Allow multiple users

This commit is contained in:
Alex 2020-05-25 21:36:49 +02:00
parent 42561893f3
commit d8ccb3b45a
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
4 changed files with 12 additions and 49 deletions

View File

@ -24,9 +24,3 @@
systemd:
name: ssh
state: reloaded
- name: Enable and restart iptables
systemd:
name: netfilter-persistent
enabled: yes
state: restarted
daemon_reload: yes

View File

@ -1,59 +1,29 @@
- name: Install base tools
apt:
install_recommends: no
name:
- iptables-persistent
- netfilter-persistent
- sed
- git
- zsh
- vim
- sudo
- iptables
cache_valid_time: 3600
tags:
- setup
- packages
- name: Upgrade all packages to the latest version
apt:
name: "*"
state: latest
tags:
- update
- packages
- name: Clean up unused dependencies and packages
apt:
autoremove: yes
autoclean: yes
tags:
- update
- packages
- name: Create unpriviledged user
loop: "{{ users }}"
no_log: true
user:
name: '{{ username }}'
password: "{{ password | password_hash('sha512') }}" # TODO: Set up a vault for user and pass
shell: /bin/zsh
groups: sudo
name: "{{ item.user }}"
password: "{{ item.password | password_hash('sha512') }}"
shell: "{{ item.shell }}"
groups: "{{ item.groups }}"
append: yes
tags:
- setup
- users
notify:
- Disable the root account
- name: Copy ssh key for unpriviledged user
loop: "{{ users }}"
no_log: true
authorized_key:
key: "{{lookup('file', '{{ role_path }}/files/ssh.pub')}}"
key: "{{lookup('file', '{{ role_path }}/files/{{ item.user }}.pub')}}"
follow: yes
user: '{{ username }}'
user: '{{ item.user }}'
tags:
- setup
- users
- name: Set base iptables filter
- name: Set base iptables filter # TODO: Replace this with the firewall role
copy:
src: '{{ role_path }}/files/iptables-rules/'
dest: '/etc/iptables/'
notify:
- Enable and restart iptables
notify: Run service actions
tags:
- update
- firewall

View File

@ -1 +0,0 @@
username: caskd