diff --git a/vars/network.yml b/vars/network.yml index 5808eb9..28f80cb 100644 --- a/vars/network.yml +++ b/vars/network.yml @@ -3,6 +3,6 @@ domain: net.enp.one router: address: router.tre2.local - static: + static_dhcp: server: DOMAIN subnet: 10.42.101.0/24 diff --git a/vars/users.yml b/vars/users.yml index 56f6212..5c38210 100644 --- a/vars/users.yml +++ b/vars/users.yml @@ -1,64 +1,104 @@ --- users: - # - name: username (required) - # fullname: user's full name (optional) - # password: quoted hash of password (required) - # autorized: array of keys allowed to ssh into account (optional) - # keys: array of keys given to the account to use on workstations (optional) - # admin: boolean whether to give sudo privleges (optional) + # name: (required) username + # password: (required) password encrypted using "python -c 'import crypt; print(crypt.crypt(raw_input(), crypt.mksalt(crypt.METHOD_SHA512)))'" + # targets: (required) list of targets to grant the user permission on + # admin: (required) boolean indicates whether to give sudo access + # fullname: (optional) full name of the user + # svc: (optional) whether the account is a service account - name: root - authorized: ['all'] - password: "" + password: "$6$UuXJahi90Mh9aQ.6$dsqQGH4of9EDRR11UbsXL077hQW.AV3WdflbjZResKr85osoCC7Ff/l7hDHv5uL6zJjbNhXaRrVfj/EaGycZ0/" + targets: + - servers + - vms + - workstations admin: True # Automation users - name: ansible - authorized: ['all'] - password: "" + password: "$6$SbdfIFNKL3jkMOdu$IOctsiJUQbOkj9dtGWV4lUqwwAA5nA8dLKFTLUrm5Fzk1Efl7QAxS36Vs94ra2JlqlYg1XKR7SNQM2q.fUa7t/" + targets: + - servers + - vms + - workstations + - datastore + - gitea + - plex + - admin admin: True + svc: True # Service accounts - name: svc_gitea - authorized: ['potentia', 'vm-host-gitea'] - password: "" + password: "$6$ThlNrAQeWYqeqHdY$4eoVF0FvZdDND9jCG9WpSPtf7akeEg5NqpcPqDBjrikV6e3wwS77umXqbkx0hrN/2ByahiW5dx/laQZa6xZrR." + targets: + - datastore + - gitea admin: False + svc: True - name: svc_plex - authorized: ['potentia', 'vm-host-plex'] - password: "" + password: "$6$dDEwXYf6DYbVZCw4$KZWDDZV1bO7KwGdWkbsck/A.fAqxOyExy4MI8QHtnOyjumgImidTck71V3cs8rZ6nASsspqmIqy4YlWH9o1la." + targets: + - datastore + - plex admin: False + svc: True # Actual user accounts - name: enpaul fullname: Ethan N. Paul - authorized: ['workstations', 'servers', 'vms'] password: "$6$mTfv47Xr1/bmYU80$W90AQisMUGjYQF5KOo67hHQl8sgxQH4HPwi.Bh6qUYcwIdG9ICyqAnBYrmtfFohGYvjU7jC/3AXPUWY8vnWLJ/" + targets: + - servers + - vms + - workstations + - datastore + - gitea + - plex + - admin admin: True - name: kaisersjr fullname: Sultan Jilani - authorized: ['workstations'] - password: "" + password: "$6$Xxer5gAKkiDdYuI.$Yep2hja0l7bZko8sVpk9AzxDJwAet.lEXzpy/W0ghyL42z7AandboL9/MPXeHan0oQzEOAebTKnAxdpprV8Pg0" + targets: + - datastore + - gitea + - vpn + - workstations admin: False - name: notsoninja fullname: Johnathan W. Adams - authorized: ['workstations'] - password: "" + password: "$6$PNQCj9oRGTmPsV8B$wWIC10U7fAbaZKOxeYjaK9jhTeXG2LS94JFiOCJlGtcgzl8I4kI5212oBn8RJ2P9.fIm.7Zo/Ih6BrUGGZLyh/" + targets: + - datastore + - gitea + - vpn + - workstations admin: False - name: avalonburned fullname: Christine K. Deidrich - authorized: ['workstations'] - password: "" + password: "$6$axpFNAA1/Xn7a9OM$GriXqvM./KMjJpJyCCghsOl256oORUvWhQApg.aj2pGbbuiespT4pmdWATU2de5RwJkJznrA6hIdMxHPQmN9T0" + targets: + - datastore + - gitea + - vpn + - workstations admin: False - name: sglagovitch fullname: Sophia Glagovitch - authorized: ['workstations'] password: "$6$JC4neE6pXlGAbwSA$13t55k38QHhAHYrt0Ybg51ADknX0lyRpyQOHwREUBeZ8kfxaVcOISt3EcwwSxxWWzwzW5hfRgbC82n3O.zcHr1" + targets: + - datastore + - gitea + - vpn + - workstations admin: False