feat: Create role

2022-10-10 11:20:20 +02:00 · 2022-10-10 11:20:20 +02:00 · 473492f5e3
commit 473492f5e3
parent 688c17fe0b
11 changed files with 221 additions and 3 deletions
--- a/README.md
+++ b/README.md
@ -1,3 +1,43 @@
-# role_modele
+# role_users

-Modèle
+Deploy users, groups, sudoers and ssh authorized_keys.
+
+## inventory.yml
+
+```yaml
+---
+
+all:
+  hosts:
+    host1.ykn.local:
+```
+
+## host_vars/host1.ykn.local.yml
+
+```yaml
+---
+
+users: []
+  - name: ansible
+    comment: "Ansible user"
+    update_password: on_create
+    password_lock: true
+    append: true
+    shell: /bin/bash
+    groups: ["sudo"]
+    extras:
+      authorized_keys:
+        - ssh-ed25519 <key> ansible
+        - ssh-ed25519 <key> bot_ansible
+      sudoers: ansible ALL=(ALL) NOPASSWD:ALL
+  - name: flast
+    comment: First LAST
+    password: <https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html#parameter-password>
+    password_lock: false
+    shell: /bin/bash
+    groups: ["sudo", "adm"]
+    extras:
+      authorized_keys:
+        - ssh-ed25519 <key> flast@computer1
+        - ssh-ed25519 <key> flast@computer2
+```
--- a/defaults/main.yml
+++ b/defaults/main.yml
@ -0,0 +1,17 @@
+---
+# defaults file for users
+
+users: []
+# Example:
+#   - name: ansible
+#     comment: "Ansible user"
+#     update_password: on_create
+#     password_lock: true
+#     append: true
+#     shell: /bin/bash
+#     groups: ["sudo"]
+#     extras:
+#       authorized_keys:
+#         - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNxxMmKSUHibYrlwyhx6UzyEAIPrghuQ/2fiCvcGAfh ansible
+#         - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPerG1LAvNuuwuMnlExCyfsRwGqrM1U3C/aUtuXqhyu bot_ansible
+#       sudoers: ansible ALL=(ALL) NOPASSWD:ALL
--- a/meta/main.yml
+++ b/meta/main.yml
@ -1,7 +1,7 @@
 galaxy_info:
  namespace: ykn
  author: pulsar89.5
-  description: Rôle modèle
+  description: Deploy users, groups, sudoers and ssh authorized_keys

  license: GPL-3.0-or-later

--- a/tasks/configuration.yml
+++ b/tasks/configuration.yml
@ -0,0 +1,84 @@
+---
+# tasks file for users
+
+- name: Deploy sudoers configuration
+  ansible.builtin.template:
+    src: sudoers.j2
+    dest: /etc/sudoers.d/{{ user.name }}
+    owner: root
+    group: root
+    mode: u=rw,g=,o=
+  when: user.get('extras', {}).get('sudoers')
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Deploy bash_aliases
+  ansible.builtin.template:
+    src: bash_aliases.j2
+    dest: "~{{ user.name }}/.bash_aliases"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rw,g=,o=
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Create ssh directory
+  ansible.builtin.file:
+    state: directory
+    path: "~{{ user.name }}/.ssh"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rwX,g=rX,o=rX
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Deploy SSH configuration
+  ansible.builtin.template:
+    src: ssh_config.j2
+    dest: "~{{ user.name }}/.ssh/config"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rw,g=r,o=r
+  when: user.get('extras', {}).get('ssh_config')
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Deploy SSH private keys
+  ansible.builtin.template:
+    src: id_ed25519.j2
+    dest: "~{{ user.name }}/.ssh/id_ed25519"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rw,g=,o=
+  when: user.get('extras', {}).get('id_ed25519')
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Deploy authorized SSH keys
+  ansible.builtin.template:
+    src: authorized_key.j2
+    dest: "~{{ user.name }}/.ssh/authorized_keys"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rw,g=r,o=r
+  when: user.get('extras', {}).get('authorized_keys')
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
--- a/tasks/installation.yml
+++ b/tasks/installation.yml
@ -0,0 +1,42 @@
+---
+# tasks file for users
+
+- name: Build users list
+  ansible.builtin.set_fact:
+    users: "{{ users + specific }}"
+  when: specific | length > 0
+  loop: "{{ lookup('ansible.builtin.varnames', '^users.+', wantlist=True) }}"
+  vars:
+    specific: "{{ lookup('ansible.builtin.vars', item, default='') }}"
+
+- name: Create groups with the users name
+  ansible.builtin.group:
+    name: "{{ item.name }}"
+  when: user.group is undefined
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Create other groups
+  ansible.builtin.group:
+    name: "{{ item.1 }}"
+  become: true
+  loop: "{{ users | subelements('groups', skip_missing=True) }}"
+  loop_control:
+    label: "{{ item.1 }}"
+
+- name: Create users
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    comment: "{{ item.comment | default(omit) }}"
+    password: "{{ item.password | default(omit) }}"
+    password_lock: "{{ item.password_lock | default(omit) }}"
+    home: "{{ item.home | default(omit) }}"
+    shell: "{{ item.shell | default(omit) }}"
+    group: "{{ item.group | default(item.name) }}"
+    groups: "{{ item.groups | default(omit) }}"
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    label: "{{ item.name }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -0,0 +1,10 @@
+---
+# tasks file for users
+
+- name: Import creation tasks
+  ansible.builtin.import_tasks:
+    file: installation.yml
+
+- name: Import configuration tasks
+  ansible.builtin.import_tasks:
+    file: configuration.yml
--- a/templates/authorized_key.j2
+++ b/templates/authorized_key.j2
@ -0,0 +1,5 @@
+# {{ ansible_managed }}
+
+{% for key in user.extras.authorized_keys %}
+{{ key }}
+{% endfor %}
--- a/templates/bash_aliases.j2
+++ b/templates/bash_aliases.j2
@ -0,0 +1,13 @@
+# {{ ansible_managed }}
+
+## BEGIN common
+PS1='${debian_chroot:+($debian_chroot)}\[\033[38;5;99m\]\u@\h\[\033[00m\]:\[\033[38;5;141m\]\w\[\033[00m\]\$ '
+alias ls='ls --color=auto -lah --group-directories-first'
+alias df='df -h --exclude-type=tmpfs --exclude-type=devtmpfs'
+## END common
+{% if user.get('extras', {}).get('bash_aliases', '') | length > 0 %}
+
+## BEGIN user
+{{ user.extras.bash_aliases }}
+## END user
+{% endif %}
--- a/templates/id_ed25519.j2
+++ b/templates/id_ed25519.j2
@ -0,0 +1 @@
+{{ user.extras.id_ed25519 }}
--- a/templates/ssh_config.j2
+++ b/templates/ssh_config.j2
@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+{{ user.extras.ssh_config }}
--- a/templates/sudoers.j2
+++ b/templates/sudoers.j2
@ -0,0 +1,3 @@
+# {{ ansible_managed }}
+
+{{ user.extras.sudoers }}