From 46900dc64b54967efe07cf2f88186eee2a281030 Mon Sep 17 00:00:00 2001 From: Rene Mewissen Date: Wed, 1 Oct 2025 11:05:52 +0200 Subject: [PATCH] made it more modular --- roles/base/tasks/users/all.yml | 105 ++---------------- .../base/tasks/users/configure_ssh_client.yml | 14 +++ roles/base/tasks/users/create_user.yml | 6 + roles/base/tasks/users/get_home.yml | 6 + .../base/tasks/users/install_known_hosts.yml | 9 ++ .../base/tasks/users/install_private_keys.yml | 10 ++ .../base/tasks/users/install_public_keys.yml | 12 ++ roles/base/tasks/users/setup_dotfiles.yml | 49 ++++++++ roles/base/tasks/users/setup_ssh.yml | 5 + 9 files changed, 120 insertions(+), 96 deletions(-) create mode 100644 roles/base/tasks/users/configure_ssh_client.yml create mode 100644 roles/base/tasks/users/create_user.yml create mode 100644 roles/base/tasks/users/get_home.yml create mode 100644 roles/base/tasks/users/install_known_hosts.yml create mode 100644 roles/base/tasks/users/install_private_keys.yml create mode 100644 roles/base/tasks/users/install_public_keys.yml create mode 100644 roles/base/tasks/users/setup_dotfiles.yml create mode 100644 roles/base/tasks/users/setup_ssh.yml diff --git a/roles/base/tasks/users/all.yml b/roles/base/tasks/users/all.yml index 46dbebd..b8b802b 100644 --- a/roles/base/tasks/users/all.yml +++ b/roles/base/tasks/users/all.yml @@ -1,109 +1,21 @@ -- name: users | {{ user }} | create if not present - user: - name: "{{ user }}" - state: present - create_home: True +- include_tasks: users/common/create_user.yml - name: users | {{ user }} | getent user home directory getent: database: passwd key: "{{ user }}" split: ":" - fail_key: no # not required. If a supplied key is missing this will make the task fail if C(yes). + register: getent_passwd_user + changed_when: false -- name: users | {{ user }} | install public ssh keys - authorized_key: - user: '{{ user }}' - state: present - key: '{{ item }}' - with_file: - - public_keys/id_dsa.pub - - public_keys/id_ed25519.pub - - public_keys/rene_id_rsa.pub - - public_keys/yubikey.pub - - public_keys/notebook_id_rsa.pub +- set_fact: + user_home: "{{ getent_passwd_user.ansible_facts.getent_passwd[user][4] }}" -- name: users | {{ user }} | install private ssh keys - copy: - dest: "{{ getent_passwd[user][4] }}/.ssh/" - src: '{{ item }}' - owner: '{{ user }}' - group: '{{ user }}' - mode: '0600' - loop: - - "private_keys/gitlab_read_ed25519" +- include_tasks: users/common/setup_ssh.yml -- name: users | {{ user }} | install known_hosts - copy: - dest: "{{ getent_passwd[user][4] }}/.ssh/known_hosts" - src: "users/known_hosts" - backup: True - mode: '0600' - owner: '{{ user }}' - group: '{{ user }}' +- include_tasks: users/common/setup_dotfiles.yml -- name: users | {{ user }} | fill ssh config - blockinfile: - path: "{{ getent_passwd[user][4] }}/.ssh/config" - state: present - block: | - Host gitea.mewissen.site - IdentityFile ~/.ssh/gitlab_read_ed25519 - IdentitiesOnly Yes - create: True - backup: True - owner: '{{ user }}' - group: '{{ user }}' - marker: "## {mark} Basic ANSIBLE MANAGED BLOCK" - -- name: users | {{ user }} | clone remote repos - become: yes - become_user: '{{ user }}' - git: - repo: '{{ item.repo }}' - dest: '{{ getent_passwd[user][4] }}/{{ item.dir }}' - key_file: '{{ getent_passwd[user][4] }}/.ssh/gitlab_read_ed25519' - recursive: no - track_submodules: no - force: yes - with_items: - - { repo: 'https://github.com/romkatv/powerlevel10k.git', dir: 'powerlevel10k' } - - { repo: 'ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git', dir: 'dotfiles' } - ignore_errors: yes - -- name: users | {{ user }} | link dotfiles - become: yes - become_user: '{{ user }}' - file: - state: link - force: True - src: "{{ getent_passwd[user][4] }}/dotfiles/{{ item.src }}" - path: "{{ getent_passwd[user][4] }}/{{ item.dest }}" - follow: False - with_items: - - { src: 'vim/vimrc', dest: '.vimrc' } - - { src: 'bash/bashrc', dest: '.bashrc' } - - { src: 'zsh/zshrc', dest: '.zshrc' } - - { src: 'tmux/tmux.conf', dest: '.tmux.conf' } - ignore_errors: yes - -- name: users | {{ user }} | create bash_profile - lineinfile: - path: "{{ getent_passwd[user][4] }}/.bash_profile" - state: present - line: "[ -f ~/.bashrc ] && . ~/.bashrc" - create: True - mode: "0644" - owner: "{{ user }}" - group: "{{ user }}" - -- name: users | {{ user }} | call dotfile install script - become: yes - become_user: '{{ user }}' - shell: "POWERLINE=n BASHIT=y ZSHCUSTOM=n {{ getent_passwd[user][4] }}/dotfiles/install.sh" - ignore_errors: yes - -- name: users | all | add sudoers file +- name: users | wheel | add sudoers file copy: src: users/sudoers_wheel dest: /etc/sudoers.d/wheel @@ -111,6 +23,7 @@ group: root mode: 0440 when: sudo_group == "wheel" + run_once: true - name: users | {{ user }} | include user specific parts include_tasks: "{{ user }}.yml" diff --git a/roles/base/tasks/users/configure_ssh_client.yml b/roles/base/tasks/users/configure_ssh_client.yml new file mode 100644 index 0000000..e4d4ad4 --- /dev/null +++ b/roles/base/tasks/users/configure_ssh_client.yml @@ -0,0 +1,14 @@ +--- +- name: users | {{ user }} | fill ssh config + blockinfile: + path: "{{ user_home }}/.ssh/config" + state: present + block: | + Host gitea.mewissen.site + IdentityFile ~/.ssh/gitlab_read_ed25519 + IdentitiesOnly Yes + create: true + backup: true + owner: "{{ user }}" + group: "{{ user }}" + marker: "## {mark} Basic ANSIBLE MANAGED BLOCK" \ No newline at end of file diff --git a/roles/base/tasks/users/create_user.yml b/roles/base/tasks/users/create_user.yml new file mode 100644 index 0000000..370e69d --- /dev/null +++ b/roles/base/tasks/users/create_user.yml @@ -0,0 +1,6 @@ +--- +- name: users | {{ user }} | create if not present + user: + name: "{{ user }}" + state: present + create_home: true \ No newline at end of file diff --git a/roles/base/tasks/users/get_home.yml b/roles/base/tasks/users/get_home.yml new file mode 100644 index 0000000..3a142e4 --- /dev/null +++ b/roles/base/tasks/users/get_home.yml @@ -0,0 +1,6 @@ +--- +- name: users | {{ user }} | getent user home directory + getent: + database: passwd + key: "{{ user }}" + split: ":" \ No newline at end of file diff --git a/roles/base/tasks/users/install_known_hosts.yml b/roles/base/tasks/users/install_known_hosts.yml new file mode 100644 index 0000000..2d2d1f5 --- /dev/null +++ b/roles/base/tasks/users/install_known_hosts.yml @@ -0,0 +1,9 @@ +--- +- name: users | {{ user }} | install known_hosts + copy: + dest: "{{ user_home }}/.ssh/known_hosts" + src: "users/known_hosts" + backup: true + mode: "0600" + owner: "{{ user }}" + group: "{{ user }}" \ No newline at end of file diff --git a/roles/base/tasks/users/install_private_keys.yml b/roles/base/tasks/users/install_private_keys.yml new file mode 100644 index 0000000..88c28dd --- /dev/null +++ b/roles/base/tasks/users/install_private_keys.yml @@ -0,0 +1,10 @@ +--- +- name: users | {{ user }} | install private ssh keys + copy: + dest: "{{ user_home }}/.ssh/" + src: "{{ item }}" + owner: "{{ user }}" + group: "{{ user }}" + mode: "0600" + loop: + - "private_keys/gitlab_read_ed25519" \ No newline at end of file diff --git a/roles/base/tasks/users/install_public_keys.yml b/roles/base/tasks/users/install_public_keys.yml new file mode 100644 index 0000000..6faebf6 --- /dev/null +++ b/roles/base/tasks/users/install_public_keys.yml @@ -0,0 +1,12 @@ +--- +- name: users | {{ user }} | install public ssh keys + authorized_key: + user: "{{ user }}" + state: present + key: "{{ item }}" + with_file: + - public_keys/id_dsa.pub + - public_keys/id_ed25519.pub + - public_keys/rene_id_rsa.pub + - public_keys/yubikey.pub + - public_keys/notebook_id_rsa.pub \ No newline at end of file diff --git a/roles/base/tasks/users/setup_dotfiles.yml b/roles/base/tasks/users/setup_dotfiles.yml new file mode 100644 index 0000000..a79dc7d --- /dev/null +++ b/roles/base/tasks/users/setup_dotfiles.yml @@ -0,0 +1,49 @@ +--- +- name: users | {{ user }} | clone remote repos + become: true + become_user: "{{ user }}" + git: + repo: "{{ item.repo }}" + dest: "{{ user_home }}/{{ item.dir }}" + key_file: "{{ user_home }}/.ssh/gitlab_read_ed25519" + recursive: false + track_submodules: false + force: true + with_items: + - { repo: "https://github.com/romkatv/powerlevel10k.git", dir: "powerlevel10k" } + - { repo: "ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git", dir: "dotfiles" } + ignore_errors: true + +- name: users | {{ user }} | link dotfiles + become: true + become_user: "{{ user }}" + file: + state: link + force: true + src: "{{ user_home }}/dotfiles/{{ item.src }}" + path: "{{ user_home }}/{{ item.dest }}" + follow: false + with_items: + - { src: "vim/vimrc", dest: ".vimrc" } + - { src: "bash/bashrc", dest: ".bashrc" } + - { src: "zsh/zshrc", dest: ".zshrc" } + - { src: "tmux/tmux.conf", dest: ".tmux.conf" } + ignore_errors: true + +- name: users | {{ user }} | create bash_profile + lineinfile: + path: "{{ user_home }}/.bash_profile" + state: present + line: "[ -f ~/.bashrc ] && . ~/.bashrc" + create: true + mode: "0644" + owner: "{{ user }}" + group: "{{ user }}" + +- name: users | {{ user }} | call dotfile install script + become: true + become_user: "{{ user }}" + shell: "POWERLINE=n BASHIT=y ZSHCUSTOM=n {{ user_home }}/dotfiles/install.sh" + args: + chdir: "{{ user_home }}" + ignore_errors: true \ No newline at end of file diff --git a/roles/base/tasks/users/setup_ssh.yml b/roles/base/tasks/users/setup_ssh.yml new file mode 100644 index 0000000..4a682e3 --- /dev/null +++ b/roles/base/tasks/users/setup_ssh.yml @@ -0,0 +1,5 @@ +--- +- include_tasks: users/common/setup_ssh/install_public_keys.yml +- include_tasks: users/common/setup_ssh/install_private_keys.yml +- include_tasks: users/common/setup_ssh/install_known_hosts.yml +- include_tasks: users/common/setup_ssh/configure_ssh_client.yml \ No newline at end of file