You've already forked ansible-role-unix-users
Compare commits
1 Commits
master
...
f188ce9ac7
Author | SHA1 | Date | |
---|---|---|---|
f188ce9ac7
|
@ -14,7 +14,7 @@ jobs:
|
|||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
- name: Run ansible-lint
|
- name: Run ansible-lint
|
||||||
uses: ansible/ansible-lint@v25.6.1
|
uses: ansible/ansible-lint@v25.4.0
|
||||||
with:
|
with:
|
||||||
args: "--config-file .ansible-lint"
|
args: "--config-file .ansible-lint"
|
||||||
setup_python: "true"
|
setup_python: "true"
|
||||||
|
@ -1,5 +1,3 @@
|
|||||||
---
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Documentation:
|
# Documentation:
|
||||||
# https://yamllint.readthedocs.io/en/stable/
|
# https://yamllint.readthedocs.io/en/stable/
|
||||||
|
190
README.md
190
README.md
@ -1,183 +1,23 @@
|
|||||||
# volker-raschek.unix-users
|
# unix_users
|
||||||
|
|
||||||

|
[](https://drone.cryptic.systems/volker.raschek/unix_users-role)
|
||||||
|
[](https://galaxy.ansible.com/volker_raschek/unix_users)
|
||||||
|
|
||||||
The ansible role `volker-raschek.unix-users` create and manage users on Linux based distributions. For example for Arch
|
With following role can be unix users and groups configured.
|
||||||
Linux, Fedora and Ubuntu. Furthermore, the role can also be used to create groups, `~/.forward`, `~/.netrc` and to
|
|
||||||
manage the `~/.ssh` directory.
|
|
||||||
|
|
||||||
## Examples
|
## Supported distributions
|
||||||
|
|
||||||
### User and group
|
- Arch Linux
|
||||||
|
- Ubuntu 20.04
|
||||||
|
|
||||||
The following example create the user `toor` and group `toor`. Booth with a specific id.
|
## Features
|
||||||
|
|
||||||
```yaml
|
- Setting up unix users and groups
|
||||||
unix_groups:
|
- Setting up private and public ssh keys
|
||||||
toor:
|
- Setting up private and public gpg keys
|
||||||
gid: "1001"
|
- Setting up .forward file for postfix
|
||||||
state: present
|
|
||||||
|
|
||||||
unix_users:
|
## Configuring
|
||||||
toor:
|
|
||||||
state: present
|
|
||||||
name: Toor
|
|
||||||
uid: "1000"
|
|
||||||
home: /home/toor
|
|
||||||
shell: /bin/bash
|
|
||||||
password: toor
|
|
||||||
group: toor
|
|
||||||
```
|
|
||||||
|
|
||||||
### Btrfs home dir
|
In the default directory are examples how to configure the role. Copy the
|
||||||
|
defaults into your `host_vars` or `group_vars` and adapt the examples.
|
||||||
Optionally, the home directory of a user can also be created as dedicated btrfs subvolume. This make it possible to
|
|
||||||
create snapshots of the home directory, for example via `btrbk`.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
unix_users:
|
|
||||||
toor:
|
|
||||||
state: present
|
|
||||||
name: Toor
|
|
||||||
uid: "1000"
|
|
||||||
home: /home/toor
|
|
||||||
btrfs: true
|
|
||||||
shell: /bin/bash
|
|
||||||
password: toor
|
|
||||||
group: toor
|
|
||||||
```
|
|
||||||
|
|
||||||
### .netrc
|
|
||||||
|
|
||||||
The ansible role supports the creation and management of the `.netrc` file in a user's home directory. The `.netrc` file
|
|
||||||
for the user `toor` is created below. This contains entries for GitHub.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
unix_users:
|
|
||||||
toor:
|
|
||||||
state: present
|
|
||||||
name: Toor
|
|
||||||
uid: "1000"
|
|
||||||
home: /home/toor
|
|
||||||
netrc:
|
|
||||||
- machine: github.com
|
|
||||||
login: octocat
|
|
||||||
password: pat_12345
|
|
||||||
- machine: api.github.com
|
|
||||||
login: octocat
|
|
||||||
password: pat_12345
|
|
||||||
shell: /bin/bash
|
|
||||||
password: toor
|
|
||||||
group: toor
|
|
||||||
```
|
|
||||||
|
|
||||||
### .ssh
|
|
||||||
|
|
||||||
The SSH client directory `~/.ssh` can also be managed via the Ansible role. This supports the creation and management of
|
|
||||||
`~/.ssh/config`, `~/.ssh/authorized_keys` as well as the maintenance of private and public SSH keys.
