GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → geerlingguy → ansible-role-github-users

geerlingguy / ansible-role-github-users

Licence: MIT license
Ansible Role - GitHub Users

Labels

githubsshansibleauthorized-keysansible-roleusersroleaccount-management

Projects that are alternatives of or similar to ansible-role-github-users

ansible-role-mysql
Ansible Role - MySQL and MariaDB
Stars: ✭ 28 (-42.86%)
Mutual labels:  ansible-role, role
ansible-role-admin-users
Ansible role to manage admin users, authorized keys and sudo access.
Stars: ✭ 18 (-63.27%)
Mutual labels:  authorized-keys, ansible-role
ansible-concourse
An ansible role to manage Concourse CI
Stars: ✭ 22 (-55.1%)
Mutual labels:  ansible-role, role
Ansible Transmission
🕹 A TransmissionBT installation role for Ansible
Stars: ✭ 8 (-83.67%)
Mutual labels:  ansible-role, role
ansible-role-php-pecl
Ansible Role - PHP PECL extension
Stars: ✭ 29 (-40.82%)
Mutual labels:  role
Ansible Datadog
Ansible role for Datadog Agent
Stars: ✭ 223 (+355.1%)
Mutual labels:  ansible-role
Ansible Role Zsh
Setup antigen with oh-my-zsh, powerlevel10k theme, fzf, autosuggestions, syntax-highlighting
Stars: ✭ 210 (+328.57%)
Mutual labels:  ansible-role
Rbenv
Ansible role for installing rbenv.
Stars: ✭ 187 (+281.63%)
Mutual labels:  ansible-role
ansible-cloudflared
Install cloudflared and systemd service for DNS-Over-HTTPS
Stars: ✭ 18 (-63.27%)
Mutual labels:  ansible-role
ansible-role-pimpmylog
DEPRECATED Ansible Role - Pimp my Log
Stars: ✭ 14 (-71.43%)
Mutual labels:  role
ssh-crypt
🔒 Share AES-256 encrypted vault file with your teammates using only ssh authorized_keys!
Stars: ✭ 17 (-65.31%)
Mutual labels:  authorized-keys
Ansible Role Awx
Ansible Role - AWX
Stars: ✭ 228 (+365.31%)
Mutual labels:  ansible-role
ansible-role-tailscale
Ansible role to install and configure a Tailscale node.
Stars: ✭ 189 (+285.71%)
Mutual labels:  ansible-role
Ansible Role Unattended Upgrades
Setup unattended-upgrades on Debian-based systems
Stars: ✭ 220 (+348.98%)
Mutual labels:  ansible-role
wp-user-avatars
Allows registered users to upload and select their own avatars
Stars: ✭ 32 (-34.69%)
Mutual labels:  users
Ansible Vault
🔑 Ansible role for Hashicorp Vault
Stars: ✭ 189 (+285.71%)
Mutual labels:  ansible-role
ansible-role-virtualbox
Ansible Role - Installs headless Virtualbox and phpVirtualbox for remote access through Web GUI
Stars: ✭ 14 (-71.43%)
Mutual labels:  ansible-role
Rvm1 Ansible
The official ansible RVM role to install and manage your Ruby versions.
Stars: ✭ 246 (+402.04%)
Mutual labels:  ansible-role
Ansible Playbook Grapher
A command line tool to create a graph representing your Ansible playbook tasks and roles
Stars: ✭ 234 (+377.55%)
Mutual labels:  ansible-role
UBUNTU20-CIS
Ansible role for Ubuntu 2004 CIS Baseline
Stars: ✭ 136 (+177.55%)
Mutual labels:  ansible-role
View All Similar Projects ➔

Ansible Role: GitHub Users

CI

Create users based on GitHub accounts.

This role will take a GitHub username and create a system account with the same username, and will add all the pubkeys associated with the GitHub account to the user's authorized_keys.

It's kind of a cheap way to do public key management for users on your system... but it works!

Requirements

None.

Role Variables

Available variables are listed below, along with default values (see defaults/main.yml):

github_users: []
  # You can specify an object with 'name' (required) and 'groups' (optional):
  # - name: geerlingguy
  #   groups: www-data,sudo

  # Or you can specify a GitHub username directly:
  # - geerlingguy

A list of users to add to the server; the username will be the name (or the bare list item, if it's a string instead of an object). You can add the user to one or more groups (in addition to the [username] group) by adding them as a comma-separated list in groups.

github_users_absent: []
  # You can specify an object with 'name' (required):
  # - name: geerlingguy

  # Or you can specify a GitHub username directly:
  # - geerlingguy

A list of users who should not be present on the server. The role will ensure these user accounts are removed.

github_users_authorized_keys_exclusive: true

Whether the users' authorized_keys files should exclusively contain keys from their GitHub account. This should normally be set to true if you are only allowing users to log in using keys available in their GitHub accounts.

github_url: https://github.com

By default, use public GitHub (i.e. https://github.com) as the source for users/keys. Override this to use a different GitHub instance/endpoint (e.g. GitHub Enterprise).

If you need to give the user the ability to self-manage their authorized_keys file, then you should set this to no, and it will only append new keys, but never remove any additional keys (e.g. old keys removed from their GitHub profile, or keys the end user added manually) from the file.

Dependencies

None.

Example Playbook

- hosts: servers

  vars:
    github_users:
      # You can specify the `name`:
      - name: geerlingguy
        groups: sudo,www-data
      - name: GrahamCampbell
      # Or if you don't need to override anything, you can specify the
      # GitHub username directly:
      - fabpot

    github_users_absent:
      - johndoe
      - name: josh

  roles:
    - geerlingguy.github-users

If you want to make sure users' public keys are in sync, it is best to run the playbook on a cron, e.g. every 5 min, 10 min, or some other interval. That way you don't have to manually add new keys for users.

License

MIT / BSD

Author Information

This role was created in 2017 by Jeff Geerling, author of Ansible for DevOps.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].