Update provision.sh and add tasks for users

2023-04-26 23:58:23 +02:00 · 2023-04-26 23:58:23 +02:00 · 036f64e60a
parent e8926785c3
commit 036f64e60a
5 changed files with 77 additions and 24 deletions
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@ -9,6 +9,12 @@ hdd_mount_point: /opt/{{ hdd_name }}
 ssd_name: pi-ssd
 ssd_mount_point: /opt/{{ ssd_name }}

-ssh_keys:
-  - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
-  - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
+users:
+  - name: ubuntu
+    comment: System Administration
+    password: $6$YitakVLuUxjnPfDd$aFnEDcc98y6MlRYxLPAhb.eHsKqSIz385i4VrHW1Q8b986IqUhtu62gaOIALzM4FAU3dnWaHNUTGxY0zgA6jC0
+    groups:
+      - sudo
+    ssh_keys:
+      - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
+      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
--- a/provision.sh
+++ b/provision.sh
@ -1,14 +1,15 @@
-#!/bin/sh
+#!/usr/bin/env sh

 set -e

 usage() {
    printf '%s\n'   "Usage:"
    printf '$ %s\n' "$0 [-h|--help]"
-    printf '$ %s\n' "$0 os"
-    printf '$ %s\n' "$0 docker"
-    printf '$ %s\n' "$0 reboot [-f|--force]"
-    printf '$ %s\n' "$0 services [SINGLE_SERVICE]"
+    printf '$ %s\n' "$0 [--dry] os"
+    printf '$ %s\n' "$0 [--dry] docker"
+    printf '$ %s\n' "$0 [--dry] users [-i|--init]"
+    printf '$ %s\n' "$0 [--dry] reboot [-f|--force]"
+    printf '$ %s\n' "$0 [--dry] services [-d|--down] [SINGLE_SERVICE]"
 }

 install_modules() {
@ -18,28 +19,57 @@ install_modules() {
 }

 cd "$(dirname "$0")" || exit 255
-BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass --ask-become-pass"
+if [ "$1" = "--dry" ]; then
+    EXEC="echo"
+    shift
+else
+    EXEC="eval"
+fi

-case $1 in
+BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass --ask-become-pass"
+TAG="$1"
+shift
+
+case $TAG in
    "")
        install_modules; $BASE_CMD ;;
    os|docker)
-        install_modules; $BASE_CMD --tags "$1" ;;
+        install_modules; $BASE_CMD --tags "$TAG" ;;
+    users)
+        install_modules
+
+        if [ "$1" = "-i" ] || [ "$1" = "--init" ]; then
+            $EXEC "$BASE_CMD --user root --tags '$TAG'"
+        else
+            $EXEC "$BASE_CMD --tags '$TAG'"
+        fi
+        ;;
    reboot)
        install_modules
-        if [ "$2" = "-f" ] || [ "$2" = "--force" ]; then
-            $BASE_CMD --tags "$1" --extra-vars "force_reboot=true"
+
+        if [ "$1" = "-f" ] || [ "$1" = "--force" ]; then
+            $EXEC "$BASE_CMD --tags '$TAG' --extra-vars 'force_reboot=true'"
        else
-            $BASE_CMD --tags "$1" --extra-vars "reboot=true"
+            $EXEC "$BASE_CMD --tags '$TAG' --extra-vars 'reboot=true'"
        fi
        ;;
    services)
        install_modules
-        if [ -z "$2" ]; then
-            $BASE_CMD --tags "$1"
-        else
-            $BASE_CMD --tags "$1" --extra-vars "single_service=$2"
+
+        if [ "$1" = "-d" ] || [ "$1" = "--down" ]; then
+            DOWN=1
+            shift
        fi
+
+        if [ -z "$DOWN" ] && [ -n "$1" ]; then
+            VARS="single_service=$1"
+        elif [ -n "$DOWN" ] && [ -z "$1" ]; then
+            VARS="stop=true"
+        elif [ -n "$DOWN" ] && [ -n "$1" ]; then
+            VARS='{"stop": true, "single_service": "'$1'"}'
+        fi
+
+        $EXEC "$BASE_CMD --tags '$TAG' $(test -z "$VARS" || echo "--extra-vars '$VARS'")"
        ;;
    -h|--help)
        usage ;;
--- a/roles/os_config/tasks/main.yml
+++ b/roles/os_config/tasks/main.yml
@ -1,5 +1,10 @@
 # vim: ft=yaml.ansible
 ---
+- name: Configure user accounts
+  ansible.builtin.import_tasks: users.yml
+  tags:
+    - users
+
 - name: Configure system base
  ansible.builtin.import_tasks: base.yml

--- a/roles/os_config/tasks/ssh.yml
+++ b/roles/os_config/tasks/ssh.yml
@ -1,11 +1,5 @@
 # vim: ft=yaml.ansible
 ---
- name: Add public SSH key to default user
-  ansible.posix.authorized_key:
-    user: "{{ ansible_user }}"
-    key: "{{ ssh_keys | join('\n') }}"
-    exclusive: true
-
 - name: Allow SSH login with public keys
  ansible.builtin.lineinfile:
    path: /etc/ssh/sshd_config
--- a/roles/os_config/tasks/users.yml
+++ b/roles/os_config/tasks/users.yml
@ -0,0 +1,18 @@
+# vim: ft=yaml.ansible
+---
+- name: Add users
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    comment: "{{ item.comment }}"
+    password: "{{ item.password }}"
+    groups: "{{ item.groups }}"
+    shell: /bin/bash
+    update_password: always
+  loop: "{{ users }}"
+
+- name: Add ssh authorized_keys
+  ansible.posix.authorized_key:
+    user: "{{ item.name }}"
+    key: "{{ item.ssh_keys | join('\n') }}"
+    exclusive: true
+  loop: "{{ users }}"