Commit bb5ce6ef authored by Kristian Klausen's avatar Kristian Klausen 🎉
Browse files

Merge branch 'archusers-support-staff' into 'master'

Support creating support-staff accounts on mail.al.org for mail + create user for klausenbusk and denisse

See merge request !430
parents 0d2c553d ba9bda23
Pipeline #9406 passed with stage
in 33 seconds
...@@ -7,6 +7,7 @@ arch_groups: ...@@ -7,6 +7,7 @@ arch_groups:
- multilib - multilib
- archboxes-sudo - archboxes-sudo
- docker-image-sudo - docker-image-sudo
- support-staff
arch_users: arch_users:
alertmanager: alertmanager:
...@@ -149,6 +150,13 @@ arch_users: ...@@ -149,6 +150,13 @@ arch_users:
- dev - dev
- tu - tu
- multilib - multilib
denisse:
name: "Andrea Denisse Gómez-Martínez"
ssh_key: denisse.pub
hosts:
- mail.archlinux.org
groups:
- support-staff
diabonas: diabonas:
name: "Jonas Witschel" name: "Jonas Witschel"
ssh_key: diabonas.pub ssh_key: diabonas.pub
...@@ -322,6 +330,17 @@ arch_users: ...@@ -322,6 +330,17 @@ arch_users:
groups: groups:
- tu - tu
- multilib - multilib
klausenbusk:
name: "Kristian Klausen"
ssh_key: klausenbusk.pub
hosts:
- mail.archlinux.org
groups:
- support-staff
additional_ssh_keys:
- name: klausenbusk_2.pub
hosts:
- all
lcarlier: lcarlier:
name: "Laurent Carlier" name: "Laurent Carlier"
ssh_key: lcarlier.pub ssh_key: lcarlier.pub
......
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKo2Uddwkt9dx+V4UO9AnP0RIKqkfqOEx1osQszQpzK1 andrea@youdu
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTMR5HHwFsKQWlvAk4UGhYxiB15dHY5pPoVufBSPNDF andrea@diyu
...@@ -4,6 +4,11 @@ ...@@ -4,6 +4,11 @@
group: name="{{ item }}" state=present system=no group: name="{{ item }}" state=present system=no
with_items: "{{ arch_groups }}" with_items: "{{ arch_groups }}"
- name: filter arch_users for users with non-matching hosts
set_fact: arch_users_filtered="{{ (arch_users_filtered | default([])) + [ item ] }}"
when: item.value.hosts is not defined or inventory_hostname in item.value.hosts
with_dict: "{{ arch_users }}"
- name: create Arch Linux-specific users - name: create Arch Linux-specific users
user: user:
name: "{{ item.key }}" name: "{{ item.key }}"
...@@ -14,21 +19,21 @@ ...@@ -14,21 +19,21 @@
password: "" password: ""
update_password: on_create update_password: on_create
state: present state: present
with_dict: "{{ arch_users }}" loop: "{{ arch_users_filtered }}"
- name: create .ssh directory - name: create .ssh directory
file: path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700 file: path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700
with_dict: "{{ arch_users }}" loop: "{{ arch_users_filtered }}"
- name: configure ssh keys - name: configure ssh keys
template: src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600 template: src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600
when: item.value.ssh_key is defined when: item.value.ssh_key is defined
with_dict: "{{ arch_users }}" loop: "{{ arch_users_filtered }}"
- name: remove ssh keys if undefined - name: remove ssh keys if undefined
file: path=/home/{{ item.key }}/.ssh/authorized_keys state=absent file: path=/home/{{ item.key }}/.ssh/authorized_keys state=absent
when: item.value.ssh_key is not defined when: item.value.ssh_key is not defined
with_dict: "{{ arch_users }}" loop: "{{ arch_users_filtered }}"
- name: get list of remote users - name: get list of remote users
find: paths="/home" file_type="directory" find: paths="/home" file_type="directory"
...@@ -37,5 +42,5 @@ ...@@ -37,5 +42,5 @@
# TODO: this removes the keys of svn-packages and svn-community on gemini temporarily. add some form of whitelist for those users? # TODO: this removes the keys of svn-packages and svn-community on gemini temporarily. add some form of whitelist for those users?
- name: disable ssh keys of disabled users - name: disable ssh keys of disabled users
file: path="/home/{{ item }}/.ssh/authorized_keys" state=absent file: path="/home/{{ item }}/.ssh/authorized_keys" state=absent
when: item not in arch_users when: item not in (arch_users_filtered | map(attribute='key'))
with_items: "{{ all_users.files | map(attribute='path') | map('basename') | list }}" with_items: "{{ all_users.files | map(attribute='path') | map('basename') | list }}"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment