roles: refactor roles to start a docker container with directus and psotgresql database, add text-editor tool
This commit is contained in:
parent
e17f194745
commit
7bdbf243f2
SSH key fingerprint:
SHA256:adl1xwySHDTNcPt/f+Y8np42DFn8wbykFk3KWvbZWXk
16 changed files with 249 additions and 157 deletions
2
roles/create_user_with_root/files/authorized_keys
Normal file
2
roles/create_user_with_root/files/authorized_keys
Normal file
|
|
@ -0,0 +1,2 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRnv0VogdTwQWhfYqKaIMzSll2JG4hvO9jryP8aJl4u MacBook Pro von Jan
|
||||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkNsib7eOmVt7EPp7R1QJ4iZRBu8MqsvGUaF9JdcbyU iPhone 16 Pro Max von Jan
|
||||
|
|
@ -1,42 +1,58 @@
|
|||
|
||||
- name: Erstelle einen neuen User mit Sudo-Rechten
|
||||
user:
|
||||
name: "{{ username }}"
|
||||
password: "{{ user_password | password_hash('sha512') }}" # Das Passwort wird mit SHA-512 gehasht
|
||||
name: "{{ user_name }}"
|
||||
password: "{{ lookup('pipe', 'op read \"op://' + op_password_path + '\"') | password_hash('sha512') }}"
|
||||
state: present
|
||||
shell: /bin/bash
|
||||
groups: wheel # Gibt Sudo-Rechte
|
||||
groups: wheel
|
||||
append: yes
|
||||
|
||||
- name: Erstelle den SSH-Ordner für den neuen User
|
||||
file:
|
||||
path: "/home/{{ username }}/.ssh"
|
||||
path: "/home/{{ user_name }}/.ssh"
|
||||
state: directory
|
||||
mode: '0700'
|
||||
owner: "{{ username }}"
|
||||
group: "{{ username }}"
|
||||
owner: "{{ user_name }}"
|
||||
group: "{{ user_name }}"
|
||||
|
||||
- name: Setze die Berechtigungen für die authorized_keys-Datei
|
||||
file:
|
||||
path: "/home/{{ username }}/.ssh/authorized_keys"
|
||||
path: "/home/{{ user_name }}/.ssh/authorized_keys"
|
||||
state: touch
|
||||
mode: '0600'
|
||||
owner: "{{ username }}"
|
||||
group: "{{ username }}"
|
||||
owner: "{{ user_name }}"
|
||||
group: "{{ user_name }}"
|
||||
|
||||
- name: Add public key to enable user ssh
|
||||
lineinfile:
|
||||
path: "/home/{{ username }}/.ssh/authorized_keys"
|
||||
line: '{{ ssh_public_key }}'
|
||||
state: present
|
||||
- name: Add public keys as authorized_keys
|
||||
copy:
|
||||
src: files/authorized_keys
|
||||
dest: "/home/{{ user_name }}/.ssh/authorized_keys"
|
||||
|
||||
- name: Grant sudo privileges to the user
|
||||
- name: Grant passwordless sudo privileges to the user
|
||||
lineinfile:
|
||||
path: /etc/sudoers
|
||||
regexp: "^{{ username }} "
|
||||
line: "{{ username }} ALL=(ALL) ALL"
|
||||
regexp: "^{{ user_name }} "
|
||||
line: "{{ user_name }} ALL=(ALL) NOPASSWD: ALL"
|
||||
validate: visudo -cf %s
|
||||
|
||||
- name: Ensure Docker group exists
|
||||
ansible.builtin.group:
|
||||
name: docker
|
||||
state: present
|
||||
|
||||
- name: Add user to Docker group
|
||||
ansible.builtin.user:
|
||||
name: "{{ user_name }}"
|
||||
groups: docker
|
||||
append: yes
|
||||
|
||||
- name: Enable and start Docker service
|
||||
ansible.builtin.service:
|
||||
name: docker
|
||||
state: started
|
||||
enabled: yes
|
||||
|
||||
- name: Entferne den Root-SSH-Zugang
|
||||
lineinfile:
|
||||
path: /etc/ssh/sshd_config
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue