Merge changes for consistency

README.md

@@ -1,11 +1,24 @@
-# ansible-experiments
-:microscope: Ansible experimentation
+# Ansible Playbook Experiments
 
-![](https://thumbs.gfycat.com/FalseGranularDogwoodclubgall-size_restricted.gif)
+Paid for by [Bryan Black](https://bringyourwallet.com/donate), for the benefit of all lazy sysadmins. <sub>[What's ansible?](https://docs.ansible.com/)</sub>
 
+Special thanks to the helpful devs that contributed their expertise.
 
-### [Use _Ansible_ to install OS updates](/package_updates)
 
+## What can these playbooks do?
+
+Features                                         | Ubuntu | Debian | FreeBSD | 
+-------------------------------------------------|--------|--------|---------|
+💾 [Update packages and OS][pkg_upd]                | ✅     | ✅     | ✅     |
+☁️ [Make & Cleanup EC2 AMI snapshots][ami]          | ✅     | ✅     | ✅     |
+🎛 [User account and dot file management][usr_mgmt] | ✅     | ✅     | ✅     |
+
+[pkg_upd]: /package_updates
+[ami]: /cleanup_ami_snapshots
+[usr_mgmt]: /add-users-groups-authorized_keys-dot-files
+
+---
+![](https://cdn.ipfu.org/git/assets/gif/shell-ansible-experiments.gif)
 
 ## Contributors
 
@@ -37,7 +50,7 @@ $50/month  | [Tugger Hosting][thgh]    | [tuggerhosting.com][th]
 
 ## Support Development
 
-### **[Support Now](https://reelsense.tv/donate)**
+### **[Support Now](https://bringyourwallet.com/donate)**
 
 
 ## Community Discussion

add-users-groups-authorized_keys-dot-files/README.md

@@ -0,0 +1,53 @@
+# Users and ssh-configAnsible roles
+This repo contains 2 roles:
+
+- **users**: Add users and configure `.bashrc` and `authorized_keys`
+- **ssh-config**: Configures a user's `~/.ssh/config`
+
+Both roles make use of the same _users_ variable and are created to give users the freedom to add their own configuration outside of Ansible.
+
+Detailed configuration can be found in the README files inside the role's folders.
+
+## Contributors
+
+Thanks goes to these wonderful people:
+
+<!-- ALL-CONTRIBUTORS-LIST:START - Do not remove or modify this section -->
+| [<img src="https://avatars2.githubusercontent.com/u/382239" width="100px;"/><br /><sub>Serge van Ginderachter</sub>](https://github.com/srgvg)<br />[📖](https://github.com/stationgroup/ansible-experiments/commits?author=srgvg) | [<img src="https://avatars1.githubusercontent.com/u/676958" width="100px;"/><br /><sub>Vincent Van der Kussen</sub>](https://github.com/vincentvdk)<br />[📖](https://github.com/stationgroup/ansible-experiments/commits?author=vincentvdk) | [<img src="https://avatars.githubusercontent.com/u/5644977?v=3" width="100px;"/><br /><sub>Bryan Black</sub>](https://bringyourwallet.com)<br />[📖](https://github.com/stationgroup/ansible-experiments/commits?author=reelsense) 
+| :---: | :---: | :---: |
+
+<!-- ALL-CONTRIBUTORS-LIST:END -->
+
+Contributions of any kind are welcome!
+
+
+# Top Supporters
+
+Monthly supporters only.
+
+Amount     | Supporter Name            | Supporter Domain       
+-----------|---------------------------|------------------------
+$50/month  | [Tugger Hosting][thgh]    | [tuggerhosting.com][th]
+
+[reelsense]: https://github.com/reelsense
+[byw]: http://frothymix.info
+[thgh]: https://github.com/TuggerHosting
+[th]: https://tuggerhosting.com/
+[ydn]: https://yelladognetworks.com
+
+
+## Support Development
+
+### **[Support Now](https://bringyourwallet.com/donate)**
+
+
+## Community Discussion
+
+Text and voice chat on the public mumble server.
+
+**Join the Public Mumble**
+
+Server: `pub.bringyourwallet.com`
+
+Port: `64738`
+

add-users-groups-authorized_keys-dot-files/ansible.cfg

@@ -0,0 +1,17 @@
+[ssh_connection]
+
+[defaults]
+retry_files_enabled = False
+retry_files_save_path = /tmp/
+inventory=./hosts
+host_key_checking=False
+gathering = smart
+stdout_callback=unixy
+#stdout_callback=debug
+
+[privilege_escalation]
+become=True
+become_method=sudo
+become_user=root
+#become_ask_pass=False
+

add-users-groups-authorized_keys-dot-files/group_vars/all

@@ -0,0 +1,47 @@
+---
+user_groups:
+  - name: mygroup
+    gid: 700
+  - name: mysecondgroup
+    gid: 702
+    state: absent
+  - name: admin
+    gid: 703
+    state: present
+
+
+users:
+  - name: remember
+    state: present 
+    password: "blabla"
+    groups:
+      - mygroup
+      - admin
+    uid: 1100
+    enable_sudo: false
+    keys:
+      - file: key1
+        state: present
+    bash_lines:
+      - line: "#testline"
+        state: present
+      - line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"'
+        state: present
+      - line: "alias ls='ls lah'"
+        state: present
+    bash_blocks:
+      - content: |
+          #testing
+          #multiline
+        state: absent
+    ssh_config:
+      - line: "ServerAliveInterval: 10"
+      - line: "Compression no"
+  - name: test
+    state: present
+    keys:
+      - file: key2
+        state: absent
+    csh_lines:
+      - line: "alias ls ls -lah"
+        state: present

add-users-groups-authorized_keys-dot-files/hosts

@@ -0,0 +1,3 @@
+10.106.116.157 ansible_user=root
+10.106.116.139 ansible_user=root
+#34.242.108.38 ssh_short_name=freebsd1 ansible_user=ec2-user ansible_python_interpreter=/usr/local/bin/python2.7

add-users-groups-authorized_keys-dot-files/roles/README.md

@@ -0,0 +1,5 @@
+# NOTICE
+
+You can safely ignore `ssh-config/` and focus on all your user managment needs via [`users/`][1] and the [README.md][1] in there.
+
+[1]: users/

add-users-groups-authorized_keys-dot-files/roles/ssh-config/README.md

@@ -0,0 +1,90 @@
+# ssh-config
+Ansible role to configure a user's `~/.ssh/config` file. This will add a
+configuration in the ssh config file for each host in the inventory.
+
+**NOTE: this role works in conjunction with the _users_ variable**
+
+## Variables 
+
+| _variable name_   | Description                                   | 
+| ---:            |---                                            |
+| ssh_short_name  | host identifier name in the ssh config.<br>This should be added to the _host variables_  |
+| ssh_config      | name of the key in the *users* variable. Contains a list of
+key/value items| 
+
+## Example:
+
+**Host inventory**
+```
+10.106.116.157 ssh_short_name=host1
+10.106.116.139 ssh_short_name=host2
+```
+
+**Variables**
+populate the *ssh_config* key.
+```
+users:
+  - name: remember
+    state: present
+    password: "blabla"
+    groups:
+      - mygroup
+    uid: 1100
+    keys:
+      - file: key1
+        state: present
+    shell_lines:
+      - line: "testline"
+        state: present
+      - line: 'export SSH_AUTH_SOCK="${HOME}/.gnupg/S.gpg-agent.ssh"'
+        state: present
+      - line: "alias ls='ls lah'"
+        state: present
+    ssh_config:
+      - line: "ServerAliveInterval: 10"
+      - line: "Compression no"
+```
+
+**Result:**
+```
+# BEGIN ANSIBLE MANAGED BLOCK
+Host host1
+    Hostname 10.106.116.157
+    RemoteForward /home/remember/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent
+    RemoteForward /home/remember/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh
+    ServerAliveInterval 10
+Host host2
+    Hostname 10.106.116.139
+    RemoteForward /home/remember/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent
+    RemoteForward /home/remember/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh
+    ServerAliveInterval 10
+# END ANSIBLE MANAGED BLOCK
+
+```
+
+**Break down**
+
+The host identifier is populated with the `ssh_short_name` host variable.
+```
+Host host1
+```
+
+The `Hostname` is populated with the `inventory_hostname` variable
+```
+Hostname 10.106.116.139
+```
+
+These lines are added by default:
+```
+RemoteForward /home/remember/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent
+RemoteForward /home/remember/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh
+```
+
+Everything below this is populated with the key/values defined in the
+`ssh_config` list of the `users` variable
+
+```
+ServerAliveInterval 10
+```
+
+

