Started putting together more stuff for auth

group_vars/all.yml

@@ -1,42 +1,90 @@
 ---
 ansible_user: "ansible"
 
+domain: net.enp.one
+
+router:
+  address: router.tre2.local
+  dhcp_server: DOMAIN
+
 users:
   # - name: username (required)
   #   fullname: user's full name (optional)
   #   password: quoted hash of password (required)
   #   autorized: array of keys allowed to ssh into account (optional)
-  #   keys: array of keys given to the account to use (optional)
+  #   keys: array of keys given to the account to use on workstations (optional)
   #   admin: boolean whether to give sudo privleges (optional)
 
   - name: root
+    systems: ['all']
     password: "$6$X.yVUBXt2mFIZifh$/28nInewpIcTv4gkbwvD11HONamOdNoPdLfOS9Vc8y1hhQ9bYaa6lpuDqs9kepFqmWk/b1Y5xirxuMJ0Lt4Ls/"
-    # The admin key isn't needed...because it's root
-
-  - name: seldon
-    password: "$6$JP95938ETaQOaWIn$aXB2gAq.hahVX/LlIUEKrHEuPYrppiUZwyqRt32N6Sd2qddUamwIy1bY1Eic0LKOxVs30WaK.NARvgspeFwib1"
-    autorized: >
-      ['keys/users/enpaul_omni.pub']
+    authorized: []
     admin: True
 
+# Automation users
+
   - name: ansible
+    systems: ['all']
     password: "$6$0T/MG5AmDgBDDuYQ$Hz0p3eXIzPCgPdqr1Xy/NK/X8JUL8GP4o8zH80eGGGAetjc1P5KxFrAC4Vg8dknI0dOjOa9mn9Gtk5wZVX6uS1"
     autorized: >
       ['keys/automation/enpaul_omni_ansible.pub']
     admin: True
 
+# Service accounts
+
+  - name: svc_gitea
+    systems: ['potentia', 'vm-host-gitea']
+    password: "$6$0T/MG5AmDgBDDuYQ$Hz0p3eXIzPCgPdqr1Xy/NK/X8JUL8GP4o8zH80eGGGAetjc1P5KxFrAC4Vg8dknI0dOjOa9mn9Gtk5wZVX6uS1"
+    autorized: []
+    admin: False
+
+  - name: svc_plex
+    systems: ['potentia', 'vm-host-plex']
+    password: "$6$0T/MG5AmDgBDDuYQ$Hz0p3eXIzPCgPdqr1Xy/NK/X8JUL8GP4o8zH80eGGGAetjc1P5KxFrAC4Vg8dknI0dOjOa9mn9Gtk5wZVX6uS1"
+    autorized: []
+    admin: False
+
+# Actual user accounts
+
   - name: enpaul
     fullname: Ethan N. Paul
+    systems: ['workstations', 'servers', 'vms', 'gitea']
     password: "$6$mTfv47Xr1/bmYU80$W90AQisMUGjYQF5KOo67hHQl8sgxQH4HPwi.Bh6qUYcwIdG9ICyqAnBYrmtfFohGYvjU7jC/3AXPUWY8vnWLJ/"
     autorized: >
-      ['keys/users/enpaul_omni.pub']
+      ['keys/users/public/enpaul@omni.pub']
     keys: >
-      ['keys/users/enpaul_omni',
-       'keys/automation/enpaul_omni_ansible',
-       'keys/users/enpaul_starry',
-       'keys/automation/enpaul_starry_ansible']
+      ['keys/users/private/enpaul@omni',
+       'keys/users/private/enpaul@starry',
+       'keys/automation/private/enpaul@omni-ansible',
+       'keys/automation/private/enpaul@starry-ansible']
     admin: True
 
-router:
-  address: router.tre2.local
-  dhcp_server: DOMAIN
+  - name: kaisersjr
+    fullname: Sultan Jilani
+    systems: ['workstations', 'gitea']
+    password: "$6$mTfv47Xr1/bmYU80$W90AQisMUGjYQF5KOo67hHQl8sgxQH4HPwi.Bh6qUYcwIdG9ICyqAnBYrmtfFohGYvjU7jC/3AXPUWY8vnWLJ/"
+    autorized: >
+      ['keys/users/public/kaisersjr@omni.pub']
+    keys: >
+      ['keys/users/private/kaisersjr@omni']
+    admin: False
+
+  - name: notsoninja
+    fullname: Johnathan W. Adams
+    systems: ['workstations', 'gitea']
+    password: "$6$mTfv47Xr1/bmYU80$W90AQisMUGjYQF5KOo67hHQl8sgxQH4HPwi.Bh6qUYcwIdG9ICyqAnBYrmtfFohGYvjU7jC/3AXPUWY8vnWLJ/"
+    autorized: >
+      ['keys/users/public/notsoninja@omni.pub']
+    keys: >
+      ['keys/users/private/notsoninja@omni']
+    admin: False
+
+  - name: avalonburned
+    fullname: Christine K. Deidrich
+    systems: ['workstations', 'gitea']
+    password: "$6$mTfv47Xr1/bmYU80$W90AQisMUGjYQF5KOo67hHQl8sgxQH4HPwi.Bh6qUYcwIdG9ICyqAnBYrmtfFohGYvjU7jC/3AXPUWY8vnWLJ/"
+    autorized: >
+      ['keys/users/public/avalonburned@omni.pub']
+    keys: >
+      ['keys/users/private/avalonburned@omni']
+    admin: False