From bbced59f27d07563734cd0b3cb3da5e4e77634ae Mon Sep 17 00:00:00 2001 From: Emil Renner Berthing Date: Sun, 13 Jan 2019 20:07:50 +0100 Subject: users: add more flexible user management Now user data is in roles/users/defaults/main.yml and each server should have a hash like this users: 'foo': sudo 'bar': true 'baz': false #'qux': false This means the user foo will be created with sudo access, the user bar will be created without sudo access, while baz and qux will be removed. --- roles/users/tasks/ast.yml | 16 ---------- roles/users/tasks/esmil.yml | 18 ----------- roles/users/tasks/flummer.yml | 16 ---------- roles/users/tasks/k2OS.yml | 17 ---------- roles/users/tasks/knielsen.yml | 16 ---------- roles/users/tasks/main.yml | 71 +++++++++++++++++++++++++++++------------- roles/users/tasks/riiiis.yml | 19 ----------- roles/users/tasks/semi.yml | 16 ---------- roles/users/tasks/signout.yml | 18 ----------- 9 files changed, 49 insertions(+), 158 deletions(-) delete mode 100644 roles/users/tasks/ast.yml delete mode 100644 roles/users/tasks/flummer.yml delete mode 100644 roles/users/tasks/k2OS.yml delete mode 100644 roles/users/tasks/knielsen.yml delete mode 100644 roles/users/tasks/riiiis.yml delete mode 100644 roles/users/tasks/semi.yml delete mode 100644 roles/users/tasks/signout.yml (limited to 'roles/users/tasks') diff --git a/roles/users/tasks/ast.yml b/roles/users/tasks/ast.yml deleted file mode 100644 index 7f0c6f4..0000000 --- a/roles/users/tasks/ast.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: ast - user: - comment: 'Asbjørn Sloth Tønnesen' - name: ast - shell: '/bin/bash' - uid: 2001 - group: users - groups: '{{ user_groups }}' - -- name: ast - authorized_keys - authorized_key: - user: ast - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyLX2AICoAhOSOnZth9PMlxqgPrw//J2wMtcHQUppqSjHGFkxIkOWnMUwbSZo/kFj2J8e8GJ7xwmC3tTblmJl+Ba1R77SEETJQpM1/TgWcCK5L7KpK/XP7yTCPMds1vczjgIIMA+DS9iuNQkqLSA5B6gdGfbfuPsMB/W8L2gqkVFMiE3zcrxGLwaPPW7fo9rA2Z7tMEZMFy9SB0u3mqY5aoBiI9P5U3rgn96SO8cs/JVnf99RfkJQWmBamZIH3vqwvC3uG+QgB0cQ9Sy9/I4Q75YQKnGPS+ySQVvo3nY9KpULAbHoVZyu3CtzDfXYOxgUXhJ/GerZZUbyHkrndhXteQ== asbjorn@asbjorn.it' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/esmil.yml b/roles/users/tasks/esmil.yml index 7785468..3bd4966 100644 --- a/roles/users/tasks/esmil.yml +++ b/roles/users/tasks/esmil.yml @@ -1,22 +1,4 @@ --- -- name: esmil - user: - comment: 'Emil Renner Berthing' - name: esmil - shell: '/bin/bash' - uid: 2000 - group: users - groups: '{{ user_groups }}' - password: '$6$1RwgF85UfHCIPzNd$Ow9pn9muQ2raoB0andBcrDkB9UqqmXylqWVXDsxgFqhHc5uNk7MZdhtGnz9P5UOSwadEpHkSG0VrP9eOPM8nj0' - -- name: esmil - authorized_keys - authorized_key: - user: esmil - key: '{{ item }}' - with_items: - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUS/4G4YgI7LeJll8BUHCcdkCK3klSxzhqEY3X2df5+ esmil@stitch' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESZrJ5ystrdDYZok0jCJKePa2JUL+t2DrbkMWwNheeQ esmil@plastik2' - - name: esmil - copy dotfiles copy: dest: '~esmil/.