From 30ed190691c94cf3a30766586934fd30ba5f6acf Mon Sep 17 00:00:00 2001 From: root Date: Sat, 7 Dec 2024 13:46:33 +0100 Subject: [PATCH] add inventory and playbook for users --- inventory | 25 ++++++++++++++ playbooks/users.yml | 79 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 inventory create mode 100644 playbooks/users.yml diff --git a/inventory b/inventory new file mode 100644 index 0000000..d7e973c --- /dev/null +++ b/inventory @@ -0,0 +1,25 @@ +[proxmox] +proxmox ansible_host=10.100.0.1 + +[proxmox:vars] +ansible_become_method=sudo +ansible_user=kandertova +ansible_become=true + +[full_os] +jumphost ansible_host=10.100.0.100 +nextcloud ansible_host=10.100.0.22 +k3s ansible_host=10.100.0.50 + +[full_os:vars] +ansible_become_method=sudo +ansible_user=kandertova +ansible_become=true + +[lxc] +git ansible_host=10.100.0.20 +zabbix ansible_host=10.100.0.21 +loadbalancer ansible_host=10.100.0.10 + +[lxc:vars] +ansible_user=root \ No newline at end of file diff --git a/playbooks/users.yml b/playbooks/users.yml new file mode 100644 index 0000000..edcf15f --- /dev/null +++ b/playbooks/users.yml @@ -0,0 +1,79 @@ +- name: Add users, make them passwordless sudoers and download their ssh keys + hosts: + - lxc + - full_os + gather_facts: false + + vars: + mhrebik_keys: + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOH/TlOb8TAXiMhN8u7VNqPC7W2hrhygm/1BZBZZp0qo + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAUkzs5GNd3Ocxb6cYFU5uFqlUrbgzeJaov4VM6HliFO + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGb8+AbE+2LUmgDft/Z79aH+qDWWLomRes4PPJlaE7ad + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6Dz6emnU+kRT7mh26QP0j3UL9mT33h+B6iCTh4Wb2L + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOnPnJlE2yYvOt4v8W9LA3ZzgSj1T5zCPdcqryYfdKiN + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOZ11i0NL5kxdVf8kWNYzVSZwC2pmxTnV1xxxXWuo//6 + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwVRpRO4f00zBQ1Ju9hInJwVuP/Iq0QDWBE4S1R2S33 + + matty_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCqgwteN2X+a3n/6CqbNHkOyRn9QZ0rMP+xvMaNmeamGQ12KFs8E47hStIgnb3UOfgUDgJ93GYcAJWr/ipcXNqOjZDcrQ/QImcUrbOfYasaTIVUtKXjHX/Q1gM7ESMhHi9iWPAKXB4pxPzCnnn95uFRM7w9uq/lw7P+ISPN7hc6UONAzYCaQN9Nc4NUaj048PWx+TjSJFbEGgOlmKDSDRUxTbm1cI1vnH0WmO3TnmDFjDOgt33FrPaNdQ22qf+IULCPruz2RQZYhLEhh2PFtgeKOxVx+8R5SlMG4jm39E7GxP60W6XpsggiwrD63QNi8KdGd6ZBVk4bQLZ2PCPH42S63oSC0tu9KeyDxdgJkmsP9g9UiEbrGVy0zC9njj+mJvbIcrJ3aee2QpjFy/3lMT+WOicu6j9mCFi2NWDU37gsnEVIy2eegO6mpOmQ6QlZv1YMesz0V3gz+tlP9HKKXCb9Ex5LCPscO4nZTAModj3fh5kItlbImsVEUgPYcXa901k= + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ96BSOF6J/WI4x31X7DMl/WmF6Rp6gYojBg0BZEw4wt + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBurNtP4P/pYGIKBDT5Kup/r/tEv8A+ntUOL6zKpzIQO + - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFXXLYPnOPYDug9WYZtwoyRci2kCsaEg/5EeYsYeV3w + + tasks: + - name: Create the sudo_passwordless group + ansible.builtin.group: + name: sudo_passwordless + state: present + + - name: Create user "mhrebik" + ansible.builtin.user: + name: "mhrebik" + groups: + - sudo_passwordless + append: true + password: "$y$j9T$lFmEIGHoVlJMj8lklmG/O0$Cxh4sTsBk8FUgMqbJBqIee58hg8r4kXcv4/P1UDZMmD" + + - name: Create user matty + ansible.builtin.user: + name: "matty" + groups: + - sudo_passwordless + append: true + password: "$y$j9T$UC70HSbFYAg7I306Q204R.$Jfvjvhrw.UIPL9WI6pX7LdWvuvJS1VH3DJT6EFHQ/XB" + + - name: Create user Kandertova + ansible.builtin.user: + name: "mhrebik" + groups: + - sudo_passwordless + append: true + password: "$y$j9T$46ejfvmwiL46oswXXNjLg.$AfjG8EKB0DzjBPuC7luLhxY/iDmzkQlHWvc6mgx6Jw0" + + - name: Allow passwordless sudo for the group in sudoers + ansible.builtin.lineinfile: + path: /etc/sudoers + state: present + line: '%sudo_passwordless ALL=(ALL) NOPASSWD: ALL' + validate: 'visudo -cf %s' + + - name: Add mhrebik keys + ansible.builtin.authorized_key: + user: mhrebik + key: "{{ item }}" + with_items: mhrebik_keys + + - name: Add matty keys + ansible.builtin.authorized_key: + user: matty + key: "{{ item }}" + with_items: matty_keys + + + + + + + + + \ No newline at end of file