added users conf to ansible rollout
This commit is contained in:
Ubuntu
@@ -18,6 +18,8 @@
|
|||||||
roles:
|
roles:
|
||||||
# Stelle sicher, dass jeder Host Docker & Co hat
|
# Stelle sicher, dass jeder Host Docker & Co hat
|
||||||
- common
|
- common
|
||||||
|
# User Management
|
||||||
|
- users
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
# --- 1. Identifikation (Lokal prüfen, was der Host bekommen soll) ---
|
# --- 1. Identifikation (Lokal prüfen, was der Host bekommen soll) ---
|
||||||
|
|||||||
12
infrastructure/ansible/group_vars/all/users.yml
Normal file
12
infrastructure/ansible/group_vars/all/users.yml
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
users_list:
|
||||||
|
- username: nick
|
||||||
|
state: present
|
||||||
|
groups: [sudo, docker]
|
||||||
|
ssh_key: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDNhzTnunFTn0aUL9BLdUFCrNreNBC6LmB0Vn/K4Jnv nick@pc"
|
||||||
|
shell: /bin/bash
|
||||||
|
|
||||||
|
# - username: admin
|
||||||
|
# state: present
|
||||||
|
# ssh_key: "ssh-ed25519 BBBB..." # Weiterer Key
|
||||||
|
# groups: [sudo, docker]
|
||||||
|
|
||||||
@@ -72,7 +72,15 @@
|
|||||||
# Sicherheitshalber: Lösche nichts, was 'vault' heißt, falls Config kaputt ist
|
# Sicherheitshalber: Lösche nichts, was 'vault' heißt, falls Config kaputt ist
|
||||||
when: app_name_to_remove != 'vault'
|
when: app_name_to_remove != 'vault'
|
||||||
|
|
||||||
# 5. Deploy Apps (Update/Install)
|
# 5. Rollen ausführen (Common & Users auch im Pull-Mode aktuell halten)
|
||||||
|
- name: "Führe Rollen aus"
|
||||||
|
include_role:
|
||||||
|
name: "{{ item }}"
|
||||||
|
loop:
|
||||||
|
- common
|
||||||
|
- users
|
||||||
|
|
||||||
|
# 6. Deploy Apps (Update/Install)
|
||||||
- name: "Deploy Apps Loop"
|
- name: "Deploy Apps Loop"
|
||||||
include_tasks: deploy_logic_pull.yml
|
include_tasks: deploy_logic_pull.yml
|
||||||
loop: "{{ wanted_apps }}"
|
loop: "{{ wanted_apps }}"
|
||||||
|
|||||||
13
infrastructure/ansible/roles/users/defaults/main.yml
Normal file
13
infrastructure/ansible/roles/users/defaults/main.yml
Normal file
@@ -0,0 +1,13 @@
|
|||||||
|
---
|
||||||
|
# Default configuration for users role
|
||||||
|
# Can be overridden in host_vars or group_vars
|
||||||
|
|
||||||
|
users_list: []
|
||||||
|
# Example structure:
|
||||||
|
# users_list:
|
||||||
|
# - username: nick
|
||||||
|
# state: present # or absent
|
||||||
|
# groups: [sudo, docker]
|
||||||
|
# ssh_key: "ssh-ed25519 AAAA..."
|
||||||
|
# shell: /bin/bash
|
||||||
|
|
||||||
34
infrastructure/ansible/roles/users/tasks/main.yml
Normal file
34
infrastructure/ansible/roles/users/tasks/main.yml
Normal file
@@ -0,0 +1,34 @@
|
|||||||
|
---
|
||||||
|
- name: "Erstelle Gruppen"
|
||||||
|
group:
|
||||||
|
name: "{{ item }}"
|
||||||
|
state: present
|
||||||
|
loop: "{{ users_list | map(attribute='groups') | flatten | unique | default([]) }}"
|
||||||
|
|
||||||
|
- name: "Verwalte Benutzer"
|
||||||
|
user:
|
||||||
|
name: "{{ item.username }}"
|
||||||
|
state: "{{ item.state | default('present') }}"
|
||||||
|
groups: "{{ item.groups | default([]) }}"
|
||||||
|
shell: "{{ item.shell | default('/bin/bash') }}"
|
||||||
|
append: true # Keep existing groups
|
||||||
|
create_home: true
|
||||||
|
loop: "{{ users_list }}"
|
||||||
|
when: item.state | default('present') == 'present'
|
||||||
|
|
||||||
|
- name: "Setze SSH Authorized Keys"
|
||||||
|
authorized_key:
|
||||||
|
user: "{{ item.username }}"
|
||||||
|
state: present
|
||||||
|
key: "{{ item.ssh_key }}"
|
||||||
|
loop: "{{ users_list }}"
|
||||||
|
when: item.state | default('present') == 'present' and item.ssh_key is defined
|
||||||
|
|
||||||
|
- name: "Entferne Benutzer (falls state=absent)"
|
||||||
|
user:
|
||||||
|
name: "{{ item.username }}"
|
||||||
|
state: absent
|
||||||
|
remove: true # Delete home directory
|
||||||
|
loop: "{{ users_list }}"
|
||||||
|
when: item.state | default('present') == 'absent'
|
||||||
|
|
||||||
Reference in New Issue
Block a user