58 lines
1.7 KiB
YAML
58 lines
1.7 KiB
YAML
---
|
|
- name: Add user 'tps' with sudo ability and SSH key
|
|
hosts: servers
|
|
become: true
|
|
|
|
vars_prompt:
|
|
- name: tps_password
|
|
prompt: "Enter the password for 'tps' user:"
|
|
private: yes
|
|
|
|
tasks:
|
|
- name: Create the 'tps' user
|
|
user:
|
|
name: tps
|
|
state: present
|
|
shell: /bin/bash
|
|
createhome: yes
|
|
|
|
- name: Set password for 'tps' user
|
|
ansible.builtin.shell: echo "tps:{{ tps_password | password_hash('sha512', 'mysecretsalt') }}" | chpasswd
|
|
|
|
- name: Generate RSA SSH key pair for 'tps' user (if not already generated)
|
|
ansible.builtin.shell: ssh-keygen -t rsa -b 4096 -C "tps@{{ ansible_hostname }}" -f "/home/tps/.ssh/id_rsa" creates="/home/tps/.ssh/id_rsa"
|
|
|
|
- name: Set appropriate permissions for 'tps' user's SSH directory
|
|
ansible.builtin.file:
|
|
path: /home/tps/.ssh
|
|
state: directory
|
|
mode: "0700"
|
|
owner: tps
|
|
group: tps
|
|
|
|
- name: Read the public key content
|
|
ansible.builtin.slurp:
|
|
src: /home/tps/.ssh/id_rsa.pub
|
|
register: public_key_file
|
|
|
|
- name: Add 'tps' user to sudoers
|
|
ansible.builtin.lineinfile:
|
|
path: /etc/sudoers
|
|
line: 'tps ALL=(ALL:ALL) ALL'
|
|
validate: 'visudo -cf %s'
|
|
|
|
- name: Add the public key to Gitea using the API with the access token
|
|
ansible.builtin.uri:
|
|
url: "https://gitea.hptrow.me/api/v1/user/keys"
|
|
method: POST
|
|
headers:
|
|
Authorization: "a3b03005781823a4fc0c4b435269408d94e0e2f8"
|
|
Content-Type: "application/json"
|
|
body_format: json
|
|
body:
|
|
title: "tps-{{ ansible_hostname }}"
|
|
key: "{{ public_key_file.content | b64decode }}"
|
|
status_code: 201
|
|
delegate_to: localhost
|
|
|