2024-10-26 16:23:45 +02:00
|
|
|
---
|
|
|
|
|
- name: Ensure that unprivileged user is present
|
|
|
|
|
ansible.builtin.user:
|
|
|
|
|
name: "{{ interactive_user }}"
|
|
|
|
|
shell: /bin/bash
|
|
|
|
|
home: "{{ interactive_home }}"
|
|
|
|
|
password: "{{ interactive_password }}"
|
|
|
|
|
groups: sudo
|
|
|
|
|
create_home: true
|
|
|
|
|
skeleton: /etc/skel
|
|
|
|
|
append: true
|
|
|
|
|
|
2024-11-03 16:08:41 +01:00
|
|
|
- name: Check the primary key for the unprivileged user
|
|
|
|
|
ansible.posix.authorized_key:
|
|
|
|
|
user: "{{ interactive_user }}"
|
|
|
|
|
key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-1.pub') }}"
|
|
|
|
|
state: present
|
|
|
|
|
exclusive: false
|
|
|
|
|
register: setkey
|
|
|
|
|
|
|
|
|
|
- name: Re-set the primary key as exclusive, if we found that the key was not present yet # noqa: no-handler
|
|
|
|
|
when: setkey.changed
|
2024-10-26 16:23:45 +02:00
|
|
|
ansible.posix.authorized_key:
|
|
|
|
|
user: "{{ interactive_user }}"
|
|
|
|
|
key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-1.pub') }}"
|
|
|
|
|
state: present
|
|
|
|
|
exclusive: true
|
|
|
|
|
|
|
|
|
|
- name: Set the secondary key for the unprivileged user
|
|
|
|
|
ansible.posix.authorized_key:
|
|
|
|
|
user: "{{ interactive_user }}"
|
|
|
|
|
key: "{{ lookup('file', '../home/ssh-keys/{{ interactive_user }}/{{ interactive_user }}-yubi-2.pub') }}"
|
|
|
|
|
state: present
|
2024-11-03 16:08:41 +01:00
|
|
|
exclusive: false
|
2024-10-26 16:23:45 +02:00
|
|
|
|
|
|
|
|
- name: Install required package to become unprivileged users
|
|
|
|
|
ansible.builtin.apt:
|
|
|
|
|
name: acl
|
|
|
|
|
state: present
|
