Update provision.sh and add tasks for users
This commit is contained in:
parent
e8926785c3
commit
036f64e60a
GPG key ID:
CBBBE7371E81C4EA
|
|
@ -9,6 +9,12 @@ hdd_mount_point: /opt/{{ hdd_name }}
|
||||||
ssd_name: pi-ssd
|
ssd_name: pi-ssd
|
||||||
ssd_mount_point: /opt/{{ ssd_name }}
|
ssd_mount_point: /opt/{{ ssd_name }}
|
||||||
|
|
||||||
|
users:
|
||||||
|
- name: ubuntu
|
||||||
|
comment: System Administration
|
||||||
|
password: $6$YitakVLuUxjnPfDd$aFnEDcc98y6MlRYxLPAhb.eHsKqSIz385i4VrHW1Q8b986IqUhtu62gaOIALzM4FAU3dnWaHNUTGxY0zgA6jC0
|
||||||
|
groups:
|
||||||
|
- sudo
|
||||||
ssh_keys:
|
ssh_keys:
|
||||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
|
||||||
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332
|
||||||
|
|
|
||||||
60
provision.sh
60
provision.sh
|
|
@ -1,14 +1,15 @@
|
||||||
#!/bin/sh
|
#!/usr/bin/env sh
|
||||||
|
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
usage() {
|
usage() {
|
||||||
printf '%s\n' "Usage:"
|
printf '%s\n' "Usage:"
|
||||||
printf '$ %s\n' "$0 [-h|--help]"
|
printf '$ %s\n' "$0 [-h|--help]"
|
||||||
printf '$ %s\n' "$0 os"
|
printf '$ %s\n' "$0 [--dry] os"
|
||||||
printf '$ %s\n' "$0 docker"
|
printf '$ %s\n' "$0 [--dry] docker"
|
||||||
printf '$ %s\n' "$0 reboot [-f|--force]"
|
printf '$ %s\n' "$0 [--dry] users [-i|--init]"
|
||||||
printf '$ %s\n' "$0 services [SINGLE_SERVICE]"
|
printf '$ %s\n' "$0 [--dry] reboot [-f|--force]"
|
||||||
|
printf '$ %s\n' "$0 [--dry] services [-d|--down] [SINGLE_SERVICE]"
|
||||||
}
|
}
|
||||||
|
|
||||||
install_modules() {
|
install_modules() {
|
||||||
|
|
@ -18,28 +19,57 @@ install_modules() {
|
||||||
}
|
}
|
||||||
|
|
||||||
cd "$(dirname "$0")" || exit 255
|
cd "$(dirname "$0")" || exit 255
|
||||||
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass --ask-become-pass"
|
if [ "$1" = "--dry" ]; then
|
||||||
|
EXEC="echo"
|
||||||
|
shift
|
||||||
|
else
|
||||||
|
EXEC="eval"
|
||||||
|
fi
|
||||||
|
|
||||||
case $1 in
|
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass --ask-become-pass"
|
||||||
|
TAG="$1"
|
||||||
|
shift
|
||||||
|
|
||||||
|
case $TAG in
|
||||||
"")
|
"")
|
||||||
install_modules; $BASE_CMD ;;
|
install_modules; $BASE_CMD ;;
|
||||||
os|docker)
|
os|docker)
|
||||||
install_modules; $BASE_CMD --tags "$1" ;;
|
install_modules; $BASE_CMD --tags "$TAG" ;;
|
||||||
|
users)
|
||||||
|
install_modules
|
||||||
|
|
||||||
|
if [ "$1" = "-i" ] || [ "$1" = "--init" ]; then
|
||||||
|
$EXEC "$BASE_CMD --user root --tags '$TAG'"
|
||||||
|
else
|
||||||
|
$EXEC "$BASE_CMD --tags '$TAG'"
|
||||||
|
fi
|
||||||
|
;;
|
||||||
reboot)
|
reboot)
|
||||||
install_modules
|
install_modules
|
||||||
if [ "$2" = "-f" ] || [ "$2" = "--force" ]; then
|
|
||||||
$BASE_CMD --tags "$1" --extra-vars "force_reboot=true"
|
