diff --git a/tasks/groups.yml b/tasks/groups.yml new file mode 100644 index 0000000..e796748 --- /dev/null +++ b/tasks/groups.yml @@ -0,0 +1,8 @@ +--- + +- name: groups + group: + name: "{{ item }}" + gid: "{{ user_groups[item].gid }}" + with_items: "{{ user_groups.keys() }}" + when: user_groups is defined diff --git a/tasks/home.yml b/tasks/home.yml new file mode 100644 index 0000000..1647bc0 --- /dev/null +++ b/tasks/home.yml @@ -0,0 +1,10 @@ +--- + +- name: home directory + file: + path: "{{ users[item].home | default('/home/'+item) }}" + owner: "{{ item }}" + group: "{{ item }}" + mode: "{{ users[item].homedir_mode | default(700) }}" + state: directory + with_items: "{{ users.keys() }}" diff --git a/tasks/linger.yml b/tasks/linger.yml new file mode 100644 index 0000000..7aa6993 --- /dev/null +++ b/tasks/linger.yml @@ -0,0 +1,20 @@ +--- + +- name: check if systemd lingering is enabled + stat: + path: /var/lib/systemd/linger/{{item}} + register: _users_systemd_linger_stat + with_items: "{{ users.keys() }}" + +- name: set systemd lingering + command: + loginctl + {{ users[item].linger | ternary('enable','disable') }}-linger + {{item}} + with_items: "{{ users.keys() }}" + when: + - users[item].linger is defined + - ( + _users_systemd_linger_stat.results + | json_query("[?item=='"+item+"'].stat.exists") | first + ) != users[item].linger diff --git a/tasks/main.yml b/tasks/main.yml index bedbf01..074b462 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,83 +1,7 @@ --- -- name: user groups - group: - name: "{{ item }}" - gid: "{{ user_groups[item].gid }}" - state: present - with_items: "{{ user_groups.keys() }}" - when: user_groups is defined - -- name: users primary group - group: - name: "{{ item }}" - gid: "{{ users[item].gid }}" - state: present - with_items: "{{ users.keys() }}" - when: users[item].gid is defined - -- name: user accounts - user: - name: "{{ item }}" - group: "{{ item }}" - groups: "{{ users[item].groups | default([]) | join(',') }}" - uid: "{{ users[item].uid }}" - home: "{{ users[item].home | default('/home/'+item) }}" - shell: "{{ users[item].shell | default('/usr/bin/fish') }}" - generate_ssh_key: yes - ssh_key_type: ed25519 - state: present - with_items: "{{ users.keys() }}" - -- name: user passwords - user: - name: "{{ item }}" - password: "{{ users[item].password }}" - with_items: "{{ users.keys() }}" - when: users[item].password is defined - -- name: home directory - file: - path: "{{ users[item].home | default('/home/'+item) }}" - owner: "{{ item }}" - group: "{{ item }}" - mode: "{{ users[item].homedir_mode | default(700) }}" - state: directory - with_items: "{{ users.keys() }}" - -- name: ssh directory - file: - path: "{{ users[item].home | default('/home/'+item) }}/.ssh" - owner: "{{ item }}" - group: "{{ item }}" - mode: "700" - state: directory - with_items: "{{ users.keys() }}" - -- name: ssh authorized keys - template: - src: ssh_authorized_keys.j2 - dest: "{{ users[item].home | default('/home/'+item) }}/.ssh/authorized_keys" - owner: "{{ item }}" - group: "{{ item }}" - with_items: "{{ users.keys() }}" - when: users[item].ssh_authorized_keys is defined - -- name: check if systemd lingering is enabled - stat: - path: /var/lib/systemd/linger/{{item}} - register: _users_systemd_linger_stat - with_items: "{{ users.keys() }}" - -- name: set systemd lingering - command: - loginctl - {{ users[item].linger | ternary('enable','disable') }}-linger - {{item}} - with_items: "{{ users.keys() }}" - when: - - users[item].linger is defined - - ( - _users_systemd_linger_stat.results - | json_query("[?item=='"+item+"'].stat.exists") | first - ) != users[item].linger +- include: groups.yml +- include: user.yml +- include: home.yml +- include: ssh.yml +- include: linger.yml diff --git a/tasks/ssh.yml b/tasks/ssh.yml new file mode 100644 index 0000000..10dbe9d --- /dev/null +++ b/tasks/ssh.yml @@ -0,0 +1,26 @@ +--- + +- name: ssh_key + user: + name: "{{ item }}" + generate_ssh_key: yes + ssh_key_type: ed25519 + with_items: "{{ users.keys() }}" + +- name: ssh directory + file: + path: "{{ users[item].home | default('/home/'+item) }}/.ssh" + owner: "{{ item }}" + group: "{{ item }}" + mode: "700" + state: directory + with_items: "{{ users.keys() }}" + +- name: ssh authorized keys + template: + src: ssh_authorized_keys.j2 + dest: "{{ users[item].home | default('/home/'+item) }}/.ssh/authorized_keys" + owner: "{{ item }}" + group: "{{ item }}" + with_items: "{{ users.keys() }}" + when: users[item].ssh_authorized_keys is defined diff --git a/tasks/user.yml b/tasks/user.yml new file mode 100644 index 0000000..f23419d --- /dev/null +++ b/tasks/user.yml @@ -0,0 +1,25 @@ +--- + +- name: primary group + group: + name: "{{ item }}" + gid: "{{ users[item].gid }}" + with_items: "{{ users.keys() }}" + when: users[item].gid is defined + +- name: account + user: + name: "{{ item }}" + group: "{{ item }}" + groups: "{{ users[item].groups | default([]) | join(',') }}" + uid: "{{ users[item].uid }}" + home: "{{ users[item].home | default('/home/'+item) }}" + shell: "{{ users[item].shell | default('/usr/bin/fish') }}" + with_items: "{{ users.keys() }}" + +- name: password + user: + name: "{{ item }}" + password: "{{ users[item].password }}" + with_items: "{{ users.keys() }}" + when: users[item].password is defined diff --git a/templates/ssh_authorized_keys.j2 b/templates/ssh_authorized_keys.j2 index 74fcb57..e2ce41a 100644 --- a/templates/ssh_authorized_keys.j2 +++ b/templates/ssh_authorized_keys.j2 @@ -1,3 +1,3 @@ -{% for key in users[item].authorized_keys %} +{% for key in users[item].ssh_authorized_keys %} {{ key }} {% endfor %}