renamed role
This commit is contained in:
28
roles/bastionhost/tasks/users/lowpriv.yml
Normal file
28
roles/bastionhost/tasks/users/lowpriv.yml
Normal file
@@ -0,0 +1,28 @@
|
||||
- name: users | lowpriv | add user to system
|
||||
user:
|
||||
name: lowpriv
|
||||
comment: Restricted user for interactive shell
|
||||
shell: /usr/bin/rbash
|
||||
state: present
|
||||
create_home: True
|
||||
generate_ssh_key: False
|
||||
password_lock: True
|
||||
|
||||
- name: users | lowpriv | getent user home directory
|
||||
getent:
|
||||
database: passwd
|
||||
key: "lowpriv"
|
||||
split: ":"
|
||||
register: getent_passwd_lowpriv
|
||||
changed_when: false
|
||||
|
||||
- name: users | lowpriv | set home directory fact
|
||||
set_fact:
|
||||
user_home: "{{ getent_passwd_lowpriv.ansible_facts.getent_passwd['lowpriv'][4] }}"
|
||||
user: "lowpriv"
|
||||
|
||||
- name: users | lowpriv | import ssh configuration tasks from base role
|
||||
import_tasks: ../../../base/tasks/users/install_public_keys.yml
|
||||
|
||||
- name: users | lowpriv | import known_hosts task from base role
|
||||
import_tasks: ../../../base/tasks/users/install_known_hosts.yml
|
||||
7
roles/bastionhost/tasks/users/rene.yml
Normal file
7
roles/bastionhost/tasks/users/rene.yml
Normal file
@@ -0,0 +1,7 @@
|
||||
- include_vars: 'users.yml'
|
||||
|
||||
- name: users | rene | remove user from system
|
||||
user:
|
||||
name: rene
|
||||
state: absent
|
||||
remove: True
|
||||
28
roles/bastionhost/tasks/users/sshjumpuser.yml
Normal file
28
roles/bastionhost/tasks/users/sshjumpuser.yml
Normal file
@@ -0,0 +1,28 @@
|
||||
- name: users | sshjumpuser | add user to system
|
||||
user:
|
||||
name: sshjumpuser
|
||||
comment: SSH Jump User - no tty - no password
|
||||
shell: /bin/false
|
||||
state: present
|
||||
create_home: True
|
||||
generate_ssh_key: False
|
||||
password_lock: True
|
||||
|
||||
- name: users | sshjumpuser | getent user home directory
|
||||
getent:
|
||||
database: passwd
|
||||
key: "sshjumpuser"
|
||||
split: ":"
|
||||
register: getent_passwd_sshjumpuser
|
||||
changed_when: false
|
||||
|
||||
- name: users | sshjumpuser | set home directory fact
|
||||
set_fact:
|
||||
user_home: "{{ getent_passwd_sshjumpuser.ansible_facts.getent_passwd['sshjumpuser'][4] }}"
|
||||
user: "sshjumpuser"
|
||||
|
||||
- name: users | sshjumpuser | import ssh configuration tasks from base role
|
||||
import_tasks: ../../../base/tasks/users/install_public_keys.yml
|
||||
|
||||
- name: users | sshjumpuser | import known_hosts task from base role
|
||||
import_tasks: ../../../base/tasks/users/install_known_hosts.yml
|
||||
Reference in New Issue
Block a user