Update custom user role

2024-04-11 10:39:03 +02:00 · 2024-04-11 10:39:03 +02:00 · 90855de87a
commit 90855de87a
parent fb017565f4
7 changed files with 56 additions and 48 deletions
--- a/roles/cloudflare-ddns/tasks/main.yml
+++ b/roles/cloudflare-ddns/tasks/main.yml
@ -1,14 +1,10 @@
 ---
- include_vars: defaults.yml
+- include_vars: vault.yml
 # TODO: Configure ZSH correctly by reasusing the zsh role by running the commands as the new user.
 #       see: https://serverfault.com/questions/662443/running-ansible-task-as-a-specific-user
 - name: Create a new user
  ansible.builtin.include_role:
-    name: singleplatform-eng.users
-    apply:
-      become: true
+    name: user
  vars:
-    users:
-      - username: cloudflare_ddns
-        name: '-'
-        password: "{{ cloudflare_ddns_user_password_hash }}"
+    username: cloudflare_ddns
+    password: "{{ cloudflare_ddns_user_password }}"
--- a/roles/cloudflare-ddns/vars/defaults.yml
+++ b/roles/cloudflare-ddns/vars/defaults.yml
@ -1,13 +0,0 @@
-$ANSIBLE_VAULT;1.1;AES256
-38343230616338653130383466333361323362326431303133616166373864333766366263613134
-6533376165613166646366396366646663383937303835650a343134336239613266643931393766
-62613963313431626564616239333531643361653739396363343362313035646561656239656366
-6462636435353931350a626132313565636666653839653839666465363262663365643264383331
-31316338313262636263346339653030363831643133643837333666383363616331653432326164
-36383561393561643439363931343532626335363937303432653938633439663435666234646533
-63653730633333626430656663636130663962643765303236343763383965643535653566633766
-39323166633933646162633032336335386265386237383133653865343435386530386139613061
-33343738643736306630326235313730303661333431376238363334313463363734383730343638
-65303365343433326630323066376132376465333965343930363066363561663530306261303961
-37626233623762353632653039353231623432316232323831343262343731353533343863326135
-36313836646130333431
--- a/roles/cloudflare-ddns/vars/vault.yml
+++ b/roles/cloudflare-ddns/vars/vault.yml
@ -0,0 +1,9 @@
+$ANSIBLE_VAULT;1.1;AES256
+66356265626336393935313366363030306565343830633365383938383363376430326330633430
+6138653236396139613861393639303766633062323336310a373133336139316661383039303533
+63343563333232633166353061346630326339303062663066663464333733613164623864306264
+6165366331373734660a623664353734613037343537646135663239616239383136636562356137
+62646565626565663831396137313364626632353064633661333135636439663537343438653237
+66633733353435653031366533376463616335633131613862393764353337643665353464623939
+33613931343561316133386636613036666363663161353163306566393234323239643762386130
+35623434313161313034
--- a/roles/user/tasks/main.yml
+++ b/roles/user/tasks/main.yml
@ -1,14 +1,29 @@
 ---
 # The ZSH installation instructions are sourced from this blog:
 # https://harshithashok.com/tools/oh-my-zsh-with-starship/
- name: Install zsh # noqa: package-latest
+- name: Create a new user
+  become: true
+  ansible.builtin.user:
+    append: true
+    groups:
+      - users
+    name: "{{ username }}"
+    # Salt is necessary, see: https://stackoverflow.com/questions/56869949/ansible-user-module-always-shows-changed
+    password: "{{ password | password_hash('sha512', password_salt) }}"
+  when: username is not undefined # Skip when no user is provided, we'll asume we're targetting the Ansible user.
+- name: Set fact for defining the user which should run the next modules
+  ansible.builtin.set_fact:
+    target_user: "{{ ansible_facts['user_id'] if username is undefined else username }}"
+- name: Ensuring ZSH is installed # noqa: package-latest
  become: true
  ansible.builtin.apt:
    pkg:
-      - git
+      - acl # Needed to prevent this error: https://stackoverflow.com/questions/46352173/ansible-failed-to-set-permissions-on-the-temporary
      - zsh
    state: latest
 - name: Install Oh My ZSH # noqa: command-instead-of-module   ignore error since we're removing the script after install.
+  become: true
+  become_user: "{{ target_user }}"
  ansible.builtin.shell: |
    wget https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh
    chmod u+x install.sh
@ -28,21 +43,29 @@
    executable: /bin/bash
    creates: /usr/local/bin/starship
 - name: Install zsh-autosuggestions # noqa: command-instead-of-module   ignore error since we're removing the script after install.
+  become: true
+  become_user: "{{ target_user }}"
  ansible.builtin.command:
    cmd: git clone https://github.com/zsh-users/zsh-autosuggestions ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions
    creates: ~/.oh-my-zsh/custom/plugins/zsh-autosuggestions
 - name: Clear "ZSH_THEME" in ~/.zshrc
+  become: true
+  become_user: "{{ target_user }}"
  ansible.builtin.lineinfile:
    path: ~/.zshrc
    regexp: '^ZSH_THEME="[^"]+"$'
    line: ZSH_THEME=""
 - name: Add the zsh-autosuggestions plugin in ~/.zshrc
+  become: true
+  become_user: "{{ target_user }}"
  ansible.builtin.lineinfile:
    path: ~/.zshrc
    regexp: '^plugins=\((.*)(?<!zsh-autosuggestions)\)$'
    line: 'plugins=(\1 zsh-autosuggestions)'
    backrefs: true
 - name: Add Starship eval in ~/.zshrc
+  become: true
+  become_user: "{{ target_user }}"
  ansible.builtin.blockinfile:
    path: ~/.zshrc
    block: |-
@ -52,5 +75,5 @@
 - name: Change the default shell of the current user
  become: true
  ansible.builtin.user:
-    name: "{{ ansible_facts['user_id'] }}"
-    shell: /bin/zsh
+    name: "{{ target_user }}"
+    shell: /usr/bin/zsh