|
|
||||||
|
|
||||||
The following example create two entries in `~/.ssh/authorized_keys`. One normal SSH access for `claire`. If `bob`
|
|
||||||
establish a SSH connection the command `/usr/local/bin/upload-file.sh` will be executed and exited.
|
|
||||||
|
|
||||||
The private key `toor@toor-pc.ed25519.key` must be stored in `ssh/private_keys`. The public key will be automatically
|
|
||||||
extracted from the private key.
|
|
||||||
|
|
||||||
The public keys `claire@claire-pc.pub` as well as `bob@bob-pc.pub` must be stored in `ssh/authorized_keys`.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
unix_users:
|
|
||||||
toor:
|
|
||||||
state: present
|
|
||||||
name: Toor
|
|
||||||
uid: "1000"
|
|
||||||
home: /home/toor
|
|
||||||
ssh:
|
|
||||||
config:
|
|
||||||
- Host: "*"
|
|
||||||
StrictHostKeyChecking: "no"
|
|
||||||
UserKnownHostFile: /dev/null
|
|
||||||
authorized_keys:
|
|
||||||
- filename: claire@claire-pc.pub
|
|
||||||
- command: /usr/local/bin/upload-file.sh
|
|
||||||
filename: bob@bob-pc.pub
|
|
||||||
private_keys:
|
|
||||||
- toor@toor-pc.ed25519.key
|
|
||||||
shell: /bin/bash
|
|
||||||
password: toor
|
|
||||||
group: toor
|
|
||||||
```
|
|
||||||
|
|
||||||
### .forward
|
|
||||||
|
|
||||||
If on the system is postfix installed, postfix will respect the `~/.forward`
|
|
||||||
[file](https://www.postfix.org/local.8.html). This allows to forward local emails to external email addresses. The
|
|
||||||
following example create the `~/.forward` file for `toor` to forward emails to `toor@company.example.local`.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
unix_users:
|
|
||||||
toor:
|
|
||||||
state: present
|
|
||||||
name: Toor
|
|
||||||
uid: "1000"
|
|
||||||
home: /home/toor
|
|
||||||
email: toor@company.example.local
|
|
||||||
shell: /bin/bash
|
|
||||||
password: toor
|
|
||||||
group: toor
|
|
||||||
```
|
|
||||||
|
|
||||||
### shell_rc files
|
|
||||||
|
|
||||||
The role also supports the creation of bashrc drop-in files. These are created in `~/.bashrc.d` and included by
|
|
||||||
`~/.bashrc` via `source`.
|
|
||||||
|
|
||||||
Program-related configurations can be made via a drop-in file. For example, the configuration of the bash history via
|
|
||||||
the environment variables `HISTCONTROL` or `HISTFILE`. In addition to environment variables, aliases and complete
|
|
||||||
functions can also be defined.