add-users-groups-authorized_keys-dot-files/roles/ssh-config/tasks/main.yml

@@ -0,0 +1,91 @@
+---
+- name: Check if user has ~/.ssh/config | Debian/Ubuntu systems.
+  stat:
+    path: "/home/{{ item.name }}/.ssh/config"
+  with_items: "{{ users }}"
+  register: sshconfig
+  when: item.name != 'ec2-user' and ansible_os_family == 'Debian'
+
+- name: Check if user has ~/.ssh/config | FreeBSD systems.
+  stat:
+    path: "/home/{{ item.name }}/.ssh/config"
+  with_items: "{{ users }}"
+  register: sshconfig
+  when: item.name != 'ubuntu' and ansible_os_family == 'FreeBSD'
+
+- name: debug
+  debug: "{{ item.item.name }}"
+  with_items:
+    - "{{ sshconfig.results }}"
+
+- name: Create ~/.ssh/config when absent
+  file:
+    path: "/home/{{ item.item.name }}/.ssh/config"
+    owner: "{{ item.item.name }}"
+    group: "{{ item.item.name }}"
+    mode: 0600
+    state: touch
+  when: item.stat is defined and  item.stat.exists == False and item.item.state == "present"
+  with_items:
+    - "{{ sshconfig.results }}"
+  no_log: True
+
+
+- name: CHECK VARS
+  debug:
+    msg: "{{ item.1 }}"
+  with_subelements:
+    - "{{ users }}"
+    - ssh_config
+    - skip_missing: true
+  when: item.0.state == "present"
+
+- name: Configure ~/.ssh/config
+  blockinfile:
+    #path: "/home/{{ item.0.name  }}/.ssh/config"
+    path: "/home/{{ item.name  }}/.ssh/config"
+    #owner: "{{ item.0.name }}"
+    owner: "{{ item.name }}"
+    #group: "{{ item.0.name }}"
+    group: "{{ item.name }}"
+    mode: 0600
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    content: |
+      {% for host in groups['all'] -%} 
+      Host {{ hostvars[host]['ansible_hostname'] }}
+          Hostname {{ hostvars[host]['inventory_hostname'] }}
+          RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent
+          RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh
+      {% for item in item.ssh_config %}
+          {{ item.line }}
+      {% endfor %}
+      {% endfor %}
+  with_items:
+    - "{{ users }}"
+    - skip_missing: true
+  when: item.ssh_config is defined and item.state == "present" and item.name != 'ec2-user' and ansible_os_family == 'Debian'
+
+- name: Configure ~/.ssh/config FreeBSD
+  blockinfile:
+    #path: "/home/{{ item.0.name  }}/.ssh/config"
+    path: "/home/{{ item.name  }}/.ssh/config"
+    #owner: "{{ item.0.name }}"
+    owner: "{{ item.name }}"
+    #group: "{{ item.0.name }}"
+    group: "{{ item.name }}"
+    mode: 0600
+    marker: "# {mark} ANSIBLE MANAGED BLOCK"
+    content: |
+      {% for host in groups['all'] -%}
+      Host {{ hostvars[host]['ansible_hostname'] }}
+          Hostname {{ hostvars[host]['inventory_hostname'] }}
+          RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent $HOME/.gnupg/S.gpg-agent
+          RemoteForward /home/{{ item.name }}/.gnupg/S.gpg-agent.ssh $HOME/.gnupg/S.gpg-agent.ssh
+      {% for item in item.ssh_config %}
+          {{ item.line }}
+      {% endfor %}
+      {% endfor %}
+  with_items:   
+    - "{{ users }}"
+    - skip_missing: true
+  when: item.ssh_config is defined and item.state == "present" and item.name != 'ubuntu' and ansible_os_family == 'FreeBSD'