From 35890645a659df7bbb80431cc7b05bf4ea51eea8 Mon Sep 17 00:00:00 2001 From: Markus Pesch Date: Mon, 9 May 2022 10:17:07 +0200 Subject: [PATCH] Initial Commit --- .ansible-lint | 3 + .drone.yml | 42 ++++++++++ .editorconfig | 12 +++ .markdownlint.yaml | 143 +++++++++++++++++++++++++++++++++++ LICENSE | 20 +++++ README.md | 23 ++++++ defaults/default.yml | 26 +++++++ meta/main.yml | 23 ++++++ renovate.json | 17 +++++ tasks/create_unix_group.yml | 14 ++++ tasks/create_unix_user.yml | 95 +++++++++++++++++++++++ tasks/main.yml | 29 +++++++ tasks/remove_unix_group.yml | 6 ++ tasks/remove_unix_user.yml | 7 ++ templates/authorized_keys.j2 | 7 ++ templates/forward.j2 | 1 + 16 files changed, 468 insertions(+) create mode 100644 .ansible-lint create mode 100644 .drone.yml create mode 100644 .editorconfig create mode 100644 .markdownlint.yaml create mode 100644 LICENSE create mode 100644 README.md create mode 100644 defaults/default.yml create mode 100644 meta/main.yml create mode 100644 renovate.json create mode 100644 tasks/create_unix_group.yml create mode 100644 tasks/create_unix_user.yml create mode 100644 tasks/main.yml create mode 100644 tasks/remove_unix_group.yml create mode 100644 tasks/remove_unix_user.yml create mode 100644 templates/authorized_keys.j2 create mode 100644 templates/forward.j2 diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..dff231b --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,3 @@ +--- + +skip_list: [] \ No newline at end of file diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 0000000..c147d5c --- /dev/null +++ b/.drone.yml @@ -0,0 +1,42 @@ +--- +kind: pipeline +type: kubernetes +name: linter + +platform: + os: linux + +steps: +- name: markdown lint + commands: + - markdownlint *.md + image: docker.io/volkerraschek/markdownlint:0.31.1 + resources: + limits: + cpu: 50 + memory: 50M + +- name: email-notification + environment: + PLUGIN_HOST: + from_secret: smtp_host + PLUGIN_USERNAME: + from_secret: smtp_username + PLUGIN_PASSWORD: + from_secret: smtp_password + PLUGIN_FROM: + from_secret: smtp_mail_address + image: docker.io/drillster/drone-email:latest + resources: + limits: + cpu: 50 + memory: 25M + when: + status: + - changed + - failure + +trigger: + event: + exclude: + - tag diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..ad4c311 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,12 @@ +# EditorConfig is awesome: https://EditorConfig.org + +# top-most EditorConfig file +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = false diff --git a/.markdownlint.yaml b/.markdownlint.yaml new file mode 100644 index 0000000..a8a3ae0 --- /dev/null +++ b/.markdownlint.yaml @@ -0,0 +1,143 @@ +# markdownlint YAML configuration +# https://github.com/DavidAnson/markdownlint/blob/main/schema/.markdownlint.yaml + +# Default state for all rules +default: true + +# Path to configuration file to extend +extends: null + +# MD003/heading-style/header-style - Heading style +MD003: + # Heading style + style: "atx" + +# MD004/ul-style - Unordered list style +MD004: + style: "dash" + +# MD007/ul-indent - Unordered list indentation +MD007: + # Spaces for indent + indent: 2 + # Whether to indent the first level of the list + start_indented: false + +# MD009/no-trailing-spaces - Trailing spaces +MD009: + # Spaces for line break + br_spaces: 2 + # Allow spaces for empty lines in list items + list_item_empty_lines: false + # Include unnecessary breaks + strict: false + +# MD010/no-hard-tabs - Hard tabs +MD010: + # Include code blocks + code_blocks: true + +# MD012/no-multiple-blanks - Multiple consecutive blank lines +MD012: + # Consecutive blank lines + maximum: 1 + +# MD013/line-length - Line length +MD013: + # Number of characters + line_length: 80 + # Number of characters for headings + heading_line_length: 80 + # Number of characters for code blocks + code_block_line_length: 80 + # Include code blocks + code_blocks: false + # Include tables + tables: false + # Include headings + headings: true + # Include headings + headers: true + # Strict length checking + strict: false + # Stern