197 lines
5.3 KiB
YAML
197 lines
5.3 KiB
YAML
---
|
|
|
|
# ---
|
|
# - webadmin user/group
|
|
# ---
|
|
|
|
- name: (webadmin-user.yml) Ensure webadmin group exists
|
|
group:
|
|
name: '{{ item.name }}'
|
|
state: present
|
|
gid: '{{ item.group_id | default(omit) }}'
|
|
with_items: '{{ webadmin_user }}'
|
|
when:
|
|
- groups['webadmin']|string is search(inventory_hostname)
|
|
- webadmin_user is defined
|
|
- item.group_id is defined
|
|
tags:
|
|
- webadmin
|
|
- groups-exists
|
|
|
|
- name: (webadmin-user.yml) Ensure webadmin user exists
|
|
user:
|
|
name: '{{ item.name }}'
|
|
state: present
|
|
uid: '{{ item.user_id | default(omit) }}'
|
|
group: '{{ item.name | default(omit) }}'
|
|
home: '{{ item.home | default(omit) }}'
|
|
shell: '{{ item.shell|d("/bin/bash") }}'
|
|
password: "{{ item.password }}"
|
|
update_password: on_create
|
|
with_items: '{{ webadmin_user }}'
|
|
when:
|
|
- groups['webadmin']|string is search(inventory_hostname)
|
|
- webadmin_user is defined
|
|
tags:
|
|
- webadmin
|
|
- users-exists
|
|
|
|
- name: (webadmin-user.yml) Ensure authorized_key files for webadmin user is present
|
|
authorized_key:
|
|
user: "{{ item.0.name }}"
|
|
key: "{{ item.1 }}"
|
|
state: present
|
|
with_subelements:
|
|
- '{{ webadmin_user }}'
|
|
- ssh_keys
|
|
when:
|
|
- groups['webadmin']|string is search(inventory_hostname)
|
|
- webadmin_user is defined
|
|
tags:
|
|
- webadmin
|
|
- authorized_key
|
|
|
|
- name: (webadmin-user.yml) Copy default ed25519 ssh private key to user webadmin
|
|
copy:
|
|
src: '{{ item.priv_key_src }}'
|
|
dest: '{{ item.priv_key_dest }}'
|
|
owner: '{{ item.login }}'
|
|
group: '{{ item.login }}'
|
|
mode: '0600'
|
|
#when: groups['oopen_server']|string is search(inventory_hostname)
|
|
when:
|
|
- insert_webadmin_ssh_keypair|bool
|
|
with_items: '{{ webadmin_ssh_keypair }}'
|
|
tags:
|
|
- webadmin
|
|
- webadmin-defaut-ssh-keypair
|
|
|
|
- name: (webadmin-user.yml) Copy default ssh key ed25519 public key to user webadmin
|
|
copy:
|
|
src: '{{ item.pub_key_src }}'
|
|
dest: '{{ item.pub_key_dest }}'
|
|
owner: '{{ item.login }}'
|
|
group: '{{ item.login }}'
|
|
mode: '0644'
|
|
with_items: '{{ webadmin_ssh_keypair }}'
|
|
when:
|
|
- insert_webadmin_ssh_keypair|bool
|
|
tags:
|
|
- webadmin
|
|
- webadmin-defaut-ssh-keypair
|
|
|
|
- name: (webadmin-user.yml) Ensure .ssh/config of user webadmin is up-to-date
|
|
template:
|
|
src: var/www/.ssh/config.j2
|
|
dest: '~webadmin/.ssh/config'
|
|
owner: webadmin
|
|
group: webadmin
|
|
mode: '0644'
|
|
when:
|
|
- insert_webadmin_ssh_keypair|bool
|
|
tags:
|
|
- webadmin
|
|
- webadmin-defaut-ssh-keypair
|
|
|
|
# devel-repos contains SVN repositiries; webadmin must have ssh access to
|
|
# to webadmin at devel-repos to manage SVN repository
|
|
#
|
|
- name: (webadmin-user.yml) Ensure authorized_key on devel-repos hosts contains public key
|
|
authorized_key:
|
|
user: "{{ item.login }}"
|
|
key: "{{ lookup('file', item.pub_key_src) }}"
|
|
state: present
|
|
with_items: '{{ webadmin_ssh_keypair }}'
|
|
when: inventory_hostname == item.target
|
|
tags:
|
|
- webadmin
|
|
- authorized_key
|
|
- insert_webadmin_ssh_public_key
|
|
|
|
|
|
# --
|
|
# Copy .bashrc
|
|
# ---
|
|
|
|
- name: (webadmin-user.yml) Check if webadmin's file '.bashrc.ORIG' exists
|
|
stat:
|
|
path: "~{{ item.name }}/.bashrc.ORIG"
|
|
register: bashrc_webadmin_orig_exists
|
|
with_items: "{{ webadmin_user }}"
|
|
tags:
|
|
- webadmin
|
|
- bash
|
|
|
|
- name: (webadmin-user.yml) Backup existing webadmin's .bashrc file
|
|
command: cp ~{{ item.item.name }}/.bashrc ~{{ item.item.name }}/.bashrc.ORIG
|
|
with_items: "{{ bashrc_webadmin_orig_exists.results }}"
|
|
when: item.stat.exists == False
|
|
tags:
|
|
- webadmin
|
|
- bash
|
|
|
|
- name: (webadmin-user.yml) copy new .bashrc ifor webadmin if it exists
|
|
copy:
|
|
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc') }}"
|
|
dest: "~{{ item.name }}/.bashrc"
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: 0644
|
|
with_items: "{{ webadmin_user }}"
|
|
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_bashrc')
|
|
tags:
|
|
- webadmin
|
|
- bash
|
|
|
|
# --
|
|
# Copy .profile
|
|
# ---
|
|
|
|
- name: (webadmin-user.yml) Check if webadmin's file '.profile.ORIG' exists
|
|
stat:
|
|
path: "~{{ item.name }}/.profile.ORIG"
|
|
register: profile_webadmin_orig_exists
|
|
with_items: "{{ webadmin_user }}"
|
|
tags:
|
|
- webadmin
|
|
- profile
|
|
|
|
- name: (webadmin-user.yml) Backup existing users .profile file
|
|
command: cp ~{{ item.item.name }}/.profile ~{{ item.item.name }}/.profile.ORIG
|
|
with_items: "{{ profile_webadmin_orig_exists.results }}"
|
|
when: item.stat.exists == False
|
|
tags:
|
|
- webadmin
|
|
- profile
|
|
|
|
- name: (webadmin-user.yml) copy .profile for user webadmin if it exists
|
|
copy:
|
|
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile') }}"
|
|
dest: "~{{ item.name }}/.profile"
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: 0644
|
|
with_items: "{{ webadmin_user }}"
|
|
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_profile')
|
|
tags:
|
|
- webadmin
|
|
- profile
|
|
|
|
# --
|
|
# Copy .vimrc
|
|
# ---
|
|
|
|
- name: (webadmin-user.yml) copy .vimrc for user webadmin if it exists
|
|
copy:
|
|
src: "{{ lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc') }}"
|
|
dest: "~{{ item.name }}/.vimrc"
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: 0644
|
|
with_items: "{{ webadmin_user }}"
|
|
when: lookup('fileglob', inventory_dir + '/files/homedirs/' + item.name + '/_vimrc')
|
|
tags:
|
|
- webadmin
|
|
- vim
|
|
|