Update provision.sh and add tasks for users

This commit is contained in:
Sam A. 2023-04-26 23:58:23 +02:00
parent e8926785c3
commit 036f64e60a
Signed by: samsapti
GPG key ID: CBBBE7371E81C4EA
5 changed files with 77 additions and 24 deletions

View file

@ -9,6 +9,12 @@ hdd_mount_point: /opt/{{ hdd_name }}
ssd_name: pi-ssd ssd_name: pi-ssd
ssd_mount_point: /opt/{{ ssd_name }} ssd_mount_point: /opt/{{ ssd_name }}
users:
- name: ubuntu
comment: System Administration
password: $6$YitakVLuUxjnPfDd$aFnEDcc98y6MlRYxLPAhb.eHsKqSIz385i4VrHW1Q8b986IqUhtu62gaOIALzM4FAU3dnWaHNUTGxY0zgA6jC0
groups:
- sudo
ssh_keys: ssh_keys:
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti - sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFWZGLov8wPBNxuvnaPK+8vv6wK5hHUVEFzXKsN9QeuBAAAADHNzaDpzYW1zYXB0aQ== ssh:samsapti
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332 - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPd/4fQV7CL8/KVwbo/phiV5UdXFBIDlkZ+ps8C7FeRf cardno:14 336 332

View file

@ -1,14 +1,15 @@
#!/bin/sh #!/usr/bin/env sh
set -e set -e
usage() { usage() {
printf '%s\n' "Usage:" printf '%s\n' "Usage:"
printf '$ %s\n' "$0 [-h|--help]" printf '$ %s\n' "$0 [-h|--help]"
printf '$ %s\n' "$0 os" printf '$ %s\n' "$0 [--dry] os"
printf '$ %s\n' "$0 docker" printf '$ %s\n' "$0 [--dry] docker"
printf '$ %s\n' "$0 reboot [-f|--force]" printf '$ %s\n' "$0 [--dry] users [-i|--init]"
printf '$ %s\n' "$0 services [SINGLE_SERVICE]" printf '$ %s\n' "$0 [--dry] reboot [-f|--force]"
printf '$ %s\n' "$0 [--dry] services [-d|--down] [SINGLE_SERVICE]"
} }
install_modules() { install_modules() {
@ -18,28 +19,57 @@ install_modules() {
} }
cd "$(dirname "$0")" || exit 255 cd "$(dirname "$0")" || exit 255
BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass --ask-become-pass" if [ "$1" = "--dry" ]; then
EXEC="echo"
shift
else
EXEC="eval"
fi
case $1 in BASE_CMD="ansible-playbook playbook.yml --ask-vault-pass --ask-become-pass"
TAG="$1"
shift
case $TAG in
"") "")
install_modules; $BASE_CMD ;; install_modules; $BASE_CMD ;;
os|docker) os|docker)
install_modules; $BASE_CMD --tags "$1" ;; install_modules; $BASE_CMD --tags "$TAG" ;;
users)
install_modules
if [ "$1" = "-i" ] || [ "$1" = "--init" ]; then
$EXEC "$BASE_CMD --user root --tags '$TAG'"
else
$EXEC "$BASE_CMD --tags '$TAG'"
fi
;;
reboot) reboot)
install_modules install_modules
if [ "$2" = "-f" ] || [ "$2" = "--force" ]; then
$BASE_CMD --tags "$1" --extra-vars "force_reboot=true" if [ "$1" = "-f" ] || [ "$1" = "--force" ]; then
$EXEC "$BASE_CMD --tags '$TAG' --extra-vars 'force_reboot=true'"
else else
$BASE_CMD --tags "$1" --extra-vars "reboot=true" $EXEC "$BASE_CMD --tags '$TAG' --extra-vars 'reboot=true'"
fi fi
;; ;;
services) services)
install_modules install_modules
if [ -z "$2" ]; then
$BASE_CMD --tags "$1" if [ "$1" = "-d" ] || [ "$1" = "--down" ]; then
else DOWN=1
$BASE_CMD --tags "$1" --extra-vars "single_service=$2" shift
fi fi
if [ -z "$DOWN" ] && [ -n "$1" ]; then
VARS="single_service=$1"
elif [ -n "$DOWN" ] && [ -z "$1" ]; then
VARS="stop=true"
elif [ -n "$DOWN" ] && [ -n "$1" ]; then
VARS='{"stop": true, "single_service": "'$1'"}'
fi
$EXEC "$BASE_CMD --tags '$TAG' $(test -z "$VARS" || echo "--extra-vars '$VARS'")"
;; ;;
-h|--help) -h|--help)
usage ;; usage ;;

View file

@ -1,5 +1,10 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Configure user accounts
ansible.builtin.import_tasks: users.yml
tags:
- users
- name: Configure system base - name: Configure system base
ansible.builtin.import_tasks: base.yml ansible.builtin.import_tasks: base.yml

View file

@ -1,11 +1,5 @@
# vim: ft=yaml.ansible # vim: ft=yaml.ansible
--- ---
- name: Add public SSH key to default user
ansible.posix.authorized_key:
user: "{{ ansible_user }}"
key: "{{ ssh_keys | join('\n') }}"
exclusive: true
- name: Allow SSH login with public keys - name: Allow SSH login with public keys
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config

View file

@ -0,0 +1,18 @@
# vim: ft=yaml.ansible
---
- name: Add users
ansible.builtin.user:
name: "{{ item.name }}"
comment: "{{ item.comment }}"
password: "{{ item.password }}"
groups: "{{ item.groups }}"
shell: /bin/bash
update_password: always
loop: "{{ users }}"
- name: Add ssh authorized_keys
ansible.posix.authorized_key:
user: "{{ item.name }}"
key: "{{ item.ssh_keys | join('\n') }}"
exclusive: true
loop: "{{ users }}"