length checking + stern: false + +# MD022/blanks-around-headings/blanks-around-headers - Headings should be surrounded by blank lines +MD022: + # Blank lines above heading + lines_above: 1 + # Blank lines below heading + lines_below: 1 + +# MD024/no-duplicate-heading/no-duplicate-header - Multiple headings with the same content +MD024: + # Only check sibling headings + allow_different_nesting: true + +# MD025/single-title/single-h1 - Multiple top-level headings in the same document +MD025: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD026/no-trailing-punctuation - Trailing punctuation in heading +MD026: + # Punctuation characters + punctuation: ".,;:!。,;:!" + +# MD029/ol-prefix - Ordered list item prefix +MD029: + # List style + style: "one_or_ordered" + +# MD030/list-marker-space - Spaces after list markers +MD030: + # Spaces for single-line unordered list items + ul_single: 1 + # Spaces for single-line ordered list items + ol_single: 1 + # Spaces for multi-line unordered list items + ul_multi: 1 + # Spaces for multi-line ordered list items + ol_multi: 1 + +# MD033/no-inline-html - Inline HTML +MD033: + # Allowed elements + allowed_elements: [] + +# MD035/hr-style - Horizontal rule style +MD035: + # Horizontal rule style + style: "---" + +# MD036/no-emphasis-as-heading/no-emphasis-as-header - Emphasis used instead of a heading +MD036: + # Punctuation characters + punctuation: ".,;:!?。,;:!?" + +# MD041/first-line-heading/first-line-h1 - First line in a file should be a top-level heading +MD041: + # Heading level + level: 1 + # RegExp for matching title in front matter + front_matter_title: "^\\s*title\\s*[:=]" + +# MD044/proper-names - Proper names should have the correct capitalization +MD044: + # List of proper names + names: [] + # Include code blocks + code_blocks: false + +# MD046/code-block-style - Code block style +MD046: + # Block style + style: "fenced" + +# MD048/code-fence-style - Code fence style +MD048: + # Code fence syle + style: "backtick" \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..51ff935 --- /dev/null +++ b/LICENSE @@ -0,0 +1,20 @@ +Copyright (c) 2022 Markus Pesch + +Permission is hereby granted, free of charge, to any person obtaining +a copy of this software and associated documentation files (the +"Software"), to deal in the Software without restriction, including +without limitation the rights to use, copy, modify, merge, publish, +distribute, sublicense, and/or sell copies of the Software, and to +permit persons to whom the Software is furnished to do so, subject to +the following conditions: + +The above copyright notice and this permission notice shall be +included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..cff5a8f --- /dev/null +++ b/README.md @@ -0,0 +1,23 @@ +# unix_users + +[![Build Status](https://drone.cryptic.systems/api/badges/volker.raschek/unix_users-role/status.svg)](https://drone.cryptic.systems/volker.raschek/unix_users-role) +[![Ansible Role](https://img.shields.io/ansible/role/d/58433)](https://galaxy.ansible.com/volker_raschek/unix_users) + +With following role can be unix users and groups configured. + +## Supported distributions + +- Arch Linux +- Ubuntu 20.04 + +## Features + +- Setting up unix users and groups +- Setting up private and public ssh keys +- Setting up private and public gpg keys +- Setting up .forward file for postfix + +## Configuring + +In the default directory are examples how to configure the role. Copy the +defaults into your `host_vars` or `group_vars` and adapt the examples. diff --git a/defaults/default.yml b/defaults/default.yml new file mode 100644 index 0000000..ec41d61 --- /dev/null +++ b/defaults/default.yml @@ -0,0 +1,26 @@ +--- + +# unix_groups: +# kah: +# gid: 568 +# state: present +# markus: {} +# movies: +# state: absent + +# unix_users: +# markus: +# name: "Markus Pesch" +# ssh_keys: +# public: +# - markus@markus-pc.pub +# - markus@markus-nb.pub +# shell: /bin/bash +# group: markus +# groups: +# - movies +# - music +# - series +# password: "" +# email: markus.pesch@cryptic.systems +# state: present diff --git