You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/roles/bootstrap/tasks/privilege.yml

64 lines
1.9 KiB
YAML

---
- name: Install required packages
apt:
state: present
name:
- sudo
- name: Create new user {{ bootstrap_expected_user }}
user:
state: present
name: "{{ bootstrap_expected_user }}"
groups:
- sudo
append: yes
password: "{{ bootstrap_expected_become_pass | password_hash('sha512', LOCAL_SALT) }}"
update_password: on_create
register: bootstrap_expected_user_data
- name: Copy SSH Keys if bootstraped now
when: bootstrap_used
block:
- name: Retrieve data from user {{ bootstrap_user }}
user:
name: "{{ bootstrap_user }}"
state: present
register: bootstrap_user_data
- name: Be sure old user has .ssh directory
file:
state: directory
path: "{{ bootstrap_user_data.home }}/.ssh"
owner: "{{ bootstrap_user }}"
group: "{{ bootstrap_user }}"
mode: "u=rwx,g=rx,o="
- name: Be sure old user has authorized_keys file
file:
state: touch
path: "{{ bootstrap_user_data.home }}/.ssh/authorized_keys"
owner: "{{ bootstrap_user }}"
group: "{{ bootstrap_user }}"
mode: "u=rw,g=r,o="
- name: Create .ssh directory for user {{ bootstrap_expected_user }}
file:
path: "{{ bootstrap_expected_user_data.home }}/.ssh"
state: directory
owner: "{{ bootstrap_expected_user }}"
group: "{{ bootstrap_expected_user }}"
become: yes
- name: Transfer SSH keys to new user
copy:
remote_src: yes
src: "{{ bootstrap_user_data.home }}/.ssh/authorized_keys"
dest: "{{ bootstrap_expected_user_data.home }}/.ssh/authorized_keys"
owner: "{{ bootstrap_expected_user }}"
group: "{{ bootstrap_expected_user }}"
mode: u=rw,g=r,o=
become: yes
- name: Configure given SSH key for new user
authorized_key:
state: present
user: "{{ bootstrap_expected_user }}"
key: "{{ lookup('file', '~/.ssh/id_ed25519.pub') }}"