General improvements

167787ed · jurgenhaas · b8f08fe1 · 167787ed · 167787ed · 167787ed
Commit 167787ed authored 9 years ago by jurgenhaas
--- a/tasks/commonauth.yml
+++ b/tasks/commonauth.yml
 ---
 # file: roles/commonauth/tasks/commonauth.yml

- name: "Common | Create The /etc/hosts File"
+- name: "Create The /etc/hosts File"
  template:
-    src=etc_hosts
-    dest=/etc/hosts
-    owner=root
-    group=root
-    mode=0644
+    src='etc_hosts'
+    dest='/etc/hosts'
+    owner='root'
+    group='root'
+    mode='644'

- name: "User | Create All Required Users"
+- name: "Create All Required Users"
  user:
-    name={{ item }}
-    group=root
-    groups=root,sudo,www-data
-    home=/home/{{ item }}
+    name='{{ item }}'
+    group='root'
+    groups="{{ users[item].groups|default('www-data') }}"
+    home='/home/{{ item }}'
    generate_ssh_key=yes
    ssh_key_bits=2048
-    password={{ initial_password }}
-    update_password=on_create
-  with_items: admins
+    password='{{ initial_password }}'
+    update_password='on_create'
+  with_flattened:
+    - admins
+    - jailusers

- name: "User | Copy SSH Config For Server-To-Server Communication For Admins"
+- name: "Copy SSH Config For Server-To-Server Communication For Admins"
  template:
-    src=ssh_config
-    dest=/home/{{ item }}/.ssh/config
-    owner={{ item }}
-    group=root
-    mode=644
-  with_items: admins
+    src='ssh_config'
+    dest='/home/{{ item }}/.ssh/config'
+    owner='{{ item }}'
+    group='root'
+    mode='644'
+  with_flattened:
+    - admins
+    - jailusers
+
+- include: distribute_tunnel_keys.yml
+  when: distribute_keys

 - include: distribute_keys.yml
+  with_flattened:
+    - admins
+    - jailusers
  when: distribute_keys

 #TODO: Make sure that the user already exists
- name: "User | Install Public Key For Extra Users"
+- name: "Install Public Key For Extra Users"
  authorized_key:
-    user={{ item.username }}
+    user='{{ item.username }}'
    key="{{ lookup('file', inventory_dir + '/files/keys/' + item.keyname + '.d2s.pub') }}"
  with_items: auth_keys
--- a/tasks/distribute_keys.yml
+++ b/tasks/distribute_keys.yml
@@ -7,27 +7,12 @@
  file:
    path=/home/{{ item }}/.ssh/auth_keys_fresh
    state=absent
-  with_items: admins

 - name: "Keys | Install Public Keys For Desktop-To-Server Communication in a fresh file"
  authorized_key:
    user={{ item }}
    key="{{ lookup('file', inventory_dir + '/files/keys/' + item + '.d2s.pub') }}"
    path=/home/{{ item }}/.ssh/fresh_auth_keys_{{ item }}
-  with_items: admins
-
- name: "Keys | Read public key of tunnel user"
-  command: more /home/{{ tunnel_user_name }}/.ssh/id_rsa.pub
-  register: pubkey
-
- name: "Keys | Distribute public key of tunnel user"
-  authorized_key:
-    user={{ tunnel_user_name }}
-    key="{{ pubkey.stdout }} {{ inventory_hostname }}"
-    path=/home/{{ tunnel_user_name }}/.ssh/fresh_auth_keys_tunnel_{{ inventory_hostname }}
-  delegate_to: '{{ item }}'
-  with_items: groups.all
-  when: item != "localhost" and inventory_hostname != "localhost"

 - name: "Keys | Merge all public keys"
  shell: cat /home/{{ item }}/.ssh/fresh_auth_keys* > /home/{{ item }}/.ssh/auth_keys_fresh

--- a/tasks/distribute_tunnel_keys.yml
+++ b/tasks/distribute_tunnel_keys.yml
+---
+# file: roles/commonauth/tasks/distribute_tunnel_keys.yml
+
+- name: "Keys | Read public key of tunnel user"
+  command: more /home/{{ tunnel_user_name }}/.ssh/id_rsa.pub
+  register: pubkey
+
+- name: "Distribute public key of tunnel user"
+  authorized_key:
+    user='{{ tunnel_user_name }}'
+    key="{{ pubkey.stdout }} {{ inventory_hostname }}"
+    path='/home/{{ tunnel_user_name }}/.ssh/fresh_auth_keys_tunnel_{{ inventory_hostname }}'
+  delegate_to: '{{ item }}'
+  with_items: groups.all
+  when: item != "localhost" and inventory_hostname != "localhost"