diff --git a/defaults/main.yml b/defaults/main.yml new file mode 100644 index 0000000..5f42ede --- /dev/null +++ b/defaults/main.yml @@ -0,0 +1,4 @@ +--- +# defaults file for users + +users: [] diff --git a/meta/main.yml b/meta/main.yml index c58bebf..a5112df 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,7 +1,7 @@ galaxy_info: namespace: ykn author: pulsar89.5 - description: Rôle modèle + description: Rôle de déploiement des utilisateurs license: GPL-3.0-or-later diff --git a/tasks/configuration.yml b/tasks/configuration.yml new file mode 100644 index 0000000..4788628 --- /dev/null +++ b/tasks/configuration.yml @@ -0,0 +1,84 @@ +--- +# tasks file for users + +- name: Déployer la configuration de sudo + ansible.builtin.template: + src: sudoers.j2 + dest: /etc/sudoers.d/{{ user.name }} + owner: root + group: root + mode: u=rw,g=,o= + when: user.get('extras', {}).get('sudoers') + become: true + loop: "{{ users }}" + loop_control: + loop_var: user + label: "{{ user.name }}" + +- name: Déployer la configuration de bash + ansible.builtin.template: + src: bash_aliases.j2 + dest: "~{{ user.name }}/.bash_aliases" + owner: "{{ user.name }}" + group: "{{ user.group | default(user.name) }}" + mode: u=rw,g=,o= + become: true + loop: "{{ users }}" + loop_control: + loop_var: user + label: "{{ user.name }}" + +- name: Créer le dossier de configuration de SSH + ansible.builtin.file: + state: directory + path: "~{{ user.name }}/.ssh" + owner: "{{ user.name }}" + group: "{{ user.group | default(user.name) }}" + mode: u=rwX,g=rX,o=rX + become: true + loop: "{{ users }}" + loop_control: + loop_var: user + label: "{{ user.name }}" + +- name: Déployer la configuration de SSH + ansible.builtin.template: + src: ssh_config.j2 + dest: "~{{ user.name }}/.ssh/config" + owner: "{{ user.name }}" + group: "{{ user.group | default(user.name) }}" + mode: u=rw,g=r,o=r + when: user.get('extras', {}).get('ssh_config') + become: true + loop: "{{ users }}" + loop_control: + loop_var: user + label: "{{ user.name }}" + +- name: Déployer les clefs SSH privées + ansible.builtin.template: + src: id_ed25519.j2 + dest: "~{{ user.name }}/.ssh/id_ed25519" + owner: "{{ user.name }}" + group: "{{ user.group | default(user.name) }}" + mode: u=rw,g=,o= + when: user.get('extras', {}).get('id_ed25519') + become: true + loop: "{{ users }}" + loop_control: + loop_var: user + label: "{{ user.name }}" + +- name: Déployer les clefs SSH autorisées + ansible.builtin.template: + src: authorized_key.j2 + dest: "~{{ user.name }}/.ssh/authorized_keys" + owner: "{{ user.name }}" + group: "{{ user.group | default(user.name) }}" + mode: u=rw,g=r,o=r + when: user.get('extras', {}).get('authorized_keys') + become: true + loop: "{{ users }}" + loop_control: + loop_var: user + label: "{{ user.name }}" diff --git a/tasks/installation.yml b/tasks/installation.yml new file mode 100644 index 0000000..3435f74 --- /dev/null +++ b/tasks/installation.yml @@ -0,0 +1,34 @@ +--- +# tasks file for users + +- name: Créer un groupe au nom de l'utilisateur + ansible.builtin.group: + name: "{{ item.name }}" + when: user.group is undefined + become: true + loop: "{{ users }}" + loop_control: + label: "{{ item.name }}" + +- name: Créer les autres groupes + ansible.builtin.group: + name: "{{ item.1 }}" + become: true + loop: "{{ users | subelements('groups', skip_missing=True) }}" + loop_control: + label: "{{ item.0.name }} to {{ item.1 }}" + +- name: Créer les utilisateurs + ansible.builtin.user: + name: "{{ item.name }}" + comment: "{{ item.comment | default(omit) }}" + password: "{{ item.password | default(omit) }}" + password_lock: "{{ item.password_lock | default(omit) }}" + home: "{{ item.home | default(omit) }}" + shell: "{{ item.shell | default(omit) }}" + group: "{{ item.group | default(item.name) }}" + groups: "{{ item.groups | default(omit) }}" + become: true + loop: "{{ users }}" + loop_control: + label: "{{ item.name }}" diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..5818988 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,13 @@ +--- +# tasks file for users + +- name: Importer les tâches d'installation + ansible.builtin.import_tasks: installation.yml + +- name: Importer les tâches de configuration + ansible.builtin.import_tasks: configuration.yml +# ansible.builtin.include_tasks: configuration.yml +# loop: "{{ users }}" +# loop_control: +# loop_var: user +# label: "{{ user.name }}" diff --git a/templates/authorized_key.j2 b/templates/authorized_key.j2 new file mode 100644 index 0000000..a5b1c1a --- /dev/null +++ b/templates/authorized_key.j2 @@ -0,0 +1,5 @@ +# {{ ansible_managed }} + +{% for key in user.extras.authorized_keys %} +{{ key }} +{% endfor %} diff --git a/templates/bash_aliases.j2 b/templates/bash_aliases.j2 new file mode 100644 index 0000000..6b90e69 --- /dev/null +++ b/templates/bash_aliases.j2 @@ -0,0 +1,13 @@ +# {{ ansible_managed }} + +## BEGIN common +PS1='${debian_chroot:+($debian_chroot)}\[\033[38;5;99m\]\u@\h\[\033[00m\]:\[\033[38;5;141m\]\w\[\033[00m\]\$ ' +alias ls='ls --color=auto -lah --group-directories-first' +alias df='df -h --exclude-type=tmpfs --exclude-type=devtmpfs' +## END common +{% if user.get('extras', {}).get('bash_aliases', '') | length > 0 %} + +## BEGIN user +{{ user.extras.bash_aliases }} +## END user +{% endif %} diff --git a/templates/id_ed25519.j2 b/templates/id_ed25519.j2 new file mode 100644 index 0000000..b364a8b --- /dev/null +++ b/templates/id_ed25519.j2 @@ -0,0 +1 @@ +{{ user.extras.id_ed25519 }} diff --git a/templates/ssh_config.j2 b/templates/ssh_config.j2 new file mode 100644 index 0000000..6039869 --- /dev/null +++ b/templates/ssh_config.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +{{ user.extras.ssh_config }} diff --git a/templates/sudoers.j2 b/templates/sudoers.j2 new file mode 100644 index 0000000..f0a76dd --- /dev/null +++ b/templates/sudoers.j2 @@ -0,0 +1,3 @@ +# {{ ansible_managed }} + +{{ user.extras.sudoers }}