diff options
| author | Joshua Lusk <luskjh@gmail.com> | 2026-05-25 20:25:32 -0400 |
|---|---|---|
| committer | Joshua Lusk <luskjh@gmail.com> | 2026-05-25 20:25:32 -0400 |
| commit | 03993e314ca2eefc8784d0349b8a55a0450a05f1 (patch) | |
| tree | 9816d3fc5b0713767d808cd0c7d9c977036e92ac | |
| parent | 522f354f231df5ef86d5489cf4980805b6ff9be1 (diff) | |
add users playbook
| -rw-r--r-- | .vscode/settings.json | 5 | ||||
| -rw-r--r-- | Makefile | 6 | ||||
| -rw-r--r-- | README.md | 20 | ||||
| -rw-r--r-- | playbooks/users.yaml | 42 |
4 files changed, 73 insertions, 0 deletions
diff --git a/.vscode/settings.json b/.vscode/settings.json index 832461d..ea8f51a 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -7,6 +7,11 @@ "editor.formatOnSave": true, "editor.tabSize": 2 }, + "[markdown]": { + "editor.rulers": [ + 65 + ] + }, "[toml]": { "editor.defaultFormatter": "tamasfe.even-better-toml", "editor.formatOnSave": true @@ -23,3 +23,9 @@ lint: .PHONY: ping ping: $(BIN)/ansible hollyhock -m ping -e @vault.yaml -e "ansible_user=$(or $(ANSIBLE_USER),ansible)" + +# Playbook targets (applicable order) + +.PHONY: users +users: + $(BIN)/ansible-playbook -e @vault.yaml -e "ansible_user=$(or $(ANSIBLE_USER),ansible)" playbooks/users.yaml @@ -26,4 +26,24 @@ _Listed in alphabetical order._ | `lint` | Run ansible lint | | `ping`<sup>*</sup> | Ping hollyhock host | +### Playbook targets + +_Listed in applicable order._ + +| Target | Description | +| ----------------------- | ----------- | +| `users`<sup>*</sup> | Add users | + +### <sup>*</sup>Pre-bootstraped targets + +Before the automation user is created, the `ping` and `users` +targets need to initially connect to the server host using an +existing user. Set `ANSIBLE_USER` to override the default +connection user: + +```sh +$ make ping ANSIBLE_USER=root +$ make users ANSIBLE_USER=root +``` + [hollyhock]: //hollyhock.sorantics.com diff --git a/playbooks/users.yaml b/playbooks/users.yaml new file mode 100644 index 0000000..913e6a9 --- /dev/null +++ b/playbooks/users.yaml @@ -0,0 +1,42 @@ +- name: Add users + hosts: hollyhock + become: "{{ ansible_user != 'root' }}" + tasks: + - name: Create groups + ansible.builtin.group: + name: "{{ item }}" + state: present + loop: + - "{{ admin_group }}" + - "{{ automation_group }}" + - "{{ deploy_group }}" + + - name: Create users + ansible.builtin.user: + name: "{{ item.user }}" + password: "{{ item.password | password_hash('sha512') }}" + update_password: on_create + groups: "{{ item.groups }}" + shell: /bin/bash + create_home: true + loop: + - user: "{{ admin_user }}" + password: "{{ admin_password }}" + groups: "{{ admin_group }},sudo" + - user: "{{ automation_user }}" + password: "{{ automation_password }}" + groups: "{{ automation_group }},sudo" + - user: "{{ deploy_user }}" + password: "{{ deploy_password }}" + groups: "{{ deploy_group }}" + no_log: true + + - name: Add ssh keys + ansible.posix.authorized_key: + user: "{{ item }}" + state: present + key: "{{ ssh_key }}" + loop: + - "{{ admin_user }}" + - "{{ automation_user }}" + - "{{ deploy_user }}" |