if [ "$1" = "-f" ] || [ "$1" = "--force" ]; then
|
||||||
|
$EXEC "$BASE_CMD --tags '$TAG' --extra-vars 'force_reboot=true'"
|
||||||
else
|
else
|
||||||
$BASE_CMD --tags "$1" --extra-vars "reboot=true"
|
$EXEC "$BASE_CMD --tags '$TAG' --extra-vars 'reboot=true'"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
services)
|
services)
|
||||||
install_modules
|
install_modules
|
||||||
if [ -z "$2" ]; then
|
|
||||||
$BASE_CMD --tags "$1"
|
if [ "$1" = "-d" ] || [ "$1" = "--down" ]; then
|
||||||
else
|
DOWN=1
|
||||||
$BASE_CMD --tags "$1" --extra-vars "single_service=$2"
|
shift
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -z "$DOWN" ] && [ -n "$1" ]; then
|
||||||
|
VARS="single_service=$1"
|
||||||
|
elif [ -n "$DOWN" ] && [ -z "$1" ]; then
|
||||||
|
VARS="stop=true"
|
||||||
|
elif [ -n "$DOWN" ] && [ -n "$1" ]; then
|
||||||
|
VARS='{"stop": true, "single_service": "'$1'"}'
|
||||||
|
fi
|
||||||
|
|
||||||
|
$EXEC "$BASE_CMD --tags '$TAG' $(test -z "$VARS" || echo "--extra-vars '$VARS'")"
|
||||||
;;
|
;;
|
||||||
-h|--help)
|
-h|--help)
|
||||||
usage ;;
|
usage ;;
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,10 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
|
- name: Configure user accounts
|
||||||
|
ansible.builtin.import_tasks: users.yml
|
||||||
|
tags:
|
||||||
|
- users
|
||||||
|
|
||||||
- name: Configure system base
|
- name: Configure system base
|
||||||
ansible.builtin.import_tasks: base.yml
|
ansible.builtin.import_tasks: base.yml
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,11 +1,5 @@
|
||||||
# vim: ft=yaml.ansible
|
# vim: ft=yaml.ansible
|
||||||
---
|
---
|
||||||
- name: Add public SSH key to default user
|
|
||||||
ansible.posix.authorized_key:
|
|
||||||
user: "{{ ansible_user }}"
|
|
||||||
key: "{{ ssh_keys | join('\n') }}"
|
|
||||||
exclusive: true
|
|
||||||
|
|
||||||
- name: Allow SSH login with public keys
|
- name: Allow SSH login with public keys
|
||||||
ansible.builtin.lineinfile:
|
ansible.builtin.lineinfile:
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/ssh/sshd_config
|
||||||
|
|
|
||||||
18
roles/os_config/tasks/users.yml
Normal file
18
roles/os_config/tasks/users.yml
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Add users
|
||||||
|
ansible.builtin.user:
|
||||||
|
name: "{{ item.name }}"
|
||||||
|
comment: "{{ item.comment }}"
|
||||||
|
password: "{{ item.password }}"
|
||||||
|
groups: "{{ item.groups }}"
|
||||||
|
shell: /bin/bash
|
||||||
|
update_password: always
|
||||||
|
loop: "{{ users }}"
|
||||||
|
|
||||||
|
- name: Add ssh authorized_keys
|
||||||
|
ansible.posix.authorized_key:
|
||||||
|
user: "{{ item.name }}"
|
||||||
|
key: "{{ item.ssh_keys | join('\n') }}"
|
||||||
|
exclusive: true
|
||||||
|
loop: "{{ users }}"
|
||||||
Reference in a new issue