvJAMyY117n638/rYw6EtDSY+iHG5xbg/pO932T/0D9X1MVmEnQyOa3597ufBSTUs1GdKtG2N0lyRq91OBS9JN4E+4Hm1t3UgH7/EKbun1Qb0HQMKsI4AR1onsFBeSCkZiijbg9lf7SL6+Ea0cYoXqy3uCWj/Q1PXq+3WlnlLnl9tFhytwuInuTmQvYpHwGgiEs1hIJWjBCbLPMyWbU7LOE6VzXQTbXCJz8FuraX5noiubpii74nHtUzM466ED3JUnf3TPWG8uGitJ7bT2/ZOQ5W83wUC0Xc80Gai3ilRXapQReE7oybePyXkVhP5odBiCu36iqyEgGol8Sb6+S7Q== rene@gw' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC46lbGFV/7kM4w1C1dLfnIAAanX+IV9vDHw3D8uzEGmwWV0XL8e5rdv1RpKZKHpkAgBcD1m2Y1jVDj1R8QdbGZNSDUoP8z3dMemBDJkqunJjTPIPPeyQFprk/hVkJ4pK0Y+w1lKJquIVDkhQYIQCzuxZraAAq4AgVT3L5ft9WuJm3Apk1w+GESK0oQCZNDOhT8MblqiR+JZBUo2gd68jxr9+Wq3ekE7I/N3sO9HFeze4axcTQKcTs39Oi+RYNKJh44sAdxeo2HUX0IYasyxEr2z8H3BmMn1R/Fxwzj2seLYFu1U21UDZdqN+AfgpEabox0HOKvrNDNBGTC5KwWgWBB rene@denada.dk' + + 'semi': + name: 'Troels Bang Jensen' + uid: 2010 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqzAFehYCGZNUZkpARApPI4P/RjrL3qS8KniOyZOpL2YLE7WzzQWoLFhlmuKPygWqHBSPkZNm6JMi36fI5NurIk9GkLw8RnWhcqlA1miaD2wC3iQ2hoFOko2artgM7urZ2HCO0ILfjNzMdWvdBnQQWHudzUvPFNKmOuagp6GvEbs0X7kXi3X1+8lfCkRe0H6i4/RuHakUGQ9xipiIR5SoYdpnwHWlJp3trEM4WQtmQcxFkZZbW0yrujo2iqZ3MwWBkfA9PZG9BuooAWGZzUt/NxF5ImZISyaKG/DTlsEe+cEvjRmLYXZHKcgngC3zsQZAfoNjGXqlbsXbjont1u5p marvin@merlin' + + 'signout': + name: 'Dennis K Jensen' + uid: 2024 + authorized_keys: + - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA7cxO8aWOEk5GL+clhJanzRaC9wJI2foWqiwfVKWoVzihPz05OaIqzeJO/ffz11PeJCkuEH/lJXWtyRCmHDDOwkHZVEMT1Sfw73k0a8yGJh6w+IyaVFlL5cbZ9BTkxATr5JakU8dygJqcelg+kbMcFVUuRylla1sIOgrnDBWLVQK3DvAaPptseNy5tYT2gNRuZLgwWQHOXTMdnp5dV0Bwdimnd8iRvQq/I7PQYKfPKrBFnv9ccjNtK+BByh+nZcKkXmbTjniExwXFbbiECEHf+p+19LcA8oJyKJQUv1VgN0w0qrAijMF+Y+pHswMohb6sT1VfloOPD2viPEcuEDeYil+8106MLnMJzYrOvpotYatCqLAekiN2NpH6Ld4pJbhLdK9FiJreRDT82NgFXUIvPoROFBi04F5L4sNEoiCPXGE/Vb4m5M7u+UBwKtNaoz7JS2Y6XiBVQNXGM63Qgev9E3RKaU5Xi9I6ZoIqK6wbXIPkb6GwPeUD9jm0NlwCQopSz2RDgzrQGRnebEB5pdGKJQ3Xpds+7+jka5rMP2zcRIbhhornz4IiMqnuu91M8URtiTfz7D11lV7ipuwNWhT+ao4hapZGlbN6ToORCsQkPDQw5HGmQZLj/BKMwLGcP0iDtm3pX6dUsXshqvoCGIX8z1HizOhDusVZmnbXvIuzgjM= sign@work-x200s' + - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZQFV1lnkbpxGLb8vzatymPoQBQ8J8CRBdBV4IvmMevGTWBAlOvlr9tIKntkl+GS7lP71i7df7EGD2Oiwgv+3L+gdyTmReo9gl8h2z/uh1AUtL27PK6BMP7SXzv7tqQbO69saSBpljCbuiYWbO6T1lOT6KQMRUkqDfIUYHsK+IktXvvaFWJfRrCZ2B98lg18srWcz1AO4GJjoZtzNhy2KUFnQsp3gPCRdXI1PJMVuvhL997aa2vaCXhPPIIwXh8HhmV3mlNCx6oP1cNoMzsymloKqvX0v3hbsp+kPQXRLIt7d5sxjgb2C3E9DVNAOPHO4CJA9G24IFEq2/ZMvNO/3c56ZROW/KuIDFeUez1iJ8uu81TtQ0TU3t+35LOIyv47jkt6zjaj3CciAZGiJHvafyblSWk7+UDRSzkwtyc2X+XIWQG0LSKxhsXYB3FHMSqmMuRJViN/kAVIkCJU0WuEdhZqswjzfSgR9COoroGQGsbM7kXCk+U7ekXcxNP5ttgv8p4qamS9u6w8WIMvLJK5cOU4OIVtsPsFmk2ot6zQYEQTnRCiqscsPMLLFsapnvydLJ8TtDjhWtFzQ4tD8XkN9+/fxd8G45qk8R921Y7Ftb6qhphIXW/vCH6n/+hN920nj1S/AnWiVPTrBW0tRlI6sUfLkJKyI+Nld/yBPwb+PMmw== foldefrugt' + - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEp2eFWf9qOwyqNioVeQC2gMS4fOg1CxKuky78dDhdaa SiGNOUT-T470s' + + 'jobbe': {} + +users: {} # vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/ast.yml b/roles/users/tasks/ast.yml deleted file mode 100644 index 7f0c6f4..0000000 --- a/roles/users/tasks/ast.