added tasks for a bastion host

2025-10-01 14:22:25 +02:00
parent 54fc2ad535
commit 19e616845e
13 changed files with 299 additions and 11 deletions
--- a/roles/bastion/tasks/users/sshjumpuser.yml
+++ b/roles/bastion/tasks/users/sshjumpuser.yml
@@ -0,0 +1,28 @@
+- name: users | sshjumpuser | add user to system
+  user:
+    name: sshjumpuser
+    comment: SSH Jump User - no tty - no password
+    shell: /bin/false
+    state: present
+    create_home: True
+    generate_ssh_key: False
+    password_lock: True
+
+- name: users | sshjumpuser | getent user home directory
+  getent:
+    database: passwd
+    key: "sshjumpuser"
+    split: ":"
+  register: getent_passwd_sshjumpuser
+  changed_when: false
+
+- name: users | sshjumpuser | set home directory fact
+  set_fact:
+    user_home: "{{ getent_passwd_sshjumpuser.ansible_facts.getent_passwd['sshjumpuser'][4] }}"
+    user: "sshjumpuser"
+
+- name: users | sshjumpuser | import ssh configuration tasks from base role
+  import_tasks: ../../../base/tasks/users/install_public_keys.yml
+
+- name: users | sshjumpuser | import known_hosts task from base role
+  import_tasks: ../../../base/tasks/users/install_known_hosts.yml