feat ✨: Import unprivileged user task

This commit introduces the `unpriv-user.yml` task, enabling the creation of unprivileged user accounts. This addition expands user management capabilities, allowing for more granular control over user permissions and access within the system. The task facilitates the streamlined setup of users without requiring elevated privileges.
fix 🐛: Remove unprivileged key management
2025-12-14 06:19:41 +01:00 · 2025-12-14 06:19:09 +01:00 · 2025-12-14 06:10:42 +01:00 · 2025-12-13 10:09:04 +01:00
3 changed files with 27 additions and 30 deletions
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -7,7 +7,6 @@ allow_world_readable_tmpfiles: true


 ansible_user_id: root
-interactive_user:
-interactive_home:
-interactive_password:
-
+interactive_user: "{{ remote_user | default('ansible') }}"
+interactive_home: "/home/{{ interactive_user}}"
+interactive_password: "{{ test_password }}"
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -10,9 +10,8 @@
 # - name: Make /tmp non-executable
 #   ansible.builtin.import_tasks: tmp-nonexec.yml

-# not sure if needed, but I'll leave it here as a reference if needed.
-# - name: Import tasks to ensure creation of unprivileged user
-#   ansible.builtin.import_tasks: unpriv-user.yml
+- name: Import tasks to ensure creation of unprivileged user
+  ansible.builtin.import_tasks: unpriv-user.yml

 - name: Import custom fact setting
  ansible.builtin.import_tasks: custom-fact.yml
@@ -28,9 +27,8 @@
 #     - name: Import firmware tasks
 #       ansible.builtin.import_tasks: additional-firmware.yml

-# not sure if needed, but I'll leave it here as a reference if needed.
-# - name: Import color-shell tasks for the common-role
-#   ansible.builtin.import_tasks: color-shell.yml
+- name: Import color-shell tasks for the common-role
+  ansible.builtin.import_tasks: color-shell.yml

 - name: Import journald tasks for the common-role
  ansible.builtin.import_tasks: edit-journald.yml
--- a/tasks/unpriv-user.yml
+++ b/tasks/unpriv-user.yml
@@ -10,28 +10,28 @@
    skeleton: /etc/skel
    append: true

- name: Check the primary key for the unprivileged user
-  ansible.posix.authorized_key:
-    user: "{{ interactive_user }}"
-    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
-    state: present
-    exclusive: false
-  register: setkey
+# - name: Check the primary key for the unprivileged user
+#   ansible.posix.authorized_key:
+#     user: "{{ interactive_user }}"
+#     key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
+#     state: present
+#     exclusive: false
+#   register: setkey

- name: Re-set the primary key as exclusive, if we found that the key was not present yet # noqa: no-handler
-  when: setkey.changed
-  ansible.posix.authorized_key:
-    user: "{{ interactive_user }}"
-    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
-    state: present
-    exclusive: true
+# - name: Re-set the primary key as exclusive, if we found that the key was not present yet # noqa: no-handler
+#   when: setkey.changed
+#   ansible.posix.authorized_key:
+#     user: "{{ interactive_user }}"
+#     key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-1.pub') }}"
+#     state: present
+#     exclusive: true

- name: Set the secondary key for the unprivileged user
-  ansible.posix.authorized_key:
-    user: "{{ interactive_user }}"
-    key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-2.pub') }}"
-    state: present
-    exclusive: false
+# - name: Set the secondary key for the unprivileged user
+#   ansible.posix.authorized_key:
+#     user: "{{ interactive_user }}"
+#     key: "{{ lookup('file', '../home/ssh-keys/' ~ interactive_user ~ '/' ~ interactive_user ~ '-yubi-2.pub') }}"
+#     state: present
+#     exclusive: false

 - name: Install required package to become unprivileged users
  ansible.builtin.apt:
Author	SHA1	Message	Date
Jose	9c58518e77	feat ✨: Import unprivileged user task This commit introduces the `unpriv-user.yml` task, enabling the creation of unprivileged user accounts. This addition expands user management capabilities, allowing for more granular control over user permissions and access within the system. The task facilitates the streamlined setup of users without requiring elevated privileges.	2025-12-14 06:19:41 +01:00
Jose	1551565825	fix 🐛: Remove unprivileged key management This commit addresses a security concern by removing unnecessary and potentially risky tasks related to authorized key management for unprivileged users. This simplifies the system and reduces the attack surface. The changes align with best practices for user access control.	2025-12-14 06:19:09 +01:00
Jose	3dec85c5a8	chore 📦: Import color-shell and edit-journald tasks This commit integrates the color-shell and edit-journald tasks into the main YAML configuration. These tasks are now included as part of the project's workflow, streamlining the process for managing shell color customization and system journald settings. This ensures consistent and organized handling of these specific configurations.	2025-12-14 06:10:42 +01:00
Jose	1cd309c151	fix 🐛: Define user and password variables This commit updates the `main.yml` file to explicitly define essential user and password variables. This ensures the application has the necessary credentials for proper operation and enhances security by centralizing configuration. The changes improve the script's usability and setup process.	2025-12-13 10:09:04 +01:00