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: ast - user: - comment: 'Asbjørn Sloth Tønnesen' - name: ast - shell: '/bin/bash' - uid: 2001 - group: users - groups: '{{ user_groups }}' - -- name: ast - authorized_keys - authorized_key: - user: ast - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyLX2AICoAhOSOnZth9PMlxqgPrw//J2wMtcHQUppqSjHGFkxIkOWnMUwbSZo/kFj2J8e8GJ7xwmC3tTblmJl+Ba1R77SEETJQpM1/TgWcCK5L7KpK/XP7yTCPMds1vczjgIIMA+DS9iuNQkqLSA5B6gdGfbfuPsMB/W8L2gqkVFMiE3zcrxGLwaPPW7fo9rA2Z7tMEZMFy9SB0u3mqY5aoBiI9P5U3rgn96SO8cs/JVnf99RfkJQWmBamZIH3vqwvC3uG+QgB0cQ9Sy9/I4Q75YQKnGPS+ySQVvo3nY9KpULAbHoVZyu3CtzDfXYOxgUXhJ/GerZZUbyHkrndhXteQ== asbjorn@asbjorn.it' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/esmil.yml b/roles/users/tasks/esmil.yml index 7785468..3bd4966 100644 --- a/roles/users/tasks/esmil.yml +++ b/roles/users/tasks/esmil.yml @@ -1,22 +1,4 @@ --- -- name: esmil - user: - comment: 'Emil Renner Berthing' - name: esmil - shell: '/bin/bash' - uid: 2000 - group: users - groups: '{{ user_groups }}' - password: '$6$1RwgF85UfHCIPzNd$Ow9pn9muQ2raoB0andBcrDkB9UqqmXylqWVXDsxgFqhHc5uNk7MZdhtGnz9P5UOSwadEpHkSG0VrP9eOPM8nj0' - -- name: esmil - authorized_keys - authorized_key: - user: esmil - key: '{{ item }}' - with_items: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUS/4G4YgI7LeJll8BUHCcdkCK3klSxzhqEY3X2df5+ esmil@stitch' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESZrJ5ystrdDYZok0jCJKePa2JUL+t2DrbkMWwNheeQ esmil@plastik2' - - name: esmil - copy dotfiles copy: dest: '~esmil/.{{ item }}' diff --git a/roles/users/tasks/flummer.yml b/roles/users/tasks/flummer.yml deleted file mode 100644 index 96b737d..0000000 --- a/roles/users/tasks/flummer.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: flummer - user: - comment: 'Thomas Flummer' - name: flummer - shell: '/bin/bash' - uid: 2002 - group: users - groups: '{{ user_groups }}' - -- name: flummer - authorized_keys - authorized_key: - user: flummer - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0QPLM0CyCr5tqdIeftC4kgmoGOE0EvOoZOZXrJqx2lRJfOh+eK/IjQv3K/MyqPhcHc6swcTfv5LpdgmxxhJmruXTX9OnDp5kyuoYknvD601WwfZATK7tqH3t9okIoW0qobb1jjciCkcNo0mtJ+BJ2HvoELAB0BASQy7EliLuFV6SImWV5nZ5kGaAs8lzS/Wl1c3FJT9OKaHgyYgkHMjH2FuFmQJQ1g+NKBx9BU7XQCddxY5U/s5EO5R6e2tZjxdeRu0v4k5FtUjryaj0zLh6JQteDNQpMr+4JKyfoT2b3TjJSNkd1k338V49CjZkCnt8qi+q4ahyzJVT0aCxSHT4+w== tf@labitat.dk' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/k2OS.yml b/roles/users/tasks/k2OS.yml deleted file mode 100644 index c53a5ad..0000000 --- a/roles/users/tasks/k2OS.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: k2OS - user: - comment: 'René Mikkelsen' - name: k2OS - shell: '/bin/bash' - uid: 2005 - group: users - groups: '{{ user_groups }}' - -- name: k2OS - authorized_keys - authorized_key: - user: k2OS - key: '{{ item }}' - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmvJAMyY117n638/rYw6EtDSY+iHG5xbg/pO932T/0D9X1MVmEnQyOa3597ufBSTUs1GdKtG2N0lyRq91OBS9JN4E+4Hm1t3UgH7/EKbun1Qb0HQMKsI4AR1onsFBeSCkZiijbg9lf7SL6+Ea0cYoXqy3uCWj/Q1PXq+3WlnlLnl9tFhytwuInuTmQvYpHwGgiEs1hIJWjBCbLPMyWbU7LOE6VzXQTbXCJz8FuraX5noiubpii74nHtUzM466ED3JUnf3TPWG8uGitJ7bT2/ZOQ5W83wUC0Xc80Gai3ilRXapQReE7oybePyXkVhP5odBiCu36iqyEgGol8Sb6+S7Q== rene@gw' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC46lbGFV/7kM4w1C1dLfnIAAanX+IV9vDHw3D8uzEGmwWV0XL8e5rdv1RpKZKHpkAgBcD1m2Y1jVDj1R8QdbGZNSDUoP8z3dMemBDJkqunJjTPIPPeyQFprk/hVkJ4pK0Y+w1lKJquIVDkhQYIQCzuxZraAAq4AgVT3L5ft9WuJm3Apk1w+GESK0oQCZNDOhT8MblqiR+JZBUo2gd68jxr9+Wq3ekE7I/N3sO9HFeze4axcTQKcTs39Oi+RYNKJh44sAdxeo2HUX0IYasyxEr2z8H3BmMn1R/Fxwzj2seLYFu1U21UDZdqN+AfgpEabox0HOKvrNDNBGTC5KwWgWBB rene@denada.dk' diff --git a/roles/users/tasks/knielsen.yml b/roles/users/tasks/knielsen.yml deleted file mode 100644 index 6ba4f75..0000000 --- a/roles/users/tasks/knielsen.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: knielsen - user: - comment: 'Kristian Nielsen' - name: knielsen - shell: '/bin/bash' - uid: 2004 - group: users - groups: '{{ user_groups }}' - -- name: knielsen - authorized_keys - authorized_key: - user: knielsen - key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUAYFshLA2BvcTrKjW90lDjIQkCJ16+uIjfKqB0HDk/ knielsen@urd' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index cf21626..23a4945 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -3,37 +3,64 @@ tags: - users - root -- import_tasks: esmil.yml - tags: - - users - - esmil -- import_tasks: ast.yml - tags: - - users - - ast -- import_tasks: flummer.yml - tags: - - users - - flummer -- import_tasks: riiiis.yml + +- name: Create users + user: + name: '{{ item }}' + state: present + comment: '{{ userdata[item].name }}' + shell: "{{ ('shell' in userdata[item])|ternary(userdata[item].shell,'/bin/bash') }}" + uid: '{{ userdata[item].uid }}' + group: users + groups: "{{ (users[item] == 'sudo')|ternary([sudo_group],[]) }}" + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' tags: - users - - riiiis -- import_tasks: knielsen.yml + +- name: Create .ssh directories + file: + path: '~{{ item }}/.ssh' + state: directory + owner: '{{ item }}' + group: users + mode: 0700 + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + when: "'authorized_keys' in userdata[item]" tags: - users - - knielsen -- import_tasks: k2OS.yml + +- name: Create authorized_keys + template: + dest: '~{{ item }}/.ssh/authorized_keys' + src: authorized_keys.j2 + owner: '{{ item }}' + group: users + mode: 0600 + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + when: "'authorized_keys' in userdata[item]" tags: - users - - k2OS -- import_tasks: signout.yml + +- name: Include user tasks + include_tasks: + file: '{{ user }}.yml' + apply: + tags: + - users + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + loop_control: + loop_var: user + when: "'tasks' in userdata[user] and userdata[user].tasks" tags: - users - - signout -- import_tasks: semi.yml + +- name: Remove users + user: + name: '{{ item }}' + state: absent + remove: yes + with_items: '{{ userdata|dictsort()|map(attribute=0)|difference(users|dictsort()|selectattr(1)|map(attribute=0))|list }}' tags: - users - - semi # vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/riiiis.yml b/roles/users/tasks/riiiis.yml deleted file mode 100644 index b5e0437..0000000 --- a/roles/users/tasks/riiiis.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: riiiis - user: - comment: 'Christian Riis' - name: riiiis - shell: '/bin/bash' - uid: 2003 - group: users - groups: '{{ user_groups }}' - -- name: riiiis - authorized_keys - authorized_key: - user: riiiis - key: '{{ item }}' - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA/44Ucz9o402vT+aqlQGM37cIagF+lo7tVEvSbksuNC1DgUCTXHzhLG3STx2SdTbL+toGe9p7z/lW5xysPcS01heFt+XzbJbEVTHfXmng0NgIxZPactgJJ0ulCoGe+ehefnVgTFnidTxkm1MngeJbYqlNP5nf6RgygB+yM4P4GGtl2Sa/D/oWuQB7CIvtRrLGl96ON31AwWfVmXRsNT/rqmuMmqvJpR+ZaONfbN3JVYu7J1aHpkIRAN+5LsaSueZTTrmIxI3oGzuIrqegjsf9DxeVnjg6ZppKFSrWKMTx90Ao+Whea7UyXSiAcPl+UEWuE8zf1yVr0V4IxC+TDwuB riiiis@KosmoHP' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOl1iI6dXybz5OhwXFim8FW+KGCGY1Nyx8QMTQjoX1fU0SrBgD8UElq8TbnZjVwrjv1qu53HhHJlZDWr5LGoi9SbBhHEq+zTWzLQwBlUdTv9fkLRTcOENKRM7Y71U/bhPzoIJPF6CBln8X+0Ymvzc8JHh3CP9bJiIxk4cBkgxwL6j6q2Laf+rVLUwdEGN4+T6OsGXIVyF8+pCwa2XmgRf+WVuUj8PAB4SnMYcbH3bOd+twG1CIU89RqLRAxKEGaS9vsuUAHtXxfkyrYyxSeVw0HcyjCom+/K/S5VtdomkgMHTDZ6S6Ua+nlu8x6tY6K83Zgnq/GJZ0TxcA4PCRkwtR riiiis@3k3' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/semi.yml b/roles/users/tasks/semi.yml deleted file mode 100644 index 8c05bfb..0000000 --- a/roles/users/tasks/semi.