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
unix_users:
|
|
||||||
toor:
|
|
||||||
state: present
|
|
||||||
name: Toor
|
|
||||||
uid: "1000"
|
|
||||||
home: /home/toor
|
|
||||||
email: toor@company.example.local
|
|
||||||
shell: /bin/bash
|
|
||||||
shell_rc_files:
|
|
||||||
- file: "/home/toor/.bashrc.d/10-docker.bashrc" # absolute or relative path to home dir
|
|
||||||
aliases:
|
|
||||||
- key: "dcd"
|
|
||||||
value: "docker-compose down"
|
|
||||||
envs:
|
|
||||||
- export: true
|
|
||||||
key: "PATH"
|
|
||||||
value: "/home/toor/workspace/docker-compose/bin:${PATH}" # Add local compiled docker-compose into $PATH
|
|
||||||
functions:
|
|
||||||
- name: "foo"
|
|
||||||
value: |
|
|
||||||
if ! which docker 1> /dev/null; then
|
|
||||||
echo "ERROR: docker not found" 1>&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
password: toor
|
|
||||||
group: toor
|
|
||||||
```
|
|
||||||
|
|
||||||
## Further ansible roles
|
|
||||||
|
|
||||||
This ansible role is used in combination with other ansible roles of `volker-raschek`. You can search for the other
|
|
||||||
ansible roles via the following command.
|
|
||||||
|
|
||||||
```bash
|
|
||||||
$ ansible-galaxy role search --author "volker-raschek"
|
|
||||||
|
|
||||||
Found roles matching your search:
|
|
||||||
|
|
||||||
Name Description
|
|
||||||
---- -----------
|
|
||||||
volker-raschek.bind9 Role to install and configure bind9 on different distributions
|
|
||||||
volker-raschek.dhcpd Role to install and configure dhcpd on different distributions
|
|
||||||
volker-raschek.renovate Role to configure renovate as container image
|
|
||||||
...
|
|
||||||
```
|
|
||||||
|
@ -25,10 +25,6 @@ unix_users: {}
|
|||||||
# - alice@alice-pc.ed25519.key
|
# - alice@alice-pc.ed25519.key
|
||||||
# home: /home/alice
|
# home: /home/alice
|
||||||
# btrfs: false
|
# btrfs: false
|
||||||
# netrc:
|
|
||||||
# - machine: hostame.local
|
|
||||||
# login: username
|
|
||||||
# password: password
|
|
||||||
# shell: /bin/bash
|
# shell: /bin/bash
|
||||||
# shell_rc_files:
|
# shell_rc_files:
|
||||||
# - file: "/home/alice/.bashrc.d/docker.bashrc" # absolute or relative path to home dir
|
# - file: "/home/alice/.bashrc.d/docker.bashrc" # absolute or relative path to home dir
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
galaxy_info:
|
galaxy_info:
|
||||||
namespace: volker-raschek
|
namespace: volker_raschek
|
||||||
role_name: "unix_users"
|
role_name: "unix_users"
|
||||||
author: "Markus Pesch"
|
author: "Markus Pesch"
|
||||||
description: "Role to create and configure unix users and groups"
|
description: "Role to create and configure unix users and groups"
|
||||||
|
@ -195,12 +195,3 @@
|
|||||||
- "{{ unix_user.value.shell_rc_files }}"
|
- "{{ unix_user.value.shell_rc_files }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: shell_rc_file
|
loop_var: shell_rc_file
|
||||||
|
|
||||||
- name: "Create .netrc file"
|
|
||||||
when: unix_user.value.netrc is defined and unix_user.value.netrc | length > 0
|
|
||||||
ansible.builtin.template:
|
|
||||||
src: netrc.j2
|
|
||||||
dest: "{{ user_user_home }}/.netrc"
|
|
||||||
owner: "{{ unix_user.key }}"
|
|
||||||
group: "{{ unix_user.value.group | default('users') }}"
|
|
||||||
mode: "0600"
|
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
{% for netrc in unix_user.value.netrc %}
|
|
||||||
machine {{ netrc.maschine }} login {{ netrc.login }} password {{ netrc.password }}
|
|
||||||
{% endfor %}
|
|
Reference in New Issue
Block a user