Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
David Runge
infrastructure
Commits
50c3e0f9
Commit
50c3e0f9
authored
Jun 24, 2021
by
Kristian Klausen
🎉
Browse files
archusers: Support restricting users to specific hosts
parent
0d2c553d
Changes
1
Hide whitespace changes
Inline
Side-by-side
roles/archusers/tasks/main.yml
View file @
50c3e0f9
...
...
@@ -4,6 +4,11 @@
group
:
name="{{ item }}" state=present system=no
with_items
:
"
{{
arch_groups
}}"
-
name
:
filter arch_users for users with non-matching hosts
set_fact
:
arch_users_filtered="{{ (arch_users_filtered | default([])) + [ item ] }}"
when
:
item.value.hosts is not defined or inventory_hostname in item.value.hosts
with_dict
:
"
{{
arch_users
}}"
-
name
:
create Arch Linux-specific users
user
:
name
:
"
{{
item.key
}}"
...
...
@@ -14,21 +19,21 @@
password
:
"
"
update_password
:
on_create
state
:
present
with_dict
:
"
{{
arch_users
}}"
loop
:
"
{{
arch_users
_filtered
}}"
-
name
:
create .ssh directory
file
:
path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700
with_dict
:
"
{{
arch_users
}}"
loop
:
"
{{
arch_users
_filtered
}}"
-
name
:
configure ssh keys
template
:
src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600
when
:
item.value.ssh_key is defined
with_dict
:
"
{{
arch_users
}}"
loop
:
"
{{
arch_users
_filtered
}}"
-
name
:
remove ssh keys if undefined
file
:
path=/home/{{ item.key }}/.ssh/authorized_keys state=absent
when
:
item.value.ssh_key is not defined
with_dict
:
"
{{
arch_users
}}"
loop
:
"
{{
arch_users
_filtered
}}"
-
name
:
get list of remote users
find
:
paths="/home" file_type="directory"
...
...
@@ -37,5 +42,5 @@
# TODO: this removes the keys of svn-packages and svn-community on gemini temporarily. add some form of whitelist for those users?
-
name
:
disable ssh keys of disabled users
file
:
path="/home/{{ item }}/.ssh/authorized_keys" state=absent
when
:
item not in arch_users
when
:
item not in
(
arch_users
_filtered | map(attribute='key'))
with_items
:
"
{{
all_users.files
|
map(attribute='path')
|
map('basename')
|
list
}}"
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment