commit 65bcac7a0f231f0ef492af53827bb60e31cfc364
parent 727eb6fad5c9dd948cbaa6965892b210ce860dca
Author: Paco Esteban <paco@e1e0.net>
Date: Sat, 25 Jul 2020 16:50:20 +0200
new base role.
It creates the base user if it does not exist, assigns groups.
It also copies the necessary ssh keys.
Diffstat:
8 files changed, 54 insertions(+), 0 deletions(-)
diff --git a/home-fw.yml b/home-fw.yml
@@ -5,6 +5,8 @@
become: yes
become_method: doas
roles:
+ - base
- motd-figlet
vars:
- motd_figlet_group: wheel
+ - base_extra_groups: "wheel,_pftables"
diff --git a/localserver.yml b/localserver.yml
@@ -4,4 +4,7 @@
remote_user: paco
become: yes
roles:
+ - base
- nas
+ vars:
+ - base_extra_groups: "wheel,transmission,casa"
diff --git a/localutils.yml b/localutils.yml
@@ -4,7 +4,11 @@
remote_user: paco
become: yes
roles:
+ - base
- motd-figlet
- upsc_exporter
- node-exporter
- nut
+ vars:
+ - base_extra_groups: "sudo,i2c,gpio"
+ - base_shell: "/bin/bash"
diff --git a/mailserver.yml b/mailserver.yml
@@ -5,6 +5,7 @@
become: yes
become_method: doas
roles:
+ - base
- motd-figlet
- pf
vars:
@@ -16,3 +17,4 @@
- "smtp"
- "smtps"
- 5232
+ - base_extra_groups: "wheel"
diff --git a/roles/base/defaults/main.yml b/roles/base/defaults/main.yml
@@ -0,0 +1,9 @@
+---
+base_user: "paco"
+base_group: "paco"
+base_extra_groups: ''
+base_shell: "/bin/ksh"
+base_ssh_keys:
+ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKI24alB4is+NEv/6JjEZTd3ke7e2sw1hQu1aYNzIIn paco@celeborn.h.e1e0.net"
+ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5tsotZdlu9efi3U7qezdF9fT9xG6YxUb16HSBDoKtu paco@t430s.h.e1e0.net"
+ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQComE8k46SN744na47KJCxcJDd27CXVE2/5ucgoN6P4teTGhCIJMVSRUhbt3PXWOfkwZgVeU7bJnqExTIDaqWlz85Rbp++Ct4JSJlDIaN2Pb/aUzC29epiZIx1a8vQqeIfsi/EcvPxI47Wt6zHt3nd/nHomX33VJ1y530R0tvF3MsaX6rmnhFBp+aPLMLmo9yPQMofr4e6X5ylU4t87oRNpOFCMcnTAXZZOunFal8Dvi2K2wO6htmee2QyjtBbDQNt3+XenasOu694J70PGU9Q721oR8kDHB16BT0OW8WD/Qo4CzzqhFryLE507qbUjwv/a95Ht5MVeYOfCIcFU1AUVdTG1KuVqQo0KA5nPI6Kzb5UQno60TYaRKVxa8rxuRHDZ9YGcHbkuuUPAq6dmHZOR6vmuikVK7Ft1cn0iGow/yyNCOK+048Y3AynAmTatUbTeU7zLw8cN30gdkw3WTXI5sPJx2bL+h6qyIUHuwaNQ6VF481p8vR7D+8N1GMV4wdrY0PzK5Fa4n5sR0HicEiRomVSy4Iff+nmaDpN2JogVTg94/EYtVyB3uQ4+aGDZjMq4kHBZBbP3Fmq5dSLOaB2R5o/wm57oEU6KZjlAc/8F5YEswRjBNrOJLfsx0DG1EOpgWPpvOYUnfbfJFDIjiigP/aVZNf8dIUxhLqdA5tEw6Q== cardno:000608115828"
diff --git a/roles/base/tasks/main.yml b/roles/base/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+- name: create base user
+ user:
+ name: "{{ base_user }}"
+ group: "{{ base_group }}"
+ groups: "{{ base_extra_groups }}"
+ state: present
+ register: base_user_info
+
+- name: Set authorized_keys
+ become: true
+ become_user: "{{ base_user }}"
+ lineinfile:
+ path: "{{ base_user_info.home }}/.ssh/authorized_keys"
+ owner: "{{ base_user }}"
+ group: "{{ base_group }}"
+ mode: 0600
+ line: "{{ item }}"
+ loop: "{{ base_ssh_keys }}"
+
+- name: Remove old keys if present
+ become: true
+ become_user: "{{ base_user }}"
+ lineinfile:
+ path: "{{ base_user_info.home }}/.ssh/authorized_keys"
+ owner: "{{ base_user }}"
+ group: "{{ base_group }}"
+ mode: 0600
+ state: absent
+ regex: "^ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILdfFPROEl6Q4RszLRry2mhJ3HUPNbxCw9igYT3XhAZ2"
diff --git a/utils.yml b/utils.yml
@@ -5,6 +5,7 @@
become: yes
become_method: doas
roles:
+ - base
- motd-figlet
- pf
vars:
@@ -17,6 +18,7 @@
- 655
- pf_tcp_trusted_ports_allowed:
- 6679
+ - base_extra_groups: "wheel"
- name: Set up httpd server
hosts: utils
diff --git a/website.yml b/website.yml
@@ -5,6 +5,7 @@
become: yes
become_method: doas
roles:
+ - base
- motd-figlet
- pf
vars:
@@ -17,6 +18,7 @@
- 5222
- 5269
- 5281
+ - base_extra_groups: "wheel"
- name: Set up httpd server
hosts: web