diff --git a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml index 2b22aea..dc66fc8 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml @@ -1,10 +1,22 @@ --- -- name: Check if user has ~/.ssh/config +- name: Check if user has ~/.ssh/config | Debian/Ubuntu systems. stat: path: "/home/{{ item.name }}/.ssh/config" with_items: "{{ users }}" register: sshconfig + when: item.name != 'ec2-user' and ansible_os_family == 'Debian' + +- name: Check if user has ~/.ssh/config | FreeBSD systems. + stat: + path: "/home/{{ item.name }}/.ssh/config" + with_items: "{{ users }}" + register: sshconfig + when: item.name != 'ubuntu' and ansible_os_family == 'FreeBSD' +- name: debug + debug: "{{ item.item.name }}" + with_items: + - "{{ sshconfig.results }}" - name: Create ~/.ssh/config when absent file: @@ -13,10 +25,10 @@ group: "{{ item.item.name }}" mode: 0600 state: touch - when: item.stat.exists == False and item.item.state == "present" + when: item.stat is defined and item.stat.exists == False and item.item.state == "present" with_items: - "{{ sshconfig.results }}" - no_log: True + no_log: True - name: CHECK VARS @@ -51,5 +63,29 @@ with_items: - "{{ users }}" - skip_missing: true - when: item.ssh_config is defined and item.state == "present" + when: item.ssh_config is defined and item.state == "present" and item.name != 'ec2-user' and ansible_os_family == 'Debian' +- name: Configure ~/.ssh/config FreeBSD + blockinfile: + #path: "/home/{{ item.0.name }}/.ssh/config" + path: "/home/{{ item.name }}/.ssh/config" + #owner: "{{ item.0.name }}" + owner: "{{ item.name }}" + #group: "{{ item.0.name }}" + group: "{{ item.name }}" + mode: 0600 + marker: "# {mark} ANSIBLE MANAGED BLOCK" + content: | + {% for host in groups['all'] -%} + Host {{ hostvars[host]['ansible_hostname'] }} + Hostname {{ hostvars[host]['inventory_hostname'] }} + RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent + RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh + {% for item in item.ssh_config %} + {{ item.line }} + {% endfor %} + {% endfor %} + with_items: + - "{{ users }}" + - skip_missing: true + when: item.ssh_config is defined and item.state == "present" and item.name != 'ubuntu' and ansible_os_family == 'FreeBSD' diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml index 52b1c81..7f56fc7 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/ssh_config.yml @@ -1,5 +1,5 @@ -- name: Ensure .ssh folder is created +- name: Ensure .ssh folder is created | Debian/Ubuntu systems file: path: "/home/{{item.name}}/.ssh" state: directory @@ -8,10 +8,10 @@ group: "{{ item.name }}" with_items: - "{{ users }}" - when: item.state == "present" + when: item.state == "present" and item.name != 'ec2-user' and ansible_os_family == 'Debian' -- name: Configure authorized_keys +- name: Configure authorized_keys | Debian/Ubuntu systems authorized_key: user: "{{ item.0.name }}" key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}" @@ -19,5 +19,26 @@ with_subelements: - "{{ users }}" - keys - when: item.0.state is defined and item.0.state == "present" + when: item.0.state is defined and item.0.state == "present" and item.0.name != 'ec2-user' and ansible_os_family == 'Debian' +- name: Ensure .ssh folder is created | FreeBSD systems + file: + path: "/home/{{item.name}}/.ssh" + state: directory + mode: 0700 + owner: "{{ item.name }}" + group: "{{ item.name }}" + with_items: + - "{{ users }}" + when: item.state == "present" and item.name != 'ubuntu' and ansible_os_family == 'FreeBSD' + + +- name: Configure authorized_keys | FreeBSD systems + authorized_key: + user: "{{ item.0.name }}" + key: "{{ lookup('file', 'keys/' + item.0.name + '/' + item.1.file + '.pub') }}" + state: "{{ item.1.state | default('present') }}" + with_subelements: + - "{{ users }}" + - keys + when: item.0.state is defined and item.0.state == "present" and item.0.name != 'ubuntu' and ansible_os_family == 'FreeBSD' diff --git a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml index aa4eb1f..bec7871 100644 --- a/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml +++ b/add-users-groups-authorized_keys-dot-files/roles/users/tasks/users.yml @@ -7,7 +7,7 @@ with_items: "{{ user_groups }}" -- name: Add/Remove user +- name: Add/Remove user(s) on Ubuntu systems user: name: "{{ item.name }}" state: "{{ item.state | default('present') }}" @@ -18,7 +18,20 @@ remove: yes no_log: False with_items: "{{ users }}" + when: item.name != 'ec2-user' and ansible_os_family == 'Debian' +- name: Add/Remove user(s) on FreeBSD systems + user: + name: "{{ item.name }}" + state: "{{ item.state | default('present') }}" + password: "{{ item.password | default(omit) }}" + groups: "{{ item.groups | default(omit) }}" + uid: "{{ item.uid | default(omit) }}" + shell: "{{ item.shell | default(default_shell) }}" + remove: yes + no_log: False + with_items: "{{ users }}" + when: item.name != 'ubuntu' and ansible_os_family == 'FreeBSD' - name: Configure bashrc lines lineinfile: