You've already forked ansible-role-unix-users
Compare commits
14 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
88e9a163e1
|
|||
|
69491c9aa0
|
|||
|
47d9a58910
|
|||
| e176bb0bee | |||
9acd6de876
|
|||
| c0566e2416 | |||
|
509882a193
|
|||
| e98925af4b | |||
|
8a25dac377
|
|||
| 7602cc621c | |||
|
b7560320dc
|
|||
| 4241502728 | |||
|
f5062ff179
|
|||
|
e4c12b9856
|
@@ -12,9 +12,9 @@ jobs:
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v5.0.1
|
||||
- uses: actions/checkout@v6.0.1
|
||||
- name: Run ansible-lint
|
||||
uses: ansible/ansible-lint@v25.11.0
|
||||
uses: ansible/ansible-lint@v25.12.2
|
||||
with:
|
||||
args: "--config-file .ansible-lint"
|
||||
setup_python: "true"
|
||||
|
||||
@@ -12,7 +12,7 @@ jobs:
|
||||
runs-on:
|
||||
- ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v5.0.1
|
||||
- uses: actions/checkout@v6.0.1
|
||||
- uses: DavidAnson/markdownlint-cli2-action@v21.0.0
|
||||
with:
|
||||
globs: '**/*.md'
|
||||
|
||||
14
.vscode/settings.json
vendored
Normal file
14
.vscode/settings.json
vendored
Normal file
@@ -0,0 +1,14 @@
|
||||
{
|
||||
"ansible.python.interpreterPath": "/bin/python",
|
||||
"files.associations": {
|
||||
"**/.gitea/**/*.yml": "yaml",
|
||||
"**/.gitea/**/*.yaml": "yaml",
|
||||
"docker-compose*.yml": "dockercompose",
|
||||
"*.yml": "ansible",
|
||||
"*.yaml": "ansible",
|
||||
".yamllint": "yaml",
|
||||
".yamllint.yml": "yaml",
|
||||
".yamllint.yaml": "yaml"
|
||||
},
|
||||
"rewrap.wrappingColumn": 120
|
||||
}
|
||||
@@ -77,7 +77,11 @@ The SSH client directory `~/.ssh` can also be managed via the Ansible role. This
|
||||
`~/.ssh/config`, `~/.ssh/authorized_keys` as well as the maintenance of private and public SSH keys.
|
||||
|
||||
The following example create two entries in `~/.ssh/authorized_keys`. One normal SSH access for `claire`. If `bob`
|
||||
establish a SSH connection the command `/usr/local/bin/upload-file.sh` will be executed and exited.
|
||||
establish a SSH connection the command `/usr/local/bin/upload-file.sh` will be executed and exited. Furthermore,
|
||||
environment variables can be espcilitly defined, to consume it during execution of the command.
|
||||
|
||||
> [!IMPORTANT]
|
||||
> To allow consuming environment variables must be set `PermitUserEnvironment yes` in `/etc/ssh/sshd_config`.
|
||||
|
||||
The private key `toor@toor-pc.ed25519.key` must be stored in `ssh/private_keys`. The public key will be automatically
|
||||
extracted from the private key.
|
||||
@@ -99,6 +103,9 @@ unix_users:
|
||||
authorized_keys:
|
||||
- filename: claire@claire-pc.pub
|
||||
- command: /usr/local/bin/upload-file.sh
|
||||
environments:
|
||||
- key: SSH_KEY_NAME
|
||||
value: bob@bob-pc
|
||||
filename: bob@bob-pc.pub
|
||||
private_keys:
|
||||
- toor@toor-pc.ed25519.key
|
||||
|
||||
@@ -8,9 +8,33 @@
|
||||
when: unix_user.value.btrfs is defined and
|
||||
unix_user.value.btrfs
|
||||
block:
|
||||
- name: "Find btrfs device"
|
||||
ansible.builtin.command:
|
||||
cmd: /bin/bash -c "findmnt -no SOURCE -T {{ user_user_home }} | sed 's/\[.*\]//'"
|
||||
register: _unix_users_btrfs_device
|
||||
failed_when: _unix_users_btrfs_device.rc != 0
|
||||
changed_when: _unix_users_btrfs_device.rc == 0
|
||||
|
||||
- name: "Found btrfs device"
|
||||
ansible.builtin.debug:
|
||||
msg: _unix_users_btrfs_device.stdout
|
||||
when: _unix_users_debug is defined and
|
||||
_unix_users_debug is true
|
||||
|
||||
- name: "Determine filesystem of device"
|
||||
ansible.builtin.set_fact:
|
||||
_unix_users_device_filesystem: "{{ ansible_facts['mounts'] | selectattr('device', 'equalto', _unix_users_btrfs_device.stdout) | map(attribute='fstype') | first }}"
|
||||
|
||||
- name: "Fail if device does not have a btrfs file system"
|
||||
ansible.builtin.fail:
|
||||
msg: "Determined device {{ _unix_users_btrfs_device.stdout }} does not have a btrfs filesystem"
|
||||
when: _unix_users_device_filesystem != 'btrfs'
|
||||
|
||||
- name: "Create btrfs volume for unix user: {{ unix_user.key }}"
|
||||
community.general.btrfs_subvolume:
|
||||
filesystem_device: "{{ _unix_users_btrfs_device.stdout }}"
|
||||
name: "{{ user_user_home }}"
|
||||
state: present
|
||||
- name: "Adapt home dir permissions"
|
||||
ansible.builtin.file:
|
||||
path: "{{ user_user_home }}"
|
||||
|
||||
@@ -3,9 +3,26 @@
|
||||
# {{ ansible_managed }}
|
||||
#
|
||||
{% for authorized_key in unix_user.value.ssh.authorized_keys %}
|
||||
{% if authorized_key.command is defined and authorized_key.command | length > 0 %}
|
||||
command="{{ authorized_key.command }}" {{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
|
||||
{% else %}
|
||||
{% set _args = [] %}
|
||||
{% if authorized_key.command is defined and authorized_key.command | length > 0 %}
|
||||
{% set _args = _args + [ "command=\"" + authorized_key.command + "\"" ] %}
|
||||
{% endif %}
|
||||
{% if authorized_key.environments is defined %}
|
||||
{% set ns = namespace(envs=[]) %}
|
||||
{% for environment in authorized_key.environments %}
|
||||
{% if environment.key is defined and environment.key | length > 0 and
|
||||
environment.value is defined and environment.value | length > 0
|
||||
%}
|
||||
{% set ns.envs = ns.envs + [ environment.key + "=" + environment.value ] %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
{% if ns.envs | length > 0 %}
|
||||
{% set _args = _args + [ "environment=\"" + (ns.envs | join(',')) + "\"" ] %}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% if _args | length > 0 %}
|
||||
{{ _args | join(',') }} {{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
|
||||
{% else %}
|
||||
{{ lookup('file', 'ssh/authorized_keys/' + authorized_key.filename ) }}
|
||||
{% endif %}
|
||||
{% endif %}
|
||||
{% endfor %}
|
||||
|
||||
Reference in New Issue
Block a user