X-Git-Url: https://git.madduck.net/code/vinst.git/blobdiff_plain/88d4c549e67f2e2e27d1d25199c7adf8ba078abd..10cac4edfc25c11d66c0950c22371c2f7a3fe615:/preseed/jessie/commands/late_commands.d/ansible_user?ds=sidebyside

diff --git a/preseed/jessie/commands/late_commands.d/ansible_user b/preseed/jessie/commands/late_commands.d/ansible_user
new file mode 100755
index 0000000..10adacd
--- /dev/null
+++ b/preseed/jessie/commands/late_commands.d/ansible_user
@@ -0,0 +1,26 @@
+#!/bin/sh
+
+export DEBCONF_FRONTEND=noninteractive
+apt-get install -y sudo
+
+USER=ansible
+echo "Adding $USER user and installing SSH key"
+
+HOME=/var/lib/$USER
+adduser --home $HOME --shell /bin/sh \
+  --uid 999 --gid 65534 --disabled-password \
+  --gecos 'Remote control with ansible' $USER
+
+install -d -m 700 -o $USER -g nogroup $HOME/.ssh
+cat <<_eof > $HOME/.ssh/authorized_keys
+no-agent-forwarding,no-port-forwarding,no-user-rc,no-X11-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDGUrO3VGYap3uyphcExiA4VXjXzwyiqXA4kD3o3uLi45Lw9TFCefwa815R4JkRhaGs/4pqy4Bqcmb6kbEOEaTS6xidedQOcuHIxk6nZfDAhGm95rmx1kSxgLIBYJn0RPFvdRiFuoGC07tn4FRQ/seiTVbbTtgy7Wrb3XqFMPhBp1EFfe0ASZdEUJ/EfZl/a72y/57DTflL6RzPIWF6t0z5URURSm3caC4Uxpvx3FK37xzXOd0il7ikv1UeC5pMopwR74zb9SfFiPVEcOK64jq8xnS7ugTOrlb+H5JwchOO88eUTD1pd72+4a7XkeHzneXT8mNROQJZUU1vxoJpZXFziL0uCtnR9QVt+/mE4q3MiYjq5YYOXYCJ0vKIDKVAkxv3U71N8WpnasLmC5mal7juuj8tHXqQJc8bNt7ZxoSRESwRjhIXmoIxdkso862KTM7FL5SKPGDwE8ifog4OU3PcI8C5dfTY1vMa7mZszsO3sK1+gpiJBUlWu0nv9Q2qB3KDPoKA/VnPGBitQSIMbFgDfUs/JXJ35q4ynxO/h0NqCPGXx1bECc6meepND99qo301kYPxYLY4FVeFMVJbcdS/kn0YxbMikaRmr3SqxaRUb4vl1NDKdtoIcIyS0Gh4AvTYtxlLZwShf8ImtRzLerLwqx73WWSIeNai+pHJJNTMvw== madduck@fishbowl
+_eof
+chmod -R u=rwX,og= $HOME
+chown -R ${USER}.nogroup $HOME
+
+SUDOFILE=/etc/sudoers.d/local-ansible-user
+cat <<_eof > $SUDOFILE
+Defaults>ansible !requiretty
+$USER $(hostname --fqdn)=(root) NOPASSWD: ALL
+_eof
+chmod 440 $SUDOFILE