2018-09-02 06:45:47 +00:00
12 changed files with 184 additions and 16 deletions
--- a/ansible.cfg
+++ b/ansible.cfg
@ -0,0 +1,16 @@
+[ssh_connection]
+
+[defaults]
+retry_files_enabled = False
+retry_files_save_path = /tmp/
+inventory=./hosts
+host_key_checking=False
+gathering = smart
+#stdout_callback=skippy
+
+[privilege_escalation]
+become=True
+become_method=sudo
+become_user=root
+#become_ask_pass=False
+
--- a/1
+++ b/1
@ -0,0 +1 @@
+10.106.116.157
--- a/roles/users/defaults/main.yml
+++ b/roles/users/defaults/main.yml
@ -0,0 +1,4 @@
+default_freebsd_shell: "/bin/csh"
+default_linux_shell: "/bin/bash"
+default_shell_lines:
+  - SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh
--- a/roles/users/files/keys/remember/key1.pub
+++ b/roles/users/files/keys/remember/key1.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXf
--- a/roles/users/files/keys/test/key2.pub
+++ b/roles/users/files/keys/test/key2.pub
@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXd
--- a/roles/users/tasks/main.yml
+++ b/roles/users/tasks/main.yml
@ -1,8 +1,4 @@
 ---
- name: Ensure groups exist
-  group:
-    name: "{{ item.name }}"
-    gid: "{{ item.gid | default(ommit) }}"
-    state: present
-  with_items: groups
-
+- include_tasks: set_facts.yml
+- include_tasks: users.yml
+- include_tasks: ssh_config.yml
--- a/roles/users/tasks/set_facts.yml
+++ b/roles/users/tasks/set_facts.yml
@ -0,0 +1,8 @@
+- set_fact:
+    default_shell: "{{ default_freebsd_shell }}"
+  when: ansible_os_family == 'FreeBSD'
+
+- set_fact:
+    default_shell: "{{ default_linux_shell }}"
+  when: ansible_os_family == 'Debian'
+
--- a/roles/users/tasks/ssh_config.yml
+++ b/roles/users/tasks/ssh_config.yml
@ -0,0 +1,38 @@
+- name: Ensure .ssh folder is created
+  file:
+    path: "/home/{{item.name}}/.ssh"
+    state: directory
+    mode: 0600
+  with_items:
+    - "{{ users }}"
+
+- name: Check if user has ~/.ssh/config
+  stat:
+    path: "/home/{{ item.name }}/.ssh/config"
+  with_items: "{{ users }}"
+  register: sshconfig
+
+#- name: debug items
+#  debug:
+#    msg: "{{ item.item.name }} {{item.stat}}"
+#  with_items:
+#    - "{{ sshconfig.results }}"
+
+- name: Create ~/.ssh/config when absent
+  file:
+    path: "/home/{{ item.item.name }}/.ssh/config"
+    owner: "{{ item.item.name }}"
+    mode: 0600
+    state: touch
+  when: item.stat.exists == False
+  with_items:
+    - "{{ sshconfig.results }}"
+  no_log: True
+
+- name: Configure ~/.ssh/config
+  template:
+    src: ssh.config.j2 
+    dest: "/home/{{ item.name }}/.ssh/config"
+    owner: "{{ item.name }}"
+  with_items:
+    - "{{ users }}"
--- a/roles/users/tasks/users.yml
+++ b/roles/users/tasks/users.yml
@ -0,0 +1,88 @@
+---
+- name: Ensure groups exist
+  group:
+    name: "{{ item.name }}"
+    gid: "{{ item.gid | default(omit) }}"
+    state: present
+  with_items: "{{ user_groups }}"
+
+- name: Ensure users exist
+  user:
+    name: "{{ item.name }}"
+    id: "{{ item.id | default(omit) }}"
+    groups: "{{ item.groups | default(omit) }}"
+    shell: "{{ item.shell | default(default_shell) }}"
+    state: present
+  no_log: True
+  with_items: "{{ users }}"
+
+- name: Configure authorized_keys
+  authorized_key:
