refactorized ssh user creation

2025-10-01 16:23:27 +02:00
parent 9f073d8c3c
commit 07781d08d4
2 changed files with 47 additions and 5 deletions
--- a/roles/bastionhost/tasks/users.yml
+++ b/roles/bastionhost/tasks/users.yml
@@ -1,7 +1,16 @@
 # Configure users for the bastion host
- name: Manage bastion user accounts by including user-specific task files
-  include_tasks: "users/{{ item }}.yml"
+- name: users | rene | Ensure admin user is absent from bastion
+  include_tasks: users/rene.yml
+
+- name: users | Create and configure bastion users
+  include_tasks: users/_create_user_with_ssh.yml
  loop:
-    - rene
-    - lowpriv
-    - sshjumpuser
+    - name: lowpriv
+      comment: "Restricted user for interactive shell"
+      shell: /usr/bin/rbash
+
+    - name: sshjumpuser
+      comment: "SSH Jump User - no tty - no password"
+      shell: /bin/false
+  loop_control:
+    loop_var: user_item