diff options
author | Trygve Laugstøl <trygvis@inamo.no> | 2018-11-05 23:18:06 +0100 |
---|---|---|
committer | Trygve Laugstøl <trygvis@inamo.no> | 2018-11-05 23:18:06 +0100 |
commit | b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b (patch) | |
tree | 8c0f0d802773664e9d01ebf7ae6fb066b6f5fd93 /ansible/roles/lusers | |
parent | 85b3d2a16b5cfbb499a4ebcb88967dcdc334cf21 (diff) | |
download | infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.tar.gz infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.tar.bz2 infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.tar.xz infra-b5b7e21c8ba3c68eab9cd244602f27c21aa5f36b.zip |
Importing Bitraf's lusers, updating superusers.
Diffstat (limited to 'ansible/roles/lusers')
-rw-r--r-- | ansible/roles/lusers/defaults/main.yml | 1 | ||||
-rw-r--r-- | ansible/roles/lusers/tasks/main.yml | 45 |
2 files changed, 46 insertions, 0 deletions
diff --git a/ansible/roles/lusers/defaults/main.yml b/ansible/roles/lusers/defaults/main.yml new file mode 100644 index 0000000..61602c5 --- /dev/null +++ b/ansible/roles/lusers/defaults/main.yml @@ -0,0 +1 @@ +lusers_authorized_keys_exclusive: no diff --git a/ansible/roles/lusers/tasks/main.yml b/ansible/roles/lusers/tasks/main.yml new file mode 100644 index 0000000..cb10845 --- /dev/null +++ b/ansible/roles/lusers/tasks/main.yml @@ -0,0 +1,45 @@ +--- +- become: yes + tags: lusers + vars: + usernames: "{{ users|dict2items|map(attribute='key')|list }}" + block: + - name: adduser + with_items: "{{ lusers }}" + user: + name: "{{ item }}" + shell: /bin/bash + + - name: getent passwd + getent: + database: passwd + + - name: disable user + with_items: "{{ usernames }}" + when: (item not in lusers) and (item in getent_passwd) + user: + name: "{{ item }}" + shell: /usr/sbin/nologin + + - name: mkdir ~/.ssh + when: lusers_authorized_keys_exclusive + with_items: "{{ lusers }}" + file: + path: "~{{ item }}/.ssh" + state: directory + owner: "{{ item }}" + mode: 0700 + + - name: authorized_keys, exclusively managed by Ansible + copy: + dest: "/home/{{ item }}/.ssh/authorized_keys" + content: "{{ users[item].authorized_keys }}" + when: lusers_authorized_keys_exclusive + with_items: "{{ lusers }}" + + - name: authorized_keys, shared management with Ansible + authorized_key: + user: "{{ item }}" + key: "{{ users[item].authorized_keys }}" + with_items: "{{ lusers }}" + when: not lusers_authorized_keys_exclusive |