dolibarr/ansible/org-access.yml

@@ -0,0 +1,42 @@
+# SPDX-FileCopyrightText: 2023 Aravinth Manivannan <realaravinth@batsense.net>
+#
+# SPDX-License-Identifier: AGPL-3.0-or-later
+
+---
+- name: Create users for organization's sysadmins
+  hosts: dolibar
+  remote_user: debian
+  vars:
+    members:
+      - { "name": aravinth, ssh_key_file: "artifacts/aravinth.pub" }
+      - { "name": harsha, ssh_key_file: "artifacts/harsha.pub" }
+
+  pre_tasks:
+    - name: Ensure all VMs are reachable
+      ansible.builtin.ping:
+
+  tasks:
+    - name: Create user "{{ item.name }}"
+      become: true
+      notify: force change password
+      ansible.builtin.user:
+        name: "{{ item.name }}"
+        shell: /bin/bash
+        groups: sudo
+        state: present
+      loop: "{{ members }}"
+
+
+    - name: Install SSH keys
+      become: true
+      ansible.posix.authorized_key:
+        user: "{{ item.name }}"
+        state: present
+        key: "{{ lookup('file', item.ssh_key_file) }}"
+      loop: "{{ members }}"
+
+  handlers:
+    - name: force change password
+      become: true
+      command: "chage -d 0 {{ item.name }}"
+      loop: "{{ members }}"