geerlingguy.github-users

Panoramica Versioni Approfondimenti

Ansible Role: GitHub Users

CI

This Ansible role creates users on your system based on GitHub accounts.

It takes a GitHub username and sets up a matching system account. It also adds all the public keys linked to the GitHub account to the user's authorized_keys file.

This method is a simple way to manage public keys for users on your system!

Requirements

None.

Role Variables

Here are the variables you can use, along with their default values (see defaults/main.yml):

  • github_users: []

    • You can add users by providing their 'name' (required) and 'groups' (optional):
      • Example:
        - name: geerlingguy
  groups: www-data,sudo
    • Alternatively, just specify a GitHub username:
      • Example:
        - geerlingguy

    This list includes users to add to the server. If you use the 'name' format, that will be the username. You can also add them to one or more groups (besides just their username group).

  • github_users_absent: []

    • Here, you specify users who should not be on the server:
      • Example:
        - name: geerlingguy
    • Or you can use just the GitHub username:
      • Example:
        - geerlingguy

    This list will ensure that the specified user accounts are removed from the server.

  • github_users_authorized_keys_exclusive: true

    • This controls whether the authorized_keys file for each user only includes keys from their GitHub accounts. Set it to true if you only want users to log in with keys from their GitHub accounts.

  • github_url: https://github.com

    • By default, this role uses the public GitHub site. You can change this if you are using a different GitHub service (like GitHub Enterprise).

If you want users to be able to manage their own authorized_keys file, set this to no. This way, it adds new keys but does not remove any existing keys.

Dependencies

None.

Example Playbook

- hosts: servers
  
  vars:
    github_users:
      - name: geerlingguy
        groups: sudo,www-data
      - name: GrahamCampbell
      - fabpot  # direct GitHub username

    github_users_absent:
      - johndoe
      - name: josh
  
  roles:
    - geerlingguy.github-users

To keep users' keys updated, consider running this playbook regularly using cron (like every 5 or 10 minutes). This saves you from having to manually manage new keys.

License

MIT / BSD

Author Information

This role was created in 2017 by Jeff Geerling, who also wrote Ansible for DevOps.

Informazioni sul progetto

Create users based on GitHub accounts.

role accounts github pubkey security ssh system user
Installa
ansible-galaxy install geerlingguy.github-users
GitHub repository
64 stelle
20 fork
0 problemi aperti
Licenza
mit
Download
385k
Proprietario
Jeff Geerling
Father, author, developer, maker. Sometimes called "an inflammatory enigma". #stl #drupal #ansible #k8s #raspberrypi #crohns