[INFO] Création du rôle
This commit is contained in:
parent
688c17fe0b
commit
1d4aaf909e
4
defaults/main.yml
Normal file
4
defaults/main.yml
Normal file
@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
# defaults file for users
|
||||||
|
|
||||||
|
users: []
|
@ -1,7 +1,7 @@
|
|||||||
galaxy_info:
|
galaxy_info:
|
||||||
namespace: ykn
|
namespace: ykn
|
||||||
author: pulsar89.5
|
author: pulsar89.5
|
||||||
description: Rôle modèle
|
description: Rôle de déploiement des utilisateurs
|
||||||
|
|
||||||
license: GPL-3.0-or-later
|
license: GPL-3.0-or-later
|
||||||
|
|
||||||
|
84
tasks/configuration.yml
Normal file
84
tasks/configuration.yml
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
---
|
||||||
|
# tasks file for users
|
||||||
|
|
||||||
|
- name: Déployer la configuration de sudo
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: sudoers.j2
|
||||||
|
dest: /etc/sudoers.d/{{ user.name }}
|
||||||
|
owner: root
|
||||||
|
group: root
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
when: user.get('extras', {}).get('sudoers')
|
||||||
|
become: true
|
||||||
|
loop: "{{ users }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: user
|
||||||
|
label: "{{ user.name }}"
|
||||||
|
|
||||||
|
- name: Déployer la configuration de bash
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: bash_aliases.j2
|
||||||
|
dest: "~{{ user.name }}/.bash_aliases"
|
||||||
|
owner: "{{ user.name }}"
|
||||||
|
group: "{{ user.group | default(user.name) }}"
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
become: true
|
||||||
|
loop: "{{ users }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: user
|
||||||
|
label: "{{ user.name }}"
|
||||||
|
|
||||||
|
- name: Créer le dossier de configuration de SSH
|
||||||
|
ansible.builtin.file:
|
||||||
|
state: directory
|
||||||
|
path: "~{{ user.name }}/.ssh"
|
||||||
|
owner: "{{ user.name }}"
|
||||||
|
group: "{{ user.group | default(user.name) }}"
|
||||||
|
mode: u=rwX,g=rX,o=rX
|
||||||
|
become: true
|
||||||
|
loop: "{{ users }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: user
|
||||||
|
label: "{{ user.name }}"
|
||||||
|
|
||||||
|
- name: Déployer la configuration de SSH
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: ssh_config.j2
|
||||||
|
dest: "~{{ user.name }}/.ssh/config"
|
||||||
|
owner: "{{ user.name }}"
|
||||||
|
group: "{{ user.group | default(user.name) }}"
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
when: user.get('extras', {}).get('ssh_config')
|
||||||
|
become: true
|
||||||
|
loop: "{{ users }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: user
|
||||||
|
label: "{{ user.name }}"
|
||||||
|
|
||||||
|
- name: Déployer les clefs SSH privées
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: id_ed25519.j2
|
||||||
|
dest: "~{{ user.name }}/.ssh/id_ed25519"
|
||||||
|
owner: "{{ user.name }}"
|
||||||
|
group: "{{ user.group | default(user.name) }}"
|
||||||
|
mode: u=rw,g=,o=
|
||||||
|
when: user.get('extras', {}).get('id_ed25519')
|
||||||
|
become: true
|
||||||
|
loop: "{{ users }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: user
|
||||||
|
label: "{{ user.name }}"
|
||||||
|
|
||||||
|
- name: Déployer les clefs SSH autorisées
|
||||||
|
ansible.builtin.template:
|
||||||
|
src: authorized_key.j2
|
||||||
|
dest: "~{{ user.name }}/.ssh/authorized_keys"
|
||||||
|
owner: "{{ user.name }}"
|
||||||
|
group: "{{ user.group | default(user.name) }}"
|
||||||
|
mode: u=rw,g=r,o=r
|
||||||
|
when: user.get('extras', {}).get('authorized_keys')
|
||||||
|
become: true
|
||||||
|
loop: "{{ users }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: user
|
||||||
|
label: "{{ user.name }}"
|
34
tasks/installation.yml
Normal file
34
tasks/installation.yml
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
# tasks file for users
|
||||||
|
|
||||||
|
- name: Créer un groupe au nom de l'utilisateur
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
when: user.group is undefined
|
||||||
|
become: true
|
||||||
|
loop: "{{ users }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
||||||
|
|
||||||
|
- name: Créer les autres groupes
|
||||||
|
ansible.builtin.group:
|
||||||
|
name: "{{ item.1 }}"
|
||||||
|
become: true
|
||||||
|
loop: "{{ users | subelements('groups', skip_missing=True) }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.0.name }} to {{ item.1 }}"
|
||||||
|
|
||||||
|
- name: Créer les utilisateurs
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
comment: "{{ item.comment | default(omit) }}"
|
||||||
|
password: "{{ item.password | default(omit) }}"
|
||||||
|
password_lock: "{{ item.password_lock | default(omit) }}"
|
||||||
|
home: "{{ item.home | default(omit) }}"
|
||||||
|
shell: "{{ item.shell | default(omit) }}"
|
||||||
|
group: "{{ item.group | default(item.name) }}"
|
||||||
|
groups: "{{ item.groups | default(omit) }}"
|
||||||
|
become: true
|
||||||
|
loop: "{{ users }}"
|
||||||
|
loop_control:
|
||||||
|
label: "{{ item.name }}"
|
13
tasks/main.yml
Normal file
13
tasks/main.yml
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
# tasks file for users
|
||||||
|
|
||||||
|
- name: Importer les tâches d'installation
|
||||||
|
ansible.builtin.import_tasks: installation.yml
|
||||||
|
|
||||||
|
- name: Importer les tâches de configuration
|
||||||
|
ansible.builtin.import_tasks: configuration.yml
|
||||||
|
# ansible.builtin.include_tasks: configuration.yml
|
||||||
|
# loop: "{{ users }}"
|
||||||
|
# loop_control:
|
||||||
|
# loop_var: user
|
||||||
|
# label: "{{ user.name }}"
|
5
templates/authorized_key.j2
Normal file
5
templates/authorized_key.j2
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{% for key in user.extras.authorized_keys %}
|
||||||
|
{{ key }}
|
||||||
|
{% endfor %}
|
13
templates/bash_aliases.j2
Normal file
13
templates/bash_aliases.j2
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
## BEGIN common
|
||||||
|
PS1='${debian_chroot:+($debian_chroot)}\[\033[38;5;99m\]\u@\h\[\033[00m\]:\[\033[38;5;141m\]\w\[\033[00m\]\$ '
|
||||||
|
alias ls='ls --color=auto -lah --group-directories-first'
|
||||||
|
alias df='df -h --exclude-type=tmpfs --exclude-type=devtmpfs'
|
||||||
|
## END common
|
||||||
|
{% if user.get('extras', {}).get('bash_aliases', '') | length > 0 %}
|
||||||
|
|
||||||
|
## BEGIN user
|
||||||
|
{{ user.extras.bash_aliases }}
|
||||||
|
## END user
|
||||||
|
{% endif %}
|
1
templates/id_ed25519.j2
Normal file
1
templates/id_ed25519.j2
Normal file
@ -0,0 +1 @@
|
|||||||
|
{{ user.extras.id_ed25519 }}
|
3
templates/ssh_config.j2
Normal file
3
templates/ssh_config.j2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{{ user.extras.ssh_config }}
|
3
templates/sudoers.j2
Normal file
3
templates/sudoers.j2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
{{ user.extras.sudoers }}
|
Loading…
Reference in New Issue
Block a user