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: semi - user: - comment: 'Troels Bang Jensen' - name: semi - shell: '/bin/bash' - uid: 2010 - group: users - groups: '{{ user_groups }}' - -- name: semi - authorized_keys - authorized_key: - user: semi - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqzAFehYCGZNUZkpARApPI4P/RjrL3qS8KniOyZOpL2YLE7WzzQWoLFhlmuKPygWqHBSPkZNm6JMi36fI5NurIk9GkLw8RnWhcqlA1miaD2wC3iQ2hoFOko2artgM7urZ2HCO0ILfjNzMdWvdBnQQWHudzUvPFNKmOuagp6GvEbs0X7kXi3X1+8lfCkRe0H6i4/RuHakUGQ9xipiIR5SoYdpnwHWlJp3trEM4WQtmQcxFkZZbW0yrujo2iqZ3MwWBkfA9PZG9BuooAWGZzUt/NxF5ImZISyaKG/DTlsEe+cEvjRmLYXZHKcgngC3zsQZAfoNjGXqlbsXbjont1u5p marvin@merlin' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/signout.yml b/roles/users/tasks/signout.yml deleted file mode 100644 index 631e3e4..0000000 --- a/roles/users/tasks/signout.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: signout - user: - comment: 'Dennis K Jensen' - name: signout - shell: '/bin/bash' - uid: 2024 - group: users - groups: '{{ user_groups }}' - -- name: signout - authorized_keys - authorized_key: - user: signout - key: '{{ item }}' - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA7cxO8aWOEk5GL+clhJanzRaC9wJI2foWqiwfVKWoVzihPz05OaIqzeJO/ffz11PeJCkuEH/lJXWtyRCmHDDOwkHZVEMT1Sfw73k0a8yGJh6w+IyaVFlL5cbZ9BTkxATr5JakU8dygJqcelg+kbMcFVUuRylla1sIOgrnDBWLVQK3DvAaPptseNy5tYT2gNRuZLgwWQHOXTMdnp5dV0Bwdimnd8iRvQq/I7PQYKfPKrBFnv9ccjNtK+BByh+nZcKkXmbTjniExwXFbbiECEHf+p+19LcA8oJyKJQUv1VgN0w0qrAijMF+Y+pHswMohb6sT1VfloOPD2viPEcuEDeYil+8106MLnMJzYrOvpotYatCqLAekiN2NpH6Ld4pJbhLdK9FiJreRDT82NgFXUIvPoROFBi04F5L4sNEoiCPXGE/Vb4m5M7u+UBwKtNaoz7JS2Y6XiBVQNXGM63Qgev9E3RKaU5Xi9I6ZoIqK6wbXIPkb6GwPeUD9jm0NlwCQopSz2RDgzrQGRnebEB5pdGKJQ3Xpds+7+jka5rMP2zcRIbhhornz4IiMqnuu91M8URtiTfz7D11lV7ipuwNWhT+ao4hapZGlbN6ToORCsQkPDQw5HGmQZLj/BKMwLGcP0iDtm3pX6dUsXshqvoCGIX8z1HizOhDusVZmnbXvIuzgjM= sign@work-x200s' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZQFV1lnkbpxGLb8vzatymPoQBQ8J8CRBdBV4IvmMevGTWBAlOvlr9tIKntkl+GS7lP71i7df7EGD2Oiwgv+3L+gdyTmReo9gl8h2z/uh1AUtL27PK6BMP7SXzv7tqQbO69saSBpljCbuiYWbO6T1lOT6KQMRUkqDfIUYHsK+IktXvvaFWJfRrCZ2B98lg18srWcz1AO4GJjoZtzNhy2KUFnQsp3gPCRdXI1PJMVuvhL997aa2vaCXhPPIIwXh8HhmV3mlNCx6oP1cNoMzsymloKqvX0v3hbsp+kPQXRLIt7d5sxjgb2C3E9DVNAOPHO4CJA9G24IFEq2/ZMvNO/3c56ZROW/KuIDFeUez1iJ8uu81TtQ0TU3t+35LOIyv47jkt6zjaj3CciAZGiJHvafyblSWk7+UDRSzkwtyc2X+XIWQG0LSKxhsXYB3FHMSqmMuRJViN/kAVIkCJU0WuEdhZqswjzfSgR9COoroGQGsbM7kXCk+U7ekXcxNP5ttgv8p4qamS9u6w8WIMvLJK5cOU4OIVtsPsFmk2ot6zQYEQTnRCiqscsPMLLFsapnvydLJ8TtDjhWtFzQ4tD8XkN9+/fxd8G45qk8R921Y7Ftb6qhphIXW/vCH6n/+hN920nj1S/AnWiVPTrBW0tRlI6sUfLkJKyI+Nld/yBPwb+PMmw== foldefrugt' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEp2eFWf9qOwyqNioVeQC2gMS4fOg1CxKuky78dDhdaa SiGNOUT-T470s' diff --git a/roles/users/templates/authorized_keys.j2 b/roles/users/templates/authorized_keys.j2 new file mode 100644 index 0000000..33a30f2 --- /dev/null +++ b/roles/users/templates/authorized_keys.j2 @@ -0,0 +1,3 @@ +{% for key in userdata[item].authorized_keys %} +{{ key }} +{% endfor %} |