{{ item }}' diff --git a/roles/users/tasks/flummer.yml b/roles/users/tasks/flummer.yml deleted file mode 100644 index 96b737d..0000000 --- a/roles/users/tasks/flummer.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: flummer - user: - comment: 'Thomas Flummer' - name: flummer - shell: '/bin/bash' - uid: 2002 - group: users - groups: '{{ user_groups }}' - -- name: flummer - authorized_keys - authorized_key: - user: flummer - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0QPLM0CyCr5tqdIeftC4kgmoGOE0EvOoZOZXrJqx2lRJfOh+eK/IjQv3K/MyqPhcHc6swcTfv5LpdgmxxhJmruXTX9OnDp5kyuoYknvD601WwfZATK7tqH3t9okIoW0qobb1jjciCkcNo0mtJ+BJ2HvoELAB0BASQy7EliLuFV6SImWV5nZ5kGaAs8lzS/Wl1c3FJT9OKaHgyYgkHMjH2FuFmQJQ1g+NKBx9BU7XQCddxY5U/s5EO5R6e2tZjxdeRu0v4k5FtUjryaj0zLh6JQteDNQpMr+4JKyfoT2b3TjJSNkd1k338V49CjZkCnt8qi+q4ahyzJVT0aCxSHT4+w== tf@labitat.dk' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/k2OS.yml b/roles/users/tasks/k2OS.yml deleted file mode 100644 index c53a5ad..0000000 --- a/roles/users/tasks/k2OS.yml +++ /dev/null @@ -1,17 +0,0 @@ ---- -- name: k2OS - user: - comment: 'René Mikkelsen' - name: k2OS - shell: '/bin/bash' - uid: 2005 - group: users - groups: '{{ user_groups }}' - -- name: k2OS - authorized_keys - authorized_key: - user: k2OS - key: '{{ item }}' - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAqmvJAMyY117n638/rYw6EtDSY+iHG5xbg/pO932T/0D9X1MVmEnQyOa3597ufBSTUs1GdKtG2N0lyRq91OBS9JN4E+4Hm1t3UgH7/EKbun1Qb0HQMKsI4AR1onsFBeSCkZiijbg9lf7SL6+Ea0cYoXqy3uCWj/Q1PXq+3WlnlLnl9tFhytwuInuTmQvYpHwGgiEs1hIJWjBCbLPMyWbU7LOE6VzXQTbXCJz8FuraX5noiubpii74nHtUzM466ED3JUnf3TPWG8uGitJ7bT2/ZOQ5W83wUC0Xc80Gai3ilRXapQReE7oybePyXkVhP5odBiCu36iqyEgGol8Sb6+S7Q== rene@gw' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC46lbGFV/7kM4w1C1dLfnIAAanX+IV9vDHw3D8uzEGmwWV0XL8e5rdv1RpKZKHpkAgBcD1m2Y1jVDj1R8QdbGZNSDUoP8z3dMemBDJkqunJjTPIPPeyQFprk/hVkJ4pK0Y+w1lKJquIVDkhQYIQCzuxZraAAq4AgVT3L5ft9WuJm3Apk1w+GESK0oQCZNDOhT8MblqiR+JZBUo2gd68jxr9+Wq3ekE7I/N3sO9HFeze4axcTQKcTs39Oi+RYNKJh44sAdxeo2HUX0IYasyxEr2z8H3BmMn1R/Fxwzj2seLYFu1U21UDZdqN+AfgpEabox0HOKvrNDNBGTC5KwWgWBB rene@denada.dk' diff --git a/roles/users/tasks/knielsen.yml b/roles/users/tasks/knielsen.yml deleted file mode 100644 index 6ba4f75..0000000 --- a/roles/users/tasks/knielsen.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: knielsen - user: - comment: 'Kristian Nielsen' - name: knielsen - shell: '/bin/bash' - uid: 2004 - group: users - groups: '{{ user_groups }}' - -- name: knielsen - authorized_keys - authorized_key: - user: knielsen - key: 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUAYFshLA2BvcTrKjW90lDjIQkCJ16+uIjfKqB0HDk/ knielsen@urd' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index cf21626..23a4945 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -3,37 +3,64 @@ tags: - users - root -- import_tasks: esmil.yml - tags: - - users - - esmil -- import_tasks: ast.yml - tags: - - users - - ast -- import_tasks: flummer.yml - tags: - - users - - flummer -- import_tasks: riiiis.yml + +- name: Create users + user: + name: '{{ item }}' + state: present + comment: '{{ userdata[item].name }}' + shell: "{{ ('shell' in userdata[item])|ternary(userdata[item].shell,'/bin/bash') }}" + uid: '{{ userdata[item].uid }}' + group: users + groups: "{{ (users[item] == 'sudo')|ternary([sudo_group],[]) }}" + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' tags: - users - - riiiis -- import_tasks: knielsen.yml + +- name: Create .ssh directories + file: + path: '~{{ item }}/.ssh' + state: directory + owner: '{{ item }}' + group: users + mode: 0700 + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + when: "'authorized_keys' in userdata[item]" tags: - users - - knielsen -- import_tasks: k2OS.yml + +- name: Create authorized_keys + template: + dest: '~{{ item }}/.ssh/authorized_keys' + src: authorized_keys.j2 + owner: '{{ item }}' + group: users + mode: 0600 + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + when: "'authorized_keys' in userdata[item]" tags: - users - - k2OS -- import_tasks: signout.yml + +- name: Include user tasks + include_tasks: + file: '{{ user }}.yml' + apply: + tags: + - users + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + loop_control: + loop_var: user + when: "'tasks' in userdata[user] and userdata[user].tasks" tags: - users - - signout -- import_tasks: semi.yml + +- name: Remove users + user: + name: '{{ item }}' + state: absent + remove: yes + with_items: '{{ userdata|dictsort()|map(attribute=0)|difference(users|dictsort()|selectattr(1)|map(attribute=0))|list }}' tags: - users - - semi # vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/riiiis.yml b/roles/users/tasks/riiiis.yml deleted file mode 100644 index b5e0437..0000000 --- a/roles/users/tasks/riiiis.yml +++ /dev/null @@ -1,19 +0,0 @@ ---- -- name: riiiis - user: - comment: 'Christian Riis' - name: riiiis - shell: '/bin/bash' - uid: 2003 - group: users - groups: '{{ user_groups }}' - -- name: riiiis - authorized_keys - authorized_key: - user: riiiis - key: '{{ item }}' - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDA/44Ucz9o402vT+aqlQGM37cIagF+lo7tVEvSbksuNC1DgUCTXHzhLG3STx2SdTbL+toGe9p7z/lW5xysPcS01heFt+XzbJbEVTHfXmng0NgIxZPactgJJ0ulCoGe+ehefnVgTFnidTxkm1MngeJbYqlNP5nf6RgygB+yM4P4GGtl2Sa/D/oWuQB7CIvtRrLGl96ON31AwWfVmXRsNT/rqmuMmqvJpR+ZaONfbN3JVYu7J1aHpkIRAN+5LsaSueZTTrmIxI3oGzuIrqegjsf9DxeVnjg6ZppKFSrWKMTx90Ao+Whea7UyXSiAcPl+UEWuE8zf1yVr0V4IxC+TDwuB riiiis@KosmoHP' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDOl1iI6dXybz5OhwXFim8FW+KGCGY1Nyx8QMTQjoX1fU0SrBgD8UElq8TbnZjVwrjv1qu53HhHJlZDWr5LGoi9SbBhHEq+zTWzLQwBlUdTv9fkLRTcOENKRM7Y71U/bhPzoIJPF6CBln8X+0Ymvzc8JHh3CP9bJiIxk4cBkgxwL6j6q2Laf+rVLUwdEGN4+T6OsGXIVyF8+pCwa2XmgRf+WVuUj8PAB4SnMYcbH3bOd+twG1CIU89RqLRAxKEGaS9vsuUAHtXxfkyrYyxSeVw0HcyjCom+/K/S5VtdomkgMHTDZ6S6Ua+nlu8x6tY6K83Zgnq/GJZ0TxcA4PCRkwtR