Jose/ansible-role-debian_common
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Jose:33f7b592510a80d04b4fd6a493d92683765d6d3c
Branches Tags
Jose:main Jose:mydev
...
compare: Jose:mydev
Branches Tags
Jose:mydev Jose:main

4 Commits
33f7b59251 ... mydev

Author SHA1 Message Date
Jose
9c58518e77 feat : Import unprivileged user task 
This commit introduces the `unpriv-user.yml` task, enabling the creation of unprivileged user accounts. This addition expands user management capabilities, allowing for more granular control over user permissions and access within the system. The task facilitates the streamlined setup of users without requiring elevated privileges.
 2025-12-14 06:19:41 +01:00
Jose
1551565825 fix 🐛: Remove unprivileged key management 
This commit addresses a security concern by removing unnecessary and potentially risky tasks related to authorized key management for unprivileged users. This simplifies the system and reduces the attack surface. The changes align with best practices for user access control.
 2025-12-14 06:19:09 +01:00
Jose
3dec85c5a8 chore 📦: Import color-shell and edit-journald tasks 
This commit integrates the color-shell and edit-journald tasks into the main YAML configuration. These tasks are now included as part of the project's workflow, streamlining the process for managing shell color customization and system journald settings.  This ensures consistent and organized handling of these specific configurations.
 2025-12-14 06:10:42 +01:00
Jose
1cd309c151 fix 🐛: Define user and password variables 
This commit updates the `main.yml` file to explicitly define essential user and password variables. This ensures the application has the necessary credentials for proper operation and enhances security by centralizing configuration.  The changes improve the script's usability and setup process.
 2025-12-13 10:09:04 +01:00
3 changed files with 27 additions and 30 deletions
Expand all files Collapse all files

7
defaults/main.yml
View File

@@ -7,7 +7,6 @@ allow_world_readable_tmpfiles: true
ansible_user_id: root ansible_user_id: root
interactive_user: interactive_user: "{{ remote_user | default('ansible') }}"
interactive_home: interactive_home: "/home/{{ interactive_user}}"
interactive_password: interactive_password: "{{ test_password }}"

10
tasks/main.yml
View File

@@ -10,9 +10,8 @@
# - name: Make /tmp non-executable # - name: Make /tmp non-executable
# ansible.builtin.import_tasks: tmp-nonexec.yml # ansible.builtin.import_tasks: tmp-nonexec.yml
# not sure if needed, but I'll leave it here as a reference if needed. - name: Import tasks to ensure creation of unprivileged user
# - name: Import tasks to ensure creation of unprivileged user ansible.builtin.import_tasks: unpriv-user.yml
# ansible.builtin.import_tasks: unpriv-user.yml
- name: Import custom fact setting - name: Import custom fact setting
ansible.builtin.import_tasks: custom-fact.yml ansible.builtin.import_tasks: custom-fact.yml
@@ -28,9 +27,8 @@
# - name: Import firmware tasks # - name: Import firmware tasks
# ansible.builtin.import_tasks: additional-firmware.yml # ansible.builtin.import_tasks: additional-firmware.yml
# not sure if needed, but I'll leave it here as a reference if needed. - name: Import color-shell tasks for the common-role
# - name: Import color-shell tasks for the common-role ansible.builtin.import_tasks: color-shell.yml
# ansible.builtin.import_tasks: color-shell.yml
- name: Import journald tasks for the common-role - name: Import journald tasks for the common-role
ansible.builtin.import_tasks: edit-journald.yml ansible.builtin.import_tasks: edit-journald.yml

40
tasks/unpriv-user.yml
View File

@@ -10,28 +10,28 @@
skeleton: /etc/skel skeleton: /etc/skel
append: true append: true
- name: Check the primary key for the unprivileged user # - name: Check the primary key for the unprivileged user
ansible.posix.authorized_key: # ansible.posix.authorized_key:
user: "{{ interactive_user }}" # user: "{{ interactive_user }}"
key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}" # key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
state: present # state: present
exclusive: false # exclusive: false
register: setkey # register: setkey
- name: Re-set the primary key as exclusive, if we found that the key was not present yet # noqa: no-handler # - name: Re-set the primary key as exclusive, if we found that the key was not present yet # noqa: no-handler
when: setkey.changed # when: setkey.changed
ansible.posix.authorized_key: # ansible.posix.authorized_key:
user: "{{ interactive_user }}" # user: "{{ interactive_user }}"
key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}" # key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
state: present # state: present
exclusive: true # exclusive: true
- name: Set the secondary key for the unprivileged user # - name: Set the secondary key for the unprivileged user
ansible.posix.authorized_key: # ansible.posix.authorized_key:
user: "{{ interactive_user }}" # user: "{{ interactive_user }}"
key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-2.pub') }}" # key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-2.pub') }}"
state: present # state: present
exclusive: false # exclusive: false
- name: Install required package to become unprivileged users - name: Install required package to become unprivileged users
ansible.builtin.apt: ansible.builtin.apt: