diff options
| -rw-r--r-- | .github/workflows/lint-ansible.yaml | 1 | ||||
| -rw-r--r-- | .pre-commit-config.yaml | 2 | ||||
| -rw-r--r-- | ansible/.gitattributes | 1 | ||||
| -rw-r--r-- | ansible/playbook.yml | 1 | ||||
| -rw-r--r-- | ansible/roles/pydis-users/defaults/main.yml | 2 | ||||
| -rw-r--r-- | ansible/roles/pydis-users/tasks/main.yml | 27 | ||||
| -rw-r--r-- | ansible/roles/pydis-users/vars/main.yml | bin | 0 -> 1011 bytes |
7 files changed, 33 insertions, 1 deletions
diff --git a/.github/workflows/lint-ansible.yaml b/.github/workflows/lint-ansible.yaml index 217967b..5359008 100644 --- a/.github/workflows/lint-ansible.yaml +++ b/.github/workflows/lint-ansible.yaml @@ -22,6 +22,7 @@ jobs: run: | cd ansible echo "$VAULT_PASSWORD" > vault_passwords + grep -R GITCRYPT --files-with-matches . | xargs rm ansible-lint --offline env: VAULT_PASSWORD: "${{ secrets.vault-password }}" diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8229e8b..b133272 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,4 +1,4 @@ -exclude: (secrets?\.ya?ml)|(ghcr-pull-secrets\.yaml)$ +exclude: (secrets?\.ya?ml)|(ghcr-pull-secrets\.yaml)|pydis-users/vars/main.yml$ repos: - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.5.0 diff --git a/ansible/.gitattributes b/ansible/.gitattributes new file mode 100644 index 0000000..923ae1a --- /dev/null +++ b/ansible/.gitattributes @@ -0,0 +1 @@ +roles/pydis-users/vars/main.yml filter=git-crypt diff=git-crypt diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 2ada9c6..7881bf4 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -2,6 +2,7 @@ hosts: all roles: - common + - pydis-users - ufw - prometheus-node-exporter - wireguard diff --git a/ansible/roles/pydis-users/defaults/main.yml b/ansible/roles/pydis-users/defaults/main.yml new file mode 100644 index 0000000..4170b63 --- /dev/null +++ b/ansible/roles/pydis-users/defaults/main.yml @@ -0,0 +1,2 @@ +--- +pydis_users__users: [] diff --git a/ansible/roles/pydis-users/tasks/main.yml b/ansible/roles/pydis-users/tasks/main.yml new file mode 100644 index 0000000..8378af8 --- /dev/null +++ b/ansible/roles/pydis-users/tasks/main.yml @@ -0,0 +1,27 @@ +--- +- name: Create users + ansible.builtin.user: + name: "{{ item.key }}" + groups: "{{ item.value.groups | default(omit) }}" + password: "{{ item.value.hashed_password | default(omit) }}" + shell: /bin/bash + state: present + loop_control: + label: "{{ item.key }}" + loop: "{{ pydis_users__users | dict2items }}" + tags: + - role::pydis-users + +- name: Manage authorized keys + ansible.posix.authorized_key: + comment: Ansible managed + exclusive: true + key: "{{ item.value.ssh_key }}" + key_options: "{{ item.value.ssh_key_options | default(omit) }}" + user: "{{ item.key }}" + state: present + loop_control: + label: "{{ item.key }}" + loop: "{{ pydis_users__users | dict2items }}" + tags: + - role::pydis-users diff --git a/ansible/roles/pydis-users/vars/main.yml b/ansible/roles/pydis-users/vars/main.yml Binary files differnew file mode 100644 index 0000000..ef918e6 --- /dev/null +++ b/ansible/roles/pydis-users/vars/main.yml |