From 10cd9b93f41d8b7f71b2b65a51c35f81c5db3eec Mon Sep 17 00:00:00 2001 From: memiah-steve Date: Thu, 10 Jan 2019 15:44:14 +0000 Subject: [PATCH] Allow for additional users and groups to be defined. --- README.md | 9 +++++++++ defaults/main.yml | 12 ++++++++---- tasks/main.yml | 25 +++++++++++++++---------- 3 files changed, 32 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 7e2cdfa..2619aa6 100644 --- a/README.md +++ b/README.md @@ -28,6 +28,11 @@ addition to the [username] group) by adding them as a comma-separated list in gr added using the authorized_keys options with a list of keys. Specify a github username to fetch authorised keys from GitHub. + ssh_config_groups_additional: [] + +Additional system users that can be assigned to specific inventories or roles, useful when using `ssh_config_users` as a common default user list. + + ssh_config_users_absent: [] # You can specify an object with 'name' (required): # - name: example @@ -44,6 +49,10 @@ A list of users who should not be present on the server and should be removed. System groups that should be created. These can be assigned to users defined in `ssh_config_users`. If the group should be allowed passwordless_sudo, optionally set that here. + ssh_config_groups_additional: [] + +Additional system groups that can be assigned to specific inventories or roles, useful when using `ssh_config_groups` as a common default group list. + ssh_config_groups_absent: [] # You can specify an object with 'name' (required): # - name: example diff --git a/defaults/main.yml b/defaults/main.yml index 526deec..3ec25a9 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,14 +1,16 @@ --- ssh_config_groups: [] # - name: example - # passwordless_sudo: True +# passwordless_sudo: True + +ssh_config_groups_additional: [] ssh_config_groups_absent: [] # You can specify an object with 'name' (required): # - name: example # Or you can specify a group directly: - # - example +# - example ssh_config_users: [] # You can specify an object with 'name' (required) and 'groups' (optional): @@ -18,14 +20,16 @@ ssh_config_users: [] # - "ssh-rsa ..." # Or you can specify a GitHub username: - # - github: memiah +# - github: memiah + +ssh_config_users_additional: [] ssh_config_users_absent: [] # You can specify an object with 'name' (required): # - name: example # Or you can specify a username directly: - # - example +# - example ssh_config_github_url: https://github.com diff --git a/tasks/main.yml b/tasks/main.yml index 1e43a59..5f62a98 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,9 +1,14 @@ --- +- name: Combine core groups and users with any additional values. + set_fact: + ssh_config_groups_combined: "{{ ssh_config_groups + ssh_config_groups_additional }}" + ssh_config_users_combined: "{{ ssh_config_users + ssh_config_users_additional }}" + - name: Ensure system groups are present. group: name: "{{ item.name }}" state: present - with_items: "{{ ssh_config_groups }}" + with_items: "{{ ssh_config_groups_combined }}" - name: Remove unwanted system groups. group: @@ -19,14 +24,14 @@ groups: "{{ item.groups | default(omit) }}" home: /home/{{ item.name | default(item.github) }} state: present - with_items: "{{ ssh_config_users }}" + with_items: "{{ ssh_config_users_combined }}" - name: Ensure authorized_keys for GitHub user accounts are present. authorized_key: user: "{{ item.name | default(item.github) }}" key: "{{ ssh_config_github_url }}/{{ item.github }}.keys" manage_dir: yes - with_items: "{{ ssh_config_users }}" + with_items: "{{ ssh_config_users_combined }}" when: item.github is defined - name: Set authorized_keys for user accounts @@ -34,10 +39,10 @@ user: "{{ item.0.name | default(item.0.github) }}" key: "{{ item.1 }}" with_subelements: - - "{{ ssh_config_users }}" - - authorized_keys - - flags: - skip_missing: True + - "{{ ssh_config_users_combined }}" + - authorized_keys + - flags: + skip_missing: True - name: Ensure user accounts in ssh_config_users_absent are absent. user: @@ -61,10 +66,10 @@ group: root mode: 0440 validate: "visudo -cf %s" - with_items: "{{ ssh_config_groups }}" + with_items: "{{ ssh_config_groups_combined }}" when: - - item.passwordless_sudo is defined - - item.passwordless_sudo == True + - item.passwordless_sudo is defined + - item.passwordless_sudo == True - name: Copy /etc/sudoers.d/ssh_auth_sock into place. copy: