Removed server_ for better overview

2025-08-29 15:06:26 +02:00 · 2023-08-22 22:53:44 +02:00
parent 571bed27a3
commit 4254642313
246 changed files with 45 additions and 45 deletions
--- a/roles/user-administrator/Readme.md
+++ b/roles/user-administrator/Readme.md
@@ -0,0 +1,6 @@
+# Role Administrator
+This role creates an standard administrator user.
+This user needs to type in his password before executing sudo.
+For security reasons it's recommended to use this user instead of the standard root user.
+This user should not be used to login to other systems. It's just there to let administration tasks run.
+For this reason no ssh-keys are generated.
--- a/roles/user-administrator/files/administrator
+++ b/roles/user-administrator/files/administrator
@@ -0,0 +1 @@
+administrator ALL=(ALL) ALL
--- a/roles/user-administrator/meta/main.yml
+++ b/roles/user-administrator/meta/main.yml
@@ -0,0 +1,3 @@
+dependencies:
+- server_native-sudo
+- independent_user-administrator
--- a/roles/user-administrator/tasks/main.yml
+++ b/roles/user-administrator/tasks/main.yml
@@ -0,0 +1,24 @@
+- name: create {{path_administrator_home}}.ssh/authorized_keys
+  copy:
+    src: "{{ inventory_dir }}/files/{{ inventory_hostname }}{{path_administrator_home}}.ssh/authorized_keys"
+    dest: "{{path_administrator_home}}.ssh/authorized_keys"
+    owner: administrator
+    group: administrator
+    mode: '0644'
+
+- name: grant administrator sudo rights with password
+  copy:
+    src: "administrator"
+    dest: /etc/sudoers.d/administrator
+    mode: '0644'
+    owner: root
+    group: root
+  notify: sshd restart
+
+- name: "create {{path_administrator_home}}volumes/"
+  file:
+    path: "{{path_administrator_home}}volumes"
+    state: directory
+    owner: administrator
+    group: administrator
+    mode: 0700