From b66d3e9894eccf5c6bd389c6e1b8bb0c7faf085c Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:36 +0200 Subject: [PATCH] [roles/base/create-users] create or update user accounts --- roles/base/create-users/defaults/main.yml | 17 +++ .../files/default/authorized_keys | 7 ++ roles/base/create-users/files/default/profile | 11 ++ .../create-users/files/default/ssh_config | 33 ++++++ roles/base/create-users/tasks/main.yml | 12 +++ roles/base/create-users/tasks/setup-user.yml | 100 ++++++++++++++++++ 6 files changed, 180 insertions(+) create mode 100644 roles/base/create-users/defaults/main.yml create mode 100644 roles/base/create-users/files/default/authorized_keys create mode 100644 roles/base/create-users/files/default/profile create mode 100644 roles/base/create-users/files/default/ssh_config create mode 100644 roles/base/create-users/tasks/main.yml create mode 100644 roles/base/create-users/tasks/setup-user.yml diff --git a/roles/base/create-users/defaults/main.yml b/roles/base/create-users/defaults/main.yml new file mode 100644 index 0000000..f560844 --- /dev/null +++ b/roles/base/create-users/defaults/main.yml @@ -0,0 +1,17 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +# If not overridden in inventory or as a parameter, this is the value that will be used +# +--- +# Define to create users on target system +#users: +# - name: +# home: /home/$NAME +# homemode: 750 +# groups: +# force: no +# diff --git a/roles/base/create-users/files/default/authorized_keys b/roles/base/create-users/files/default/authorized_keys new file mode 100644 index 0000000..bcdc86c --- /dev/null +++ b/roles/base/create-users/files/default/authorized_keys @@ -0,0 +1,7 @@ +# +######################################################### +### Provisioned ONCE by someone's ansible provisioner ### +######################################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# diff --git a/roles/base/create-users/files/default/profile b/roles/base/create-users/files/default/profile new file mode 100644 index 0000000..666b234 --- /dev/null +++ b/roles/base/create-users/files/default/profile @@ -0,0 +1,11 @@ +# +######################################################### +### Provisioned ONCE by someone's ansible provisioner ### +######################################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +# Do what would have happened, if this user wasnt created by ansible. +rsync -vaPp /etc/skel/ $HOME >/dev/null 2>&1 +exec $SHELL diff --git a/roles/base/create-users/files/default/ssh_config b/roles/base/create-users/files/default/ssh_config new file mode 100644 index 0000000..42a8607 --- /dev/null +++ b/roles/base/create-users/files/default/ssh_config @@ -0,0 +1,33 @@ +# +######################################################### +### Provisioned ONCE by someone's ansible provisioner ### +######################################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +Include ~/.ssh/config.local + +Host localhost l + Port 2 + IdentityFile ~/.ssh/id_localhost + +Host *.somenet.org + Port 2 + IdentityFile ~/.ssh/id_somenet + +############ +# DEFAULTS # +############ +Host * + ExitOnForwardFailure yes + Compression yes + HashKnownHosts no + ServerAliveInterval 300 + StrictHostKeyChecking no + VisualHostKey no + # try host/username or host.default + IdentityFile ~/.ssh/id/%h._%r + IdentityFile ~/.ssh/id/%h.default + # on root, we also try this + IdentityFile ~/.ssh/id_ed25519 diff --git a/roles/base/create-users/tasks/main.yml b/roles/base/create-users/tasks/main.yml new file mode 100644 index 0000000..79b3dfa --- /dev/null +++ b/roles/base/create-users/tasks/main.yml @@ -0,0 +1,12 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- include_tasks: setup-user.yml + with_items: "{{users}}" + loop_control: + loop_var: user + when: users is defined diff --git a/roles/base/create-users/tasks/setup-user.yml b/roles/base/create-users/tasks/setup-user.yml new file mode 100644 index 0000000..35a2c02 --- /dev/null +++ b/roles/base/create-users/tasks/setup-user.yml @@ -0,0 +1,100 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: create {{user.name}} user + user: + name: "{{user.name}}" + home: "{{user.home | default ('/home/'+user.name)}}" + shell: "{{user.shell | default ('/bin/bash')}}" + groups: "{{user.groups | default ('')}}" + append: yes + createhome: no + state: present + + +- name: create {{user.name}} user's homedir + file: + path: "{{user.home | default ('/home/'+user.name)}}" + state: directory + mode: "{{user.homemode | default ('0750')}}" + owner: "{{user.name}}" + group: "{{user.name}}" + + +- name: copy {{user.name}}'s .profile + copy: + src: "{{item}}" + dest: "{{user.home | default ('/home/'+user.name)}}/.profile" + force: "{{user.force | default ('no')}}" + mode: 0755 + owner: "{{user.name}}" + group: "{{user.name}}" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{user.name}}/profile" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{user.name}}/profile" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{user.name}}/profile" + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/profile" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/profile" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/profile" + - "default/profile" + + +- name: symlink {{user.name}}'s .zprofile to .profile + file: + src: "{{user.home | default ('/home/'+user.name)}}/.profile" + dest: "{{user.home | default ('/home/'+user.name)}}/.zshrc" + force: "{{user.force | default ('no')}}" + mode: 0755 + owner: "{{user.name}}" + group: "{{user.name}}" + state: link + ignore_errors: yes + + +- name: create {{user.name}}'s .ssh dir + file: + path: "{{user.home | default ('/home/'+user.name)}}/.ssh" + state: directory + mode: 0700 + owner: "{{user.name}}" + group: "{{user.name}}" + + +- name: copy {{user.name}}'s .ssh/config + copy: + src: "{{item}}" + dest: "{{user.home | default ('/home/'+user.name)}}/.ssh/config" + force: "{{user.force | default ('no')}}" + mode: 0600 + owner: "{{user.name}}" + group: "{{user.name}}" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{user.name}}/ssh_config" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{user.name}}/ssh_config" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{user.name}}/ssh_config" + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/ssh_config" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/ssh_config" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/ssh_config" + - "default/ssh_config" + + +- name: copy {{user.name}}'s authorized_keys + copy: + src: "{{item}}" + dest: "{{user.home | default ('/home/'+user.name)}}/.ssh/authorized_keys" + force: "{{user.force | default ('no')}}" + mode: 0600 + owner: "{{user.name}}" + group: "{{user.name}}" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/{{user.name}}/authorized_keys" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/{{user.name}}/authorized_keys" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/{{user.name}}/authorized_keys" + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/authorized_keys" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/authorized_keys" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/authorized_keys" + - "default/authorized_keys" -- 2.43.0