Staf Wagemakers

Hi, I’m staf…

Ansible role: users 1.1.0 released

3 minute read

playbook

The Ansible role stafwag.users is available at: https://github.com/stafwag/ansible-role-users

ChangeLog

lineinfile ‘create’ directive added

  • create directive added.
  • Update dir_mode perm to ‘0700’ to be compatible with newer ansible versions.
  • Use string for perm mode to be compatible with newer ansible versions documentation updated

Have fun!

Ansible Role: users

An ansible role to manage user and user files - files in the home directory -.

Requirements

None

Role Variables

The following variables are set by the role.

  • root_group: The operating system root group. root by default. wheel on BSD systems.
  • sudo_group: The operating system sudo group. wheel by default. sudo on Debian systems.
  • users: Array of users to manage
    • name: name of the user.
    • group: primary group. if state is set to present the user primary group will be created. if state is set to absent the primary group will be removed.
    • uid: uid.
    • gid: gid.
    • groups: additional groups.
    • append: no (default) | yes. If yes, add the user to the groups specified in groups. If no, user will only be added to the groups specified in groups, removing them from all other groups.
    • state: absent present (default)
    • comment: user comment (GECOS)
    • home: Optionally set the user’s home directory.
    • password: Optionally set the user’s password to this crypted value.
    • password_lock: no yes lock password (ansible 2.6+)
    • ssh_authorized_keys: Array of the user ssh authorized keys
      • key: The ssh public key
      • state: absent present (default) Whether the given key (with the given key_options) should or should not be in the file.
      • exclusive: no (default) yes. Whether to remove all other non-specified keys from the authorized_keys file.
      • key_options: A string of ssh key options to be prepended to the key in the authorized_keys file.
    • user_files: array of the user files to manage.
      • path: path in the user home directoy. The home directory will be detected by getent_passwd
      • content: file content
      • state: absent present (default)
      • backup: no (default) yes. create a backup file.
      • dir_create: false (default) true.
      • dir_recurse: no (default) yes create the directory recursively.
      • mode: Default: ‘0600’. The permissions of the resulting file.
      • dir_mode: Default: ‘0700’. The permissions of the resulting directory.
      • owner: Name of the owner that should own the file/directory, as would be fed to chown.
      • owner: Name of the group that should own the file/directory, as would be fed to chown.
    • user_lineinfiles: Array of user lineinfile.
      • path: path in the user home directoy. The home directory will be detected by getent_passwd
      • regexp: The regular expression to look for in every line of the file.
      • line: The line to insert/replace into the file.
      • state: absent present (default)
      • backup: no (default) yes Create a backup
      • mode: Default: 600. The permissions of the resulting file.
      • dir_mode: Default: 700. The permissions of the resulting directory.
      • owner: Name of the owner that should own the file/directory, as would be fed to chown.
      • owner: Name of the group that should own the file/directory, as would be fed to chown.
      • create: Default: no. Create file if not exists

Dependencies

None

Example Playbooks

Create user with authorized key

- name: add user & ssh_authorized_key
  hosts: testhosts
  become: true
  vars:
    users:
      - name: test0001
        group: test0001
        password: ""
        state: "present"
        ssh_authorized_keys:
          - key: ""
            key_options: "no-agent-forwarding"
  roles:
    - stafwag.users

Add user to the sudo group

- name: add user to the sudo group
  hosts: testhosts
  become: true
  vars:
    users:
      - name: test0001
        groups: ""
        append: true
  roles:
    - stafwag.users

Create .ssh/config.d/intern_config and include it in .ssh/config

- name: setup tyr ssh_config
  become: true
  hosts: tyr
  vars:
    users:
      - name: staf
        user_files:
          - name: ssh config
            path: .ssh/config
            dir_create: true
            state: present
          - name: ssh config.d/intern_config
            path: .ssh/config.d/intern_config
            content: ""
            dir_create: true
        user_lineinfiles:
          - name: include intern_config
            path: .ssh/config
            state: present
            regexp: "^include config.d/intern_config"
            line: "include config.d/intern_config"
  roles:
    - stafwag.users

License

MIT/BSD

Author Information

Created by Staf Wagemakers, email: staf@wagemakers.be, website: http://www.wagemakers.be.

Categories:

Updated:

Leave a comment

You may also enjoy

Running OpenBSD as an UEFI virtual machine (on a Raspberry Pi)

9 minute read

I started to migrate all the services that I use on my internal network to my Raspberry Pi 4 cluster. I migrated my FreeBSD jails to BastileBSD on a virtual machine running on a Raspberry Pi. See my blog post on how to migrate from ezjail to BastilleBSD. https://stafwag.github.io/blog/blog/2023/09/10/migrate-from-ezjail-to-bastille-part1-introduction-to-bastillebsd/

tianocore

Running FreeBSD as a virtual machine with UEFI on ARM64 came to the point that it just works. I have to use QEMU with u-boot to get FreeBSD up and running on the Raspberry Pi as a virtual machine with older FreeBSD versions: https://stafwag.github.io/blog/blog/2021/03/14/howto_run_freebsd_as_vm_on_pi/.

But with the latest versions of FreeBSD ( not sure when it started to work, but it works on FreeBSD 14) you can run FreeBSD as a virtual machine on ARM64 with UEFI just like on x86 on GNU/Linux with KVM.

UEFI on KVM is in general provided by the open-source tianocore project.

I didn’t find much information on how to run OpenBSD with UEFI on x86 or ARM64.

OpenBSD 7.4

So I decided to write a blog post about it, in the hope that this information might be useful to somebody else. First I tried to download the OpenBSD 7.4 ISO image and boot it as a virtual machine on KVM (x86). But the iso image failed to boot on a virtual with UEFI enabled. It looks like the ISO image only supports a legacy BIOS.

ARM64 doesn’t support a “legacy BIOS”. The ARM64 download page for OpenBSD 7.4 doesn’t even have an ISO image, but there is an install-<version>.img image available. So I tried to boot this image on one of my Raspberry Pi systems and this worked. I had more trouble getting NetBSD working as a virtual machine on the Raspberry Pi but this might be a topic for another blog post :-)

You’ll find my journey with my installation instructions below.

Read more...

Getting started with GitLab-CE. Part 1: Installation

12 minute read

CI/CD Platform Overview

When you want or need to use CI/CD you have a lot of CI/CD platforms where you can choose from. As with most “tools”, the tool is less important. What (which flow, best practices, security benchmarks, etc) and how you implement it, is what matters.

One of the most commonly used options is Jenkins.

I used and still use Jenkins and created a jenkins build workstation to build software and test in my homelab a couple of years back.

jenkins

Jenkins started as Hudson at Sun Microsystem(RIP). Hudson is one of the many open-source projects that were started at Sun and killed by Oracle. Jenkins continued as the open-source fork of Hudson.

Jenkins has evolved. If you need to do more complex things you probably end up creating a lot of groovy scripts, nothing wrong with groovy. But as with a lot of discussions about programming, the ecosystem (who is using it, which libraries are available, etc) is important.

Groovy isn’t that commonly used in and known in the system administration ecosystem so this is probably something you need to learn if you’re coming for the system administrator world ( as I do, so I learnt the basics of Groovy this way ).

The other option is to implement CI/CD using the commonly used source hosting platforms; GitHub and GitLab.

Read more...