diff options
| -rw-r--r-- | infrastructure/production.yaml | 6 | ||||
| -rw-r--r-- | infrastructure/roles/users/README.md | 11 | ||||
| -rw-r--r-- | infrastructure/roles/users/tasks/main.yaml | 22 | ||||
| -rw-r--r-- | infrastructure/site.yaml | 4 |
4 files changed, 43 insertions, 0 deletions
diff --git a/infrastructure/production.yaml b/infrastructure/production.yaml index 4bd0386..6800693 100644 --- a/infrastructure/production.yaml +++ b/infrastructure/production.yaml @@ -9,3 +9,9 @@ ungrouped: 66643762323130663763643061333862666539633832356663663832376239326534393837356237 6532373435616636650a343532616364623864373863376166333538306130626637373235616130 38666666623932363937336532343633353732643434616536666339343630663564 +all: + vars: + users: + - name: alex + shell: /usr/bin/bash + authorized_keys: "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsmNM+izEWl/tIRncLIc9UFHwjL4b64VGD9ZTqeR/fEbfrhUjcQNmwHMbfF3l35OEFnPw6Afm8TzL/RwM+ePpdxj7HzZW6XBOVf258Dcs3olw/JuG8+oSvLoXUiTS1rqgNNp7RLEQN1IxYOUCreu6ju6y2WDi8Ota2vO1DpGgfHB1M6KbGBpLpZBCAKzrhI9I0y6nx6WEWWYJpcvN947oAgQRf/Bv4j9pNUATXhe14rNSWwk5lvOYZSEu7XZeg55GSzJSQjIO29F2SW8b886pB3hbRV+OFtLwWaMvsQwNp25n4wePQJX5OczKZxbN6rfjf4kuOmeGbVP3PmHa8hrmEw== alex@case" diff --git a/infrastructure/roles/users/README.md b/infrastructure/roles/users/README.md new file mode 100644 index 0000000..71a4486 --- /dev/null +++ b/infrastructure/roles/users/README.md @@ -0,0 +1,11 @@ +# Users + +## Initial set up + +This role creates users in the `sudo` group. +`sudo` requires a password. + +To set your password, run `su -c 'passwd $(whoami)'`. + +From then on, use `sudo` for privileged actions. +Remember to only modify the system using Ansible. diff --git a/infrastructure/roles/users/tasks/main.yaml b/infrastructure/roles/users/tasks/main.yaml new file mode 100644 index 0000000..37d616c --- /dev/null +++ b/infrastructure/roles/users/tasks/main.yaml @@ -0,0 +1,22 @@ +- name: create user + ansible.builtin.user: + name: "{{ item.name }}" + shell: "{{ item.shell }}" + groups: + - sudo + loop: "{{ users }}" +- name: create .ssh directory + ansible.builtin.file: + path: "/home/{{ item.name }}/.ssh" + state: directory + owner: "{{ item.name }}" + group: "{{ item.name }}" + loop: "{{ users }}" +- name: set authorized keys + ansible.builtin.copy: + dest: "/home/{{ item.name }}/.ssh/authorized_keys" + owner: "{{ item.name }}" + group: "{{ item.name }}" + mode: '0400' + content: "{{ item.authorized_keys }}" + loop: "{{ users }}" diff --git a/infrastructure/site.yaml b/infrastructure/site.yaml new file mode 100644 index 0000000..5505001 --- /dev/null +++ b/infrastructure/site.yaml @@ -0,0 +1,4 @@ +--- +- hosts: all + roles: + - users |