added users conf to ansible rollout

2026-01-09 11:49:22 +00:00
parent 73c8cb8e8c
commit 9182782387
5 changed files with 70 additions and 1 deletions
--- a/infrastructure/ansible/deploy.yml
+++ b/infrastructure/ansible/deploy.yml
@@ -18,6 +18,8 @@
  roles:
    # Stelle sicher, dass jeder Host Docker & Co hat
    - common
+    # User Management
+    - users

  tasks:
    # --- 1. Identifikation (Lokal prüfen, was der Host bekommen soll) ---
--- a/infrastructure/ansible/group_vars/all/users.yml
+++ b/infrastructure/ansible/group_vars/all/users.yml
@@ -0,0 +1,12 @@
+users_list:
+  - username: nick
+    state: present
+    groups: [sudo, docker]
+    ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDNhzTnunFTn0aUL9BLdUFCrNreNBC6LmB0Vn/K4Jnv nick@pc"
+    shell: /bin/bash
+
+#  - username: admin
+#    state: present
+#    ssh_key: "ssh-ed25519 BBBB..." # Weiterer Key
+#    groups: [sudo, docker]
+
--- a/infrastructure/ansible/pull_deploy.yml
+++ b/infrastructure/ansible/pull_deploy.yml
@@ -72,7 +72,15 @@
      # Sicherheitshalber: Lösche nichts, was 'vault' heißt, falls Config kaputt ist
      when: app_name_to_remove != 'vault' 

-    # 5. Deploy Apps (Update/Install)
+    # 5. Rollen ausführen (Common & Users auch im Pull-Mode aktuell halten)
+    - name: "Führe Rollen aus"
+      include_role:
+        name: "{{ item }}"
+      loop:
+        - common
+        - users
+
+    # 6. Deploy Apps (Update/Install)
    - name: "Deploy Apps Loop"
      include_tasks: deploy_logic_pull.yml
      loop: "{{ wanted_apps }}"
--- a/infrastructure/ansible/roles/users/defaults/main.yml
+++ b/infrastructure/ansible/roles/users/defaults/main.yml
@@ -0,0 +1,13 @@
+---
+# Default configuration for users role
+# Can be overridden in host_vars or group_vars
+
+users_list: []
+# Example structure:
+# users_list:
+#   - username: nick
+#     state: present # or absent
+#     groups: [sudo, docker]
+#     ssh_key: "ssh-ed25519 AAAA..."
+#     shell: /bin/bash
+
--- a/infrastructure/ansible/roles/users/tasks/main.yml
+++ b/infrastructure/ansible/roles/users/tasks/main.yml
@@ -0,0 +1,34 @@
+---
+- name: "Erstelle Gruppen"
+  group:
+    name: "{{ item }}"
+    state: present
+  loop: "{{ users_list | map(attribute='groups') | flatten | unique | default([]) }}"
+
+- name: "Verwalte Benutzer"
+  user:
+    name: "{{ item.username }}"
+    state: "{{ item.state | default('present') }}"
+    groups: "{{ item.groups | default([]) }}"
+    shell: "{{ item.shell | default('/bin/bash') }}"
+    append: true # Keep existing groups
+    create_home: true
+  loop: "{{ users_list }}"
+  when: item.state | default('present') == 'present'
+
+- name: "Setze SSH Authorized Keys"
+  authorized_key:
+    user: "{{ item.username }}"
+    state: present
+    key: "{{ item.ssh_key }}"
+  loop: "{{ users_list }}"
+  when: item.state | default('present') == 'present' and item.ssh_key is defined
+
+- name: "Entferne Benutzer (falls state=absent)"
+  user:
+    name: "{{ item.username }}"
+    state: absent
+    remove: true # Delete home directory
+  loop: "{{ users_list }}"
+  when: item.state | default('present') == 'absent'
+