+ Docker user

2022-06-13 23:13:55 -07:00 · 2022-06-13 23:13:55 -07:00 · 1ab3137444
commit 1ab3137444
parent 92733f6613
1 changed files with 39 additions and 0 deletions
--- a/playbooks/alpha/docker-user.yml
+++ b/playbooks/alpha/docker-user.yml
@ -0,0 +1,39 @@
+# This playbook creates an ssh accessed user that is part of the docker group
+# The reason for this is to create a user that can access docker services but
+# not have root permissions to the host machine itself.
+
+---
+- hosts: alpha
+  remote_user: ubuntu
+  become:  yes
+  vars:
+    NAME: dockerlass
+  tasks:
+    - name: Ensure Docker Group exists
+      group:
+        name: docker 
+        state: present
+
+    - name: Ensure Docker-Only User exists and is part of the Docker group
+      user:
+        state: present
+        name: "{{ NAME }}"
+        create_home: true
+        groups: docker
+
+    - name: Ensure safe ~/.ssh directory
+      file:
+        path: "/home/{{NAME}}/.ssh"
+        state: directory
+        mode: 0700
+        owner: "{{ NAME }}"
+
+    - name: Ensure safe Authorized keys file
+      copy:
+        src: "{{ DOCKERLASS_PUB_KEY_PATH }}"
+        dest: "/home/{{NAME}}/.ssh/authorized_keys"
+        mode: 0600
+        owner: "{{ NAME }}"
+      
+   
+