a/meta/main.yml b/meta/main.yml new file mode 100644 index 0000000..a43bf34 --- /dev/null +++ b/meta/main.yml @@ -0,0 +1,23 @@ +galaxy_info: + role_name: unix_users + author: Markus Pesch + description: Role to create and configure unix users and groups + company: Cryptic Systems + license: MIT + min_ansible_version: "2.9" + platforms: + - name: ArchLinux + versions: + - all + - name: Ubuntu + versions: + - all + - name: Fedora + versions: + - "35" + + galaxy_tags: + - unix_users + - unix_groups + +dependencies: [] diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..0eb214c --- /dev/null +++ b/renovate.json @@ -0,0 +1,17 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "assignees": [ "volker.raschek" ], + "automergeStrategy": "merge-commit", + "automergeType": "pr", + "labels": [ "renovate" ], + "packageRules": [ + { + "addLabels": [ "renovate/droneci", "renovate/automerge" ], + "automerge": true, + "matchManagers": "droneci", + "matchUpdateTypes": [ "minor", "patch"] + } + ], + "rebaseLabel": "renovate/rebase", + "rebaseWhen": "behind-base-branch" +} diff --git a/tasks/create_unix_group.yml b/tasks/create_unix_group.yml new file mode 100644 index 0000000..ecce0dc --- /dev/null +++ b/tasks/create_unix_group.yml @@ -0,0 +1,14 @@ +--- + +- name: Create unix group {{ unix_group.key }} with random gid + group: + name: "{{ unix_group.key }}" + state: "{{ unix_group.value.state | default('present') }}" + when: unix_group.value.gid is not defined or unix_group.value.gid is defined and unix_group.value.gid == "" + +- name: Create unix group {{ unix_group.key }} with pre-defined gid + group: + name: "{{ unix_group.key }}" + gid: "{{ unix_group.value.gid }}" + state: "{{ unix_group.value.state | default('present') }}" + when: unix_group.value.gid is defined and unix_group.value.gid != "" \ No newline at end of file diff --git a/tasks/create_unix_user.yml b/tasks/create_unix_user.yml new file mode 100644 index 0000000..bc55074 --- /dev/null +++ b/tasks/create_unix_user.yml @@ -0,0 +1,95 @@ +--- + +- name: Define home directory for user {{ unix_user.key }} + set_fact: + user_user_home: "{{ unix_user.value.home | default('/home/' + unix_user.key) }}" + +- name: Create unix user {{ unix_user.key }} without additional groups and uid + user: + name: "{{ unix_user.key }}" + group: "{{ unix_user.value.group | default('users') }}" + comment: "{{ unix_user.value.name }}" + create_home: "{{ unix_user.value.create_home | default(true) }}" + home: "{{ user_user_home }}" + shell: "{{ unix_user.value.shell | default('/bin/bash') }}" + password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}" + state: present + when: "unix_user.value.groups is not defined and unix_user.value.uid is not defined" + +- name: Create unix user {{ unix_user.key }} without additional groups and with uid + user: + name: "{{ unix_user.key }}" + uid: "{{ unix_user.value.uid }}" + group: "{{ unix_user.value.group | default('users') }}" + comment: "{{ unix_user.value.name }}" + create_home: "{{ unix_user.value.create_home | default(true) }}" + home: "{{ user_user_home }}" + shell: "{{ unix_user.value.shell | default('/bin/bash') }}" + password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}" + state: present + when: "unix_user.value.groups is not defined and unix_user.value.uid is defined" + +- name: Create unix user {{ unix_user.key }} with additional groups and uid + user: + name: "{{ unix_user.key }}" + uid: "{{ unix_user.value.uid }}" + group: "{{ unix_user.value.group | default('users') }}" + groups: "{{ unix_user.value.groups | join(',') }}" + comment: "{{ unix_user.value.name }}" + create_home: "{{ unix_user.value.create_home | default(true) }}" + home: "{{ user_user_home }}" + shell: "{{ unix_user.value.shell | default('/bin/bash') }}" + password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}" + state: present + when: "unix_user.value.groups is defined and unix_user.value.uid is defined" + +- name: Create unix user {{ unix_user.key }} with additional groups and without uid + user: + name: "{{ unix_user.key }}" + group: "{{ unix_user.value.group | default('users') }}" + groups: "{{ unix_user.value.groups | join(',') }}" + comment: "{{ unix_user.value.name }}" + create_home: "{{ unix_user.value.create_home | default(true) }}" + home: "{{ user_user_home }}" + shell: "{{ unix_user.value.shell | default('/bin/bash') }}" + password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}" + state: present + when: "unix_user.value.groups is defined and unix_user.value.uid is not defined" + +- name: Create .ssh directory for user {{ unix_user.key }} + file: + path: "{{ user_user_home }}/.ssh" + owner: "{{ unix_user.key }}" + group: "{{ unix_user.value.group | default('users') }}" + mode: 0700 + state: directory + +- name: Create authorized_keys file for user {{ unix_user.key }} + template: + src: authorized_keys.j2 + dest: "{{ user_user_home }}/.ssh/authorized_keys" + owner: "{{ unix_user.key }}" + group: "{{ unix_user.value.group | default('users') }}" + mode: 0600 + when: unix_user.value.ssh_keys is defined and unix_user.value.ssh_keys.public | length > 0 + +- name: Remove authorized_keys file for user {{ unix_user.key }} + file: + path: "{{ user_user_home }}/.ssh/authorized_keys" + state: absent + when: unix_user.value.ssh_keys.public is not defined or unix_user.value.ssh_keys.public | length <= 0 + +- name: Create .forward file to forward emails for user {{ unix_user.key }} + template: + src: forward.j2 + dest: "{{ user_user_home }}/.forward" + owner: "{{ unix_user.key }}" + group: "{{ unix_user.value.group | default('users') }}" + mode: 0644 + when: unix_user.value.email is defined + +- name: Remove .forward file to forward emails for user {{ unix_user.key }} + file: + path: "{{ user_user_home }}/.forward" + state: absent + when: unix_user.value.email is not defined \ No newline at end of file diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..d5abcd4 --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,29 @@ +--- + +- name: Remove unix groups + include_tasks: remove_unix_group.yml + with_dict: "{{ unix_groups }}" + loop_control: + loop_var: unix_group + when: unix_group.value.state is defined and unix_group.value.state == 'absent' + +- name: Remove unix user + include_tasks: remove_unix_user.yml + with_dict: "{{ unix_users }}" + loop_control: + loop_var: unix_user + when: unix_user.value.state is defined and unix_user.value.state == 'absent' + +- name: Create unix groups + include_tasks: create_unix_group.yml + with_dict: "{{ unix_groups }}" + loop_control: + loop_var: unix_group + when: unix_group.value.state is defined and unix_group.value.state == 'present' or unix_group.value.state is not defined + +- name: Create unix users + include_tasks: create_unix_user.yml + with_dict: "{{ unix_users }}" + loop_control: + loop_var: unix_user + when: unix_user.value.state is defined and unix_user.value.state == 'present' or unix_user.value.state is not defined diff --git a/tasks/remove_unix_group.yml b/tasks/remove_unix_group.yml new file mode 100644 index 0000000..7f7e9c6 --- /dev/null +++ b/tasks/remove_unix_group.yml @@ -0,0 +1,6 @@ +--- + +- name: Remove unix group {{ unix_group.key }} + group: + name: "{{ unix_group.value.name }}" + state: absent \ No newline at end of file diff --git a/tasks/remove_unix_user.yml b/tasks/remove_unix_user.yml new file mode 100644 index 0000000..6205202 --- /dev/null +++ b/tasks/remove_unix_user.yml @@ -0,0 +1,7 @@ +--- + +- name: Remove unix user {{ unix_user.key }} + group: + name: "{{ unix_user.value.name }}" + state: absent + remove: yes \ No newline at end of file diff --git a/templates/authorized_keys.j2 b/templates/authorized_keys.j2 new file mode 100644 index 0000000..459c4c7 --- /dev/null +++ b/templates/authorized_keys.j2 @@ -0,0 +1,7 @@ +#jinja2: lstrip_blocks: True +# +# {{ ansible_managed }} +# +{% for key in unix_user.value.ssh_keys.public %} +{{ lookup('file', 'ssh/pubkeys/' + key) }} +{% endfor %} diff --git a/templates/forward.j2 b/templates/forward.j2 new file mode 100644 index 0000000..c1879a5 --- /dev/null +++ b/templates/forward.j2 @@ -0,0 +1 @@ +{{ unix_user.value.email }} \ No newline at end of file