devs/bin/ansible/pritunl_users.yaml

134 lines
5.7 KiB
YAML
Raw Normal View History

---
# Devops Ansible Script
# Playbook: pritunl_users.yaml
# Description: Add, enable, disable or remove pritunl vpn users
# Author: Mauro Rosero P.
# Email: mauro@rosero.one (mauro.rosero@gmail.com)
# Organization: ROSERO ONE
# Created: Ene 04, 2025 12:00:00
# Updated: 2025-01-05 00:00:00
- name: PLAYBOOK - {{ playbook_program | upper }} ({{ playbook_description | upper }})
hosts: [localhost]
become: no
gather_facts: no
vars:
playbook_program: 'pritunl_users'
playbook_description: 'Add, enable, disable or remove pritunl vpn users'
managed_sufix: 'pritunl-vpn'
main_action: 'MANAGE PRITUNL VPN USERS'
language: "{{ lang_modified | default(default_lang, true) }}"
messages_file: "{{ messages_path }}/{{ messages_prefix | upper}}-{{ language | upper }}.yaml"
pre_tasks:
- name: PRE -- LOAD FULL LANGUAGE MESSAGES FOR THIS PLAYBOOK
include_tasks:
file: includes/load_messages.yaml
run_once: true
- name: PRE -- SET PRITUNL VPN CREDENTIALS SOPS FILE
set_fact:
sops_file: '{{ sops_vpnadm_file }}'
- name: PRE -- GET REQUIRED SOPS CREDENTIALS
include_tasks:
file: includes/sops_credentials.yaml
run_once: true
- name: Check for succesfull credential vars loaded
ansible.builtin.assert:
that:
- sops_vars is defined
- sops_vars.PRITUNL_SECRET is defined
- sops_vars.PRITUNL_TOKEN is defined
fail_msg: "{{ messages.console.error.credentials_fail }}"
quiet: true
run_once: true
- name: Check if pritunl action is defined
ansible.builtin.assert:
that:
- input_pritunl_action is not defined or ( input_pritunl_action is defined and input_pritunl_action in ["add", "remove", "enable", "disable"] )
fail_msg: "{{ messages.console.error.no_pritunl_action }}"
quiet: true
run_once: true
- name: Check if pritunl user is defined
ansible.builtin.assert:
that:
- input_pritunl_user is defined
fail_msg: "{{ messages.console.error.no_pritunl_user }}"
quiet: true
run_once: true
- name: Check if pritunl email for user is defined
ansible.builtin.assert:
that:
- input_pritunl_email is defined
fail_msg: "{{ messages.console.error.no_pritunl_email }}"
quiet: true
when: input_pritunl_action is not defined or ( input_pritunl_action is defined and input_pritunl_action != "remove" )
run_once: true
tasks:
- block:
- name: --|| WAIT FOR SERVER(S) CONNECTION
wait_for_connection:
timeout: '{{ sysop_timeout_connection | int }}'
when: ansible_connection is defined and ansible_connection != 'local'
- block:
- name: --|| ADD PRITUNL VPN USER ({{ input_pritunl_user | upper }})
community.general.pritunl_user:
pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}"
pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}"
pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}"
organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}"
user_name: '{{ input_pritunl_user | lower }}'
user_email: '{{ input_pritunl_email | lower }}'
user_disabled: '{{ platform_pritunl_usr_default }}'
user_gravatar: '{{ platform_pritunl_img_default }}'
when: input_pritunl_action is not defined or ( input_pritunl_action is defined and input_pritunl_action == 'add' )
- name: --|| REMOVE PRITUNL VPN USER ({{ input_pritunl_user | upper }})
community.general.pritunl_user:
pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}"
pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}"
pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}"
state: absent
organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}"
user_name: '{{ input_pritunl_user | lower }}'
when: input_pritunl_action is defined and input_pritunl_action == 'remove'
- name: --|| ENABLE PRITUNL VPN USER ({{ input_pritunl_user | upper }})
community.general.pritunl_user:
pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}"
pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}"
pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}"
organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}"
user_name: '{{ input_pritunl_user | lower }}'
user_email: '{{ input_pritunl_email | lower }}'
user_disabled: false
when: input_pritunl_action is defined and input_pritunl_action == 'enable'
- name: --|| DISABLE PRITUNL VPN USER ({{ input_pritunl_user | upper }})
community.general.pritunl_user:
pritunl_url: "{{ platform_web_protocol }}{{ platform_vpn_server_devs }}:{{ platform_vpn_api_port }}"
pritunl_api_secret: "{{ sops_vars.PRITUNL_SECRET | b64decode | replace('\r', '') }}"
pritunl_api_token: "{{ sops_vars.PRITUNL_TOKEN | b64decode | replace('\r', '') }}"
organization: "{{ input_pritunl_org | default(platform_pritunl_org_default, true) | upper }}"
user_name: '{{ input_pritunl_user | lower }}'
user_email: '{{ input_pritunl_email | lower }}'
user_disabled: true
when: input_pritunl_action is defined and input_pritunl_action == 'disable'
when: true
when: true