Verified Commit c0c932d7 authored by Todor Kondic's avatar Todor Kondic
Browse files

User tasks

parent c6706c6a
- hosts: planb
become: true
vars_files:
- vars/users.yml
pre_tasks:
- name: Update repositories
apt: update_cache=yes
changed_when: False
tasks:
- include: tasks/apt.yml
- include: tasks/users.yml
- name: Install debian packages.
apt:
name: [ 'openssh-server',
'tigervnc-standalone-server',
'xfce4',
'autocutsel',
'curl',
'wget',
'gzip',
'atop',
'git' ]
tags: upd-pack
- hosts: localhost
vars:
digital_ocean_token: "{{ lookup('env','DO_API_TOKEN') }}"
droplet_size: c-4cpu-8gb
droplet_region: ams3
droplet_image: ubuntu-20-04-x64
tasks:
- name: "add public ssh key to digitalocean account"
digital_ocean_sshkey:
name: "tier key"
oauth_token: "{{ digital_ocean_token }}"
ssh_pub_key: "{{lookup('file', '~/.ssh/id_rsa.pub') }}"
state: present
register: sshkey_result
- name: create a new droplet assigning the key
digital_ocean_droplet:
name: "{{ item }}"
oauth_token: "{{ digital_ocean_token }}"
size: "{{ droplet_size }}"
region: "{{ droplet_region }}"
image: "{{ droplet_image }}"
wait_timeout: 600
unique_name: yes
ssh_keys: ["{{ sshkey_result.data.ssh_key.id }}"]
state: present
with_inventory_hostnames:
- plan_b
register: droplet_result
- name: save ip and hostname to local hosts file /etc/hosts
become: yes
lineinfile:
path: meta/planb.hosts
regexp: '.*{{ item.data.droplet.name }}$'
line: "{{ item.data.ip_address }} {{ item.data.droplet.name }}"
with_items: "{{ droplet_result.results }}"
- name: Make big disk group
group:
name: scratch
state: present
- name: Add normal users.
user:
name: "{{ item.login }}"
comment: "{{ item.name }}"
groups: adm , cdrom , dip , plugdev , scratch
generate_ssh_key: yes
update_password: on_create
loop: "{{ users }}"
when: not item.sudo
- name: Add normal sudo users.
user:
name: "{{ item.login }}"
comment: "{{ item.name }}"
generate_ssh_key: yes
groups: sudo , adm , cdrom , dip , plugdev , scratch
update_password: on_create
loop: "{{ users }}"
when: item.sudo
- name: Add SSH pub keys to authorized_keys.
authorized_key:
user: "{{ item['login'] }}"
key: "{{ item['sshkey'] }}"
exclusive: yes
ignore_errors: yes
when: item.sshkey
loop: "{{ users }}"
users:
- login: ecitk
displ: 1
sudo: yes
name: Todor
sshkey: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvodoKak1YZDw/psy6XYT/dFKvZkeIwwFexwQPVtH36tOpexVFXLQ0fYpSzQiQdejnCzLlaMFUAQCqotKObp7ByKlEHsacxUtq4XxddufX67XV3jQuvitr51x9JDxaa0XpG0uZpN4uYNV9ievWiF2ZTBxS6+SZM7eKuLjhJPafwltWzZxGiBjm1/HP7IExSpGhgvdaoEspozNBWrm9ILGF1s957jsiq/+5cbXyY3Z37Js2ByyA1eM9Zmhai/5dzhwzqQuOvGVFHSNmJEjL+ZmQtpLqaq5o8YvSUu/jL7ZMe58Ppx3sbuCW0bGJ4NwJi1yankKEdotPiu1rjrfcN2hSg8rTLx+qJ3i7vBH3jgyS54K4Jfob1lbEwpE2OeBwiY9mcJbuMOsj7MS9vYzrVYACymbS+cLprEm5Wr7Rdy5jx23p1YMHFqmFUWZFs1Esa0wOGPwnaDUxTQWk3HtA8nah8p92F55yqPfGNL3eH8h0tPMsQDBms0jxQak10lvQa5Skdd5Jte8JHg6H0jbTuFZoXrIynqUxttdKCHPYcRt/YsFB5iXT1JqCe0ftVTYYb9/2rNJHQnTQ5zfaGXuCoT6aJmR7bWy7jhsGlxuDyON1bVTw8Sq0DGXZPmAwhZAqGwnhs0YDYH+VTtZA1fgY5EXQmafC8UPYExY9WKeNgCo22w== user@machine"
- login: ecies
sudo: no
displ: 2
sshkey: no
name: Emma
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment