aboutsummaryrefslogtreecommitdiff
path: root/ansible/roles/lusers
diff options
context:
space:
mode:
authorTrygve Laugstøl <trygvis@inamo.no>2018-11-05 23:18:06 +0100
committerTrygve Laugstøl <trygvis@inamo.no>2018-11-05 23:18:06 +0100
commitb5b7e21c8ba3c68eab9cd244602f27c21aa5f36b (patch)
tree8c0f0d802773664e9d01ebf7ae6fb066b6f5fd93 /ansible/roles/lusers
parent85b3d2a16b5cfbb499a4ebcb88967dcdc334cf21 (diff)
downloadinfra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.tar.gz
infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.tar.bz2
infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.tar.xz
infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.zip
Importing Bitraf's lusers, updating superusers.
Diffstat (limited to 'ansible/roles/lusers')
-rw-r--r--ansible/roles/lusers/defaults/main.yml1
-rw-r--r--ansible/roles/lusers/tasks/main.yml45
2 files changed, 46 insertions, 0 deletions
diff --git a/ansible/roles/lusers/defaults/main.yml b/ansible/roles/lusers/defaults/main.yml
new file mode 100644
index 0000000..61602c5
--- /dev/null
+++ b/ansible/roles/lusers/defaults/main.yml
@@ -0,0 +1 @@
+lusers_authorized_keys_exclusive: no
diff --git a/ansible/roles/lusers/tasks/main.yml b/ansible/roles/lusers/tasks/main.yml
new file mode 100644
index 0000000..cb10845
--- /dev/null
+++ b/ansible/roles/lusers/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- become: yes
+ tags: lusers
+ vars:
+ usernames: "{{ users|dict2items|map(attribute='key')|list }}"
+ block:
+ - name: adduser
+ with_items: "{{ lusers }}"
+ user:
+ name: "{{ item }}"
+ shell: /bin/bash
+
+ - name: getent passwd
+ getent:
+ database: passwd
+
+ - name: disable user
+ with_items: "{{ usernames }}"
+ when: (item not in lusers) and (item in getent_passwd)
+ user:
+ name: "{{ item }}"
+ shell: /usr/sbin/nologin
+
+ - name: mkdir ~/.ssh
+ when: lusers_authorized_keys_exclusive
+ with_items: "{{ lusers }}"
+ file:
+ path: "~{{ item }}/.ssh"
+ state: directory
+ owner: "{{ item }}"
+ mode: 0700
+
+ - name: authorized_keys, exclusively managed by Ansible
+ copy:
+ dest: "/home/{{ item }}/.ssh/authorized_keys"
+ content: "{{ users[item].authorized_keys }}"
+ when: lusers_authorized_keys_exclusive
+ with_items: "{{ lusers }}"
+
+ - name: authorized_keys, shared management with Ansible
+ authorized_key:
+ user: "{{ item }}"
+ key: "{{ users[item].authorized_keys }}"
+ with_items: "{{ lusers }}"
+ when: not lusers_authorized_keys_exclusive