Create necessary system users.

diff --git a/README b/README
index 8405adf1817637d8728146c0b63177540580bc4d..6226871178e0bb694085f4b687207e684f368a4c 100644 (file)
--- a/README
+++ b/README
@@ -3,10 +3,18 @@ turnup
 
 Automation scripts for turning up system configuration.
 
+Install
+-------
+
+```
+ansible-galaxy collection install ansible.posix
+```
+
 Instructions
 ------------
 
 ```
 ansible-playbook turnup.yaml --extra-vars @<credentials_file>.yaml \
+  --extra-vars ssh_key=<path_to_ssh_public_key> \
   --extra-vars key_file=<path_to_fernet_key> --ask-vault-password
 ```

diff --git a/turnup.yaml b/turnup.yaml
index 4f13818f1f423d9ba7d161f6fbd4a71f4b48a28f..39ef55839c0839562456565a4881200b24989ebe 100644 (file)
--- a/turnup.yaml
+++ b/turnup.yaml
@@ -1,6 +1,9 @@
 # Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
 # License: GPL-3.0 or later.
 
+- name: Ensure necessary users exist
+  import_playbook: users.yaml
+
 - hosts: servers
   vars_files:
     - sources.yaml

diff --git a/users.yaml b/users.yaml
new file mode 100644 (file)
index 0000000..16081f5
--- /dev/null
+++ b/users.yaml
@@ -0,0 +1,32 @@
+# Copyright (c) 2023 Jakub Czajka <jakub@ekhem.eu.org>
+# License: GPL-3.0 or later.
+
+- hosts: servers
+  tasks:
+    - name: Install git
+      package:
+        name:
+          - git
+        state: latest
+      become: yes
+    - name: Ensure user git exists
+      user:
+        name: "git"
+      become: yes
+    - name: Copy the SSH key for user git
+      authorized_key:
+        user: "git"
+        state: present
+        key: "{{ lookup('file', '{{ ssh_key }}') }}"
+        key_options: >
+          "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty"
+      become: true
+    - name: Ensure git uses the git-web shell
+      user:
+        name: "git"
+        shell: "/usr/bin/git-shell"
+      become: yes
+    - name: Ensure user opendkim exists
+      user:
+        name: "opendkim"
+      become: yes