update

2 years ago · a4c3c076a3
4 changed files with 87 additions and 2 deletions
--- a/Inventories/test/host_vars/ansible-test01.yml
+++ b/Inventories/test/host_vars/ansible-test01.yml
@ -45,4 +45,14 @@ tcp_ports:
  - "8880"

 udp_ports:
-  - "3478"
+  - "3478"
+
+ssh_pub_key: "<pub-key-from-client>"
+
+admin_users:
+  - admin-johannes
+  - admin-daniel
+  - admin-dirk
+  - admin-martin
+
+groups_to_add: "sudo,docker"
--- a/Inventories/test/host_vars/ansible-test02.yml
+++ b/Inventories/test/host_vars/ansible-test02.yml
@ -45,4 +45,14 @@ tcp_ports:
  - "8880"

 udp_ports:
-  - "3478"
+  - "3478"
+
+ssh_pub_key: "<pub-key-from-client>"
+
+admin_users:
+  - admin-johannes
+  - admin-daniel
+  - admin-dirk
+  - admin-martin
+
+groups_to_add: "sudo,docker"
--- a/ansible-setup_admins.yml
+++ b/ansible-setup_admins.yml
@ -0,0 +1,14 @@
+---
+- name: Setup Admin Users
+  hosts: all
+  become: true
+
+  tasks:
+    - name: Add admin users and assign groups
+      ansible.builtin.user:
+        name: "{{ item.name }}"
+        groups: "{{ groups_to_add }}"
+        append: yes
+        create_home: yes
+        shell: /bin/bash
+      loop: "{{ admin_users }}"
--- a/ansible-setup_ssh_tunnel.yml
+++ b/ansible-setup_ssh_tunnel.yml
@ -0,0 +1,51 @@
+---
+- name: Setup autossh-tunnel user for SSH tunneling
+  hosts: all
+  become: true
+
+  tasks:
+    - name: Create SSH configuration for autossh-tunnel
+      ansible.builtin.copy:
+        dest: /etc/ssh/sshd_config.d/autossh-tunnel.conf
+        content: |
+          # Custom autossh-tunnel Settings
+          Match User autossh-tunnel
+            AllowTcpForwarding yes
+            PubkeyAuthentication yes
+            PasswordAuthentication no
+            AllowAgentForwarding no
+            ForceCommand /bin/false
+            X11Forwarding no
+        owner: root
+        group: root
+        mode: '0644'
+        validate: /usr/sbin/sshd -t -f %s
+
+    - name: Add autossh-tunnel user
+      ansible.builtin.user:
+        name: autossh-tunnel
+        comment: "autossh-tunnel user"
+        uid: 33333
+        group: nogroup
+        home: /home/autossh-tunnel
+        shell: /bin/false
+        create_home: yes
+        system: yes
+
+    - name: Setup authorized_keys for autossh-tunnel
+      ansible.builtin.blockinfile:
+        path: /home/autossh-tunnel/.ssh/authorized_keys
+        create: yes
+        block: |
+          {{ ssh_pub_key }} autossh-tunnel
+        owner: autossh-tunnel
+        group: nogroup
+        mode: '0600'
+
+    - name: Set permissions for .ssh directory
+      ansible.builtin.file:
+        path: /home/autossh-tunnel/.ssh
+        state: directory
+        owner: autossh-tunnel
+        group: nogroup
+        mode: '0700'