+    user: "{{ item.0.name }}"
+    key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}"
+    state: "{{ item.1.state | default(present) }}"
+  with_subelements:
+    - "{{ users }}"
+    -  keys
+
+#- name: debug
+#  debug:
+#    msg: "{{ item.0 }} - {{ item.1 }}"
+#  with_nested:
+#    - "{{ users }}"
+#    - "{{ users | map(attribute='shell_lines') | list }}"
+#  when: ansible_os_family == 'Debian' and item.1 is defined
+
+- name: check vars
+  debug:
+    msg: "{{ item.0.name }} --- {{ item.1 }}"
+  with_subelements:
+    - "{{ users }}"
+    - shell_lines
+    - skip_missing: true
+  when: ansible_os_family == 'Debian'
+
+- name: Add Ansible comment in bashrc
+  lineinfile:
+    path: "/home/{{ item.name }}/.bashrc"
+    line: "## Ansible managed below this line ###########"
+    insertafter: EOF
+    state: present
+  with_items:
+    - "{{ users }}"
+  when: ansible_os_family == 'Debian'
+
+- name: Configure bashrc
+  lineinfile:
+    path: "/home/{{ item.0.name }}/.bashrc"
+    line: "{{ item.1.line }}"
+    insertafter: "^## Ansible managed below this line"
+    state: "{{ item.1.state }}"
+  with_subelements:
+    - "{{ users }}"
+    - shell_lines
+    - skip_missing: true
+  when: ansible_os_family == 'Debian'
+  
+- name: Add Ansible comment in cshrc
+  lineinfile:
+    path: "/home/{{ item.0.name }}/.bashrc"
+    line: "## Ansible managed blow this line ###########"
+    insertafter: EOF
+    state: present
+  with_items:
+    - "{{ users }}"
+  when: ansible_os_family == 'FreeBSD'
+
+- name: Configure cshrc
+  lineinfile:
+    path: "/home/{{ item.0.name }}/.cshrc"
+    line: "{{ item.1.line }}"
+    insertafter: EOF
+    state: "{{ item.1.state }}"
+  with_subelements:
+    - "{{ users }}"
+    - shell_lines
+    - skip_missing: true
+  when: ansible_os_family == 'FreeBSD'
+
--- a/roles/users/templates/ssh.config.j2
+++ b/roles/users/templates/ssh.config.j2
@ -0,0 +1,6 @@
+host blabla
+  hostname {{ ansible_hostname }}
+  User {{ item.name }}
+  RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent
+  RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh
+  ServerAliveInterval 10
--- a/roles/users/vars/main.yml
+++ b/roles/users/vars/main.yml
@ -1,12 +1,21 @@
 ---
-groups:
-  - 
+user_groups:
+  - name: remember 

 users:
-  - remember
-  - direct
-  - degree
-  - sand
-  - grief
-  - jam
-  - king
+  - name: remember
+    keys:
+      - file: key1
+        state: present
+    shell_lines:
+      - line: "export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh"
+        state: present
+      - line: "line2"
+        state: absent
+  - name: test
+    keys:
+      - file: key2
+        state: absent
+        #    shell_lines:
+        #      - "line1"
+        #      - "line2"
--- a/site.yml
+++ b/site.yml
				`@ -0,0 +1 @@`
				`ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDMfztaQoo3Alf4Ie4ZrSEkhojOcKl8VRdoRiYb/7FL3IS/5IcSKcan/MGJlRht3ibwJBx9/CY8wZivHgNKCqtbZWGepfOtgWOqI4ROo4sELmRgV8PZUACjCSfaOkOdvCJEjhw3n+aI5jmK9IUA+mwdXkZj/NckNDZAQ+FRqwR6sX7svM4TF/zEI70JvO3xnDgCuC2PgiztVFfMqbWl33NgkG3kWkJ+JarF2pNsxO/+82s/hoC4P+dpZD1PHhJC7OxUiAHe5nwF7heQh9DUBQxJBhitn7C3XqlxEf7Kx3/kO9CUJVDaxS84UUnfUPc0u1iYpE+5ypqkDSyj3yQNpwXf`