Allow multiple users

2020-05-25 21:36:49 +02:00 · 2020-05-25 21:36:49 +02:00 · d8ccb3b45a
parent 42561893f3
commit d8ccb3b45a
4 changed files with 12 additions and 49 deletions
--- a/files/caskd.pub
+++ b/files/caskd.pub
--- a/handlers/main.yml
+++ b/handlers/main.yml
@ -24,9 +24,3 @@
  systemd:
        name: ssh
        state: reloaded
- name: Enable and restart iptables
-  systemd:
-        name: netfilter-persistent
-        enabled: yes
-        state: restarted
-        daemon_reload: yes
--- a/tasks/main.yml
+++ b/tasks/main.yml
@ -1,59 +1,29 @@
- name: Install base tools
-  apt:
-        install_recommends: no
-        name:
-                - iptables-persistent
-                - netfilter-persistent
-                - sed
-                - git
-                - zsh
-                - vim
-                - sudo
-                - iptables
-        cache_valid_time: 3600
-  tags:
-        - setup
-        - packages
- name: Upgrade all packages to the latest version
-  apt:
-        name: "*"
-        state: latest
-  tags:
-        - update
-        - packages
- name: Clean up unused dependencies and packages
-  apt:
-        autoremove: yes
-        autoclean: yes
-  tags:
-        - update
-        - packages
 - name: Create unpriviledged user
+  loop: "{{ users }}"
+  no_log: true
  user:
-        name: '{{ username }}'
-        password: "{{ password | password_hash('sha512') }}" # TODO: Set up a vault for user and pass
-        shell: /bin/zsh
-        groups: sudo
+        name: "{{ item.user }}"
+        password: "{{ item.password | password_hash('sha512') }}"
+        shell: "{{ item.shell }}"
+        groups: "{{ item.groups }}"
        append: yes
  tags:
-        - setup
        - users
  notify:
        - Disable the root account
 - name: Copy ssh key for unpriviledged user
+  loop: "{{ users }}"
+  no_log: true
  authorized_key:
-        key: "{{lookup('file', '{{ role_path }}/files/ssh.pub')}}"
+        key: "{{lookup('file', '{{ role_path }}/files/{{ item.user }}.pub')}}"
        follow: yes
-        user: '{{ username }}'
+        user: '{{ item.user }}'
  tags:
-        - setup
        - users
- name: Set base iptables filter
+- name: Set base iptables filter # TODO: Replace this with the firewall role
  copy:
        src: '{{ role_path }}/files/iptables-rules/'
        dest: '/etc/iptables/'
-  notify:
-        - Enable and restart iptables
+  notify: Run service actions
  tags:
-        - update
        - firewall
--- a/vars/main.yml
+++ b/vars/main.yml
@ -1 +0,0 @@
-username: caskd