riiiis@3k3' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/semi.yml b/roles/users/tasks/semi.yml deleted file mode 100644 index 8c05bfb..0000000 --- a/roles/users/tasks/semi.yml +++ /dev/null @@ -1,16 +0,0 @@ ---- -- name: semi - user: - comment: 'Troels Bang Jensen' - name: semi - shell: '/bin/bash' - uid: 2010 - group: users - groups: '{{ user_groups }}' - -- name: semi - authorized_keys - authorized_key: - user: semi - key: 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUqzAFehYCGZNUZkpARApPI4P/RjrL3qS8KniOyZOpL2YLE7WzzQWoLFhlmuKPygWqHBSPkZNm6JMi36fI5NurIk9GkLw8RnWhcqlA1miaD2wC3iQ2hoFOko2artgM7urZ2HCO0ILfjNzMdWvdBnQQWHudzUvPFNKmOuagp6GvEbs0X7kXi3X1+8lfCkRe0H6i4/RuHakUGQ9xipiIR5SoYdpnwHWlJp3trEM4WQtmQcxFkZZbW0yrujo2iqZ3MwWBkfA9PZG9BuooAWGZzUt/NxF5ImZISyaKG/DTlsEe+cEvjRmLYXZHKcgngC3zsQZAfoNjGXqlbsXbjont1u5p marvin@merlin' - -# vim: set ts=2 sw=2 et: diff --git a/roles/users/tasks/signout.yml b/roles/users/tasks/signout.yml deleted file mode 100644 index 631e3e4..0000000 --- a/roles/users/tasks/signout.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -- name: signout - user: - comment: 'Dennis K Jensen' - name: signout - shell: '/bin/bash' - uid: 2024 - group: users - groups: '{{ user_groups }}' - -- name: signout - authorized_keys - authorized_key: - user: signout - key: '{{ item }}' - with_items: - - 'ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAgEA7cxO8aWOEk5GL+clhJanzRaC9wJI2foWqiwfVKWoVzihPz05OaIqzeJO/ffz11PeJCkuEH/lJXWtyRCmHDDOwkHZVEMT1Sfw73k0a8yGJh6w+IyaVFlL5cbZ9BTkxATr5JakU8dygJqcelg+kbMcFVUuRylla1sIOgrnDBWLVQK3DvAaPptseNy5tYT2gNRuZLgwWQHOXTMdnp5dV0Bwdimnd8iRvQq/I7PQYKfPKrBFnv9ccjNtK+BByh+nZcKkXmbTjniExwXFbbiECEHf+p+19LcA8oJyKJQUv1VgN0w0qrAijMF+Y+pHswMohb6sT1VfloOPD2viPEcuEDeYil+8106MLnMJzYrOvpotYatCqLAekiN2NpH6Ld4pJbhLdK9FiJreRDT82NgFXUIvPoROFBi04F5L4sNEoiCPXGE/Vb4m5M7u+UBwKtNaoz7JS2Y6XiBVQNXGM63Qgev9E3RKaU5Xi9I6ZoIqK6wbXIPkb6GwPeUD9jm0NlwCQopSz2RDgzrQGRnebEB5pdGKJQ3Xpds+7+jka5rMP2zcRIbhhornz4IiMqnuu91M8URtiTfz7D11lV7ipuwNWhT+ao4hapZGlbN6ToORCsQkPDQw5HGmQZLj/BKMwLGcP0iDtm3pX6dUsXshqvoCGIX8z1HizOhDusVZmnbXvIuzgjM= sign@work-x200s' - - 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCZQFV1lnkbpxGLb8vzatymPoQBQ8J8CRBdBV4IvmMevGTWBAlOvlr9tIKntkl+GS7lP71i7df7EGD2Oiwgv+3L+gdyTmReo9gl8h2z/uh1AUtL27PK6BMP7SXzv7tqQbO69saSBpljCbuiYWbO6T1lOT6KQMRUkqDfIUYHsK+IktXvvaFWJfRrCZ2B98lg18srWcz1AO4GJjoZtzNhy2KUFnQsp3gPCRdXI1PJMVuvhL997aa2vaCXhPPIIwXh8HhmV3mlNCx6oP1cNoMzsymloKqvX0v3hbsp+kPQXRLIt7d5sxjgb2C3E9DVNAOPHO4CJA9G24IFEq2/ZMvNO/3c56ZROW/KuIDFeUez1iJ8uu81TtQ0TU3t+35LOIyv47jkt6zjaj3CciAZGiJHvafyblSWk7+UDRSzkwtyc2X+XIWQG0LSKxhsXYB3FHMSqmMuRJViN/kAVIkCJU0WuEdhZqswjzfSgR9COoroGQGsbM7kXCk+U7ekXcxNP5ttgv8p4qamS9u6w8WIMvLJK5cOU4OIVtsPsFmk2ot6zQYEQTnRCiqscsPMLLFsapnvydLJ8TtDjhWtFzQ4tD8XkN9+/fxd8G45qk8R921Y7Ftb6qhphIXW/vCH6n/+hN920nj1S/AnWiVPTrBW0tRlI6sUfLkJKyI+Nld/yBPwb+PMmw== foldefrugt' - - 'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEp2eFWf9qOwyqNioVeQC2gMS4fOg1CxKuky78dDhdaa SiGNOUT-T470s' -- cgit v1.2.1