From: Oleg Broytman Date: Sun, 14 Jul 2019 03:06:18 +0000 (+0300) Subject: Feat: Split `debian-init-user-phd` into roles X-Git-Url: https://git.phdru.name/?a=commitdiff_plain;h=204a50bd1d0148ff845cf66773e65c5ec737eb82;p=ansible.git Feat: Split `debian-init-user-phd` into roles Split `debian-init-user-phd` into `debian-init-local-phd`, `debian-init-system`, `debian-init-user-phd` and roles `debian-init-system`, `debian-phd` and `debian-sudo`. --- diff --git a/playbooks/debian-init-local-phd.yml b/playbooks/debian-init-local-phd.yml new file mode 100644 index 0000000..d71f24f --- /dev/null +++ b/playbooks/debian-init-local-phd.yml @@ -0,0 +1,21 @@ +- name: Update local user phd + hosts: localhost + gather_facts: false + vars: + system_groups: root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,bluetooth,davfs2,vboxusers,input + tasks: + - name: Create system groups + become: true + group: + name: "{{ item }}" + system: true + loop: "{{ system_groups.split(',') }}" + - name: Create group phd + become: true + group: + name: phd + - name: user phd + become: true + user: + name: phd + groups: "{{ system_groups }}" diff --git a/playbooks/debian-init-system.yml b/playbooks/debian-init-system.yml new file mode 100644 index 0000000..af87134 --- /dev/null +++ b/playbooks/debian-init-system.yml @@ -0,0 +1,7 @@ +- name: Create user phd + hosts: "{{ hosts | default('servers') }}" + gather_facts: false + roles: + - debian-sudo + - debian-phd + - debian-init-system diff --git a/playbooks/debian-init-user-phd.yml b/playbooks/debian-init-user-phd.yml deleted file mode 100644 index b842599..0000000 --- a/playbooks/debian-init-user-phd.yml +++ /dev/null @@ -1,57 +0,0 @@ -- name: Create user phd - hosts: "{{ hosts | default('servers') }}" - gather_facts: false - vars: - system_groups: root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,input - tasks: - - name: Create system groups - become: true - group: - name: "{{ item }}" - system: true - loop: "{{ system_groups.split(',') }}" - - name: Create group phd - become: true - group: - name: phd - - name: Add user phd - become: true - user: - name: phd - group: phd - groups: "{{ system_groups }}" - - name: Create folder ~phd/.ssh - file: - path: ~phd/.ssh - state: directory - owner: phd - group: phd - mode: 0700 - - name: Upload SSH key - copy: - src: ~/.ssh/phd@nb3.pub - dest: ~phd/.ssh/phd@nb3.pub - owner: phd - group: phd - mode: 0600 -- name: Update local user phd - hosts: localhost - gather_facts: false - vars: - system_groups: root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,bluetooth,davfs2,vboxusers,input - tasks: - - name: Create system groups - become: true - group: - name: "{{ item }}" - system: true - loop: "{{ system_groups.split(',') }}" - - name: Create group phd - become: true - group: - name: phd - - name: user phd - become: true - user: - name: phd - groups: "{{ system_groups }}" diff --git a/playbooks/roles/debian-init-system/README.txt b/playbooks/roles/debian-init-system/README.txt new file mode 100644 index 0000000..57a5b0a --- /dev/null +++ b/playbooks/roles/debian-init-system/README.txt @@ -0,0 +1 @@ +Init new Debian system: install minimal list of packages. diff --git a/playbooks/roles/debian-init-system/tasks/main.yml b/playbooks/roles/debian-init-system/tasks/main.yml new file mode 100644 index 0000000..5640f76 --- /dev/null +++ b/playbooks/roles/debian-init-system/tasks/main.yml @@ -0,0 +1,10 @@ +- name: Install minimal software packages + become: true + apt: + autoclean: yes + autoremove: yes + install_recommends: no + name: ['apt', 'aptitude', 'dselect', 'bash', 'bash-completion', 'mc', 'python', 'python3', 'rsync', 'vim'] + purge: yes + state: latest + update_cache: yes diff --git a/playbooks/roles/debian-phd/README.txt b/playbooks/roles/debian-phd/README.txt new file mode 100644 index 0000000..84c7fa3 --- /dev/null +++ b/playbooks/roles/debian-phd/README.txt @@ -0,0 +1,2 @@ +Init remote user phd: create system and user groups, create the user, +upload SSH public key. diff --git a/playbooks/roles/debian-phd/defaults/main.yml b/playbooks/roles/debian-phd/defaults/main.yml new file mode 100644 index 0000000..b9fc971 --- /dev/null +++ b/playbooks/roles/debian-phd/defaults/main.yml @@ -0,0 +1 @@ +system_groups: root,adm,disk,cdrom,floppy,sudo,audio,www-data,video,plugdev,staff,users,Debian-exim,fuse,sambashare,input diff --git a/playbooks/roles/debian-phd/tasks/main.yml b/playbooks/roles/debian-phd/tasks/main.yml new file mode 100644 index 0000000..cea3f9f --- /dev/null +++ b/playbooks/roles/debian-phd/tasks/main.yml @@ -0,0 +1,30 @@ +- name: Create system groups + become: true + group: + name: "{{ item }}" + system: true + loop: "{{ system_groups.split(',') }}" +- name: Create group phd + become: true + group: + name: phd +- name: Add user phd + become: true + user: + name: phd + group: phd + groups: "{{ system_groups }}" +- name: Create folder ~phd/.ssh + file: + path: ~phd/.ssh + state: directory + owner: phd + group: phd + mode: 0700 +- name: Upload SSH key + copy: + src: ~/.ssh/phd@nb3.pub + dest: ~phd/.ssh/authorized_keys + owner: phd + group: phd + mode: 0600 diff --git a/playbooks/roles/debian-sudo/README.txt b/playbooks/roles/debian-sudo/README.txt new file mode 100644 index 0000000..9d2929b --- /dev/null +++ b/playbooks/roles/debian-sudo/README.txt @@ -0,0 +1 @@ +Init sudo: install sudo, add user phd, allow passwordless operations. diff --git a/playbooks/roles/debian-sudo/tasks/main.yml b/playbooks/roles/debian-sudo/tasks/main.yml new file mode 100644 index 0000000..05544b1 --- /dev/null +++ b/playbooks/roles/debian-sudo/tasks/main.yml @@ -0,0 +1,22 @@ +- name: Install sudo + become: true + apt: + install_recommends: no + name: sudo + state: latest + update_cache: yes +- name: Add user phd to group sudo + become: true + user: + name: phd + append: yes + groups: sudo +- name: Allow passwordless operations + become: true + copy: + content: 'phd ALL=(ALL:ALL) NOPASSWD: ALL' + dest: /etc/sudoers.d/phd + owner: root + group: sudo + mode: 0640 + force: yes