pve_auth: create role

This commit is contained in:
jeltz 2023-04-05 22:06:50 +02:00
parent 32ed73735f
commit 8f51a2fb80
Signed by: jeltz
GPG key ID: 800882B66C0C3326
4 changed files with 46 additions and 0 deletions

View file

@ -0,0 +1,4 @@
---
pve_auth__groups: {}
pve_auth__users: {}
...

View file

@ -0,0 +1,17 @@
---
- name: Configure PVE users
template:
src: user.cfg.j2
dest: /etc/pve/user.cfg
owner: root
group: www-data
mode: u=rw,g=r,o=
- name: Configure PVE passwords
template:
src: shadow.cfg.j2
dest: /etc/pve/priv/shadow.cfg
owner: root
group: www-data
mode: u=rw,g=,o=
...

View file

@ -0,0 +1,7 @@
{{ ansible_managed | comment }}
{% for name, user in pve_auth__users.items() %}
{% if user.enabled | default(True) %}
{{ name }}:{{ user.password }}:
{% endif %}
{% endfor %}

View file

@ -0,0 +1,18 @@
{{ ansible_managed | comment }}
{% for name, user in pve_auth__users.items() %}
{% if user.enabled | default(True) %}
user:{{ name }}@pve:1:0::::::
{% endif %}
{% endfor %}
{% for group in pve_auth__groups.keys() %}
{% set users = pve_auth__users
| selectattr("groups", "defined")
| selectattr("groups", "contains", group) %}
group:{{ group }}:{{ users | join(",") }}::
{% endfor %}
{% for group, roles in pve_auth__groups.items() %}
acl:1:/:@{{ group }}:{{ roles | join(",") }}:
{% endfor %}