Markus Katharina Brechtel 7 anni fa
parent
commit
049d3f892e
7 ha cambiato i file con 95 aggiunte e 82 eliminazioni
  1. +8
    -0
      tasks/groups.yml
  2. +10
    -0
      tasks/home.yml
  3. +20
    -0
      tasks/linger.yml
  4. +5
    -81
      tasks/main.yml
  5. +26
    -0
      tasks/ssh.yml
  6. +25
    -0
      tasks/user.yml
  7. +1
    -1
      templates/ssh_authorized_keys.j2

+ 8
- 0
tasks/groups.yml Vedi File

@@ -0,0 +1,8 @@
---

- name: groups
group:
name: "{{ item }}"
gid: "{{ user_groups[item].gid }}"
with_items: "{{ user_groups.keys() }}"
when: user_groups is defined

+ 10
- 0
tasks/home.yml Vedi File

@@ -0,0 +1,10 @@
---

- name: home directory
file:
path: "{{ users[item].home | default('/home/'+item) }}"
owner: "{{ item }}"
group: "{{ item }}"
mode: "{{ users[item].homedir_mode | default(700) }}"
state: directory
with_items: "{{ users.keys() }}"

+ 20
- 0
tasks/linger.yml Vedi File

@@ -0,0 +1,20 @@
---

- name: check if systemd lingering is enabled
stat:
path: /var/lib/systemd/linger/{{item}}
register: _users_systemd_linger_stat
with_items: "{{ users.keys() }}"

- name: set systemd lingering
command:
loginctl
{{ users[item].linger | ternary('enable','disable') }}-linger
{{item}}
with_items: "{{ users.keys() }}"
when:
- users[item].linger is defined
- (
_users_systemd_linger_stat.results
| json_query("[?item=='"+item+"'].stat.exists") | first
) != users[item].linger

+ 5
- 81
tasks/main.yml Vedi File

@@ -1,83 +1,7 @@
---

- name: user groups
group:
name: "{{ item }}"
gid: "{{ user_groups[item].gid }}"
state: present
with_items: "{{ user_groups.keys() }}"
when: user_groups is defined

- name: users primary group
group:
name: "{{ item }}"
gid: "{{ users[item].gid }}"
state: present
with_items: "{{ users.keys() }}"
when: users[item].gid is defined

- name: user accounts
user:
name: "{{ item }}"
group: "{{ item }}"
groups: "{{ users[item].groups | default([]) | join(',') }}"
uid: "{{ users[item].uid }}"
home: "{{ users[item].home | default('/home/'+item) }}"
shell: "{{ users[item].shell | default('/usr/bin/fish') }}"
generate_ssh_key: yes
ssh_key_type: ed25519
state: present
with_items: "{{ users.keys() }}"

- name: user passwords
user:
name: "{{ item }}"
password: "{{ users[item].password }}"
with_items: "{{ users.keys() }}"
when: users[item].password is defined

- name: home directory
file:
path: "{{ users[item].home | default('/home/'+item) }}"
owner: "{{ item }}"
group: "{{ item }}"
mode: "{{ users[item].homedir_mode | default(700) }}"
state: directory
with_items: "{{ users.keys() }}"

- name: ssh directory
file:
path: "{{ users[item].home | default('/home/'+item) }}/.ssh"
owner: "{{ item }}"
group: "{{ item }}"
mode: "700"
state: directory
with_items: "{{ users.keys() }}"

- name: ssh authorized keys
template:
src: ssh_authorized_keys.j2
dest: "{{ users[item].home | default('/home/'+item) }}/.ssh/authorized_keys"
owner: "{{ item }}"
group: "{{ item }}"
with_items: "{{ users.keys() }}"
when: users[item].ssh_authorized_keys is defined

- name: check if systemd lingering is enabled
stat:
path: /var/lib/systemd/linger/{{item}}
register: _users_systemd_linger_stat
with_items: "{{ users.keys() }}"

- name: set systemd lingering
command:
loginctl
{{ users[item].linger | ternary('enable','disable') }}-linger
{{item}}
with_items: "{{ users.keys() }}"
when:
- users[item].linger is defined
- (
_users_systemd_linger_stat.results
| json_query("[?item=='"+item+"'].stat.exists") | first
) != users[item].linger
- include: groups.yml
- include: user.yml
- include: home.yml
- include: ssh.yml
- include: linger.yml

+ 26
- 0
tasks/ssh.yml Vedi File

@@ -0,0 +1,26 @@
---

- name: ssh_key
user:
name: "{{ item }}"
generate_ssh_key: yes
ssh_key_type: ed25519
with_items: "{{ users.keys() }}"

- name: ssh directory
file:
path: "{{ users[item].home | default('/home/'+item) }}/.ssh"
owner: "{{ item }}"
group: "{{ item }}"
mode: "700"
state: directory
with_items: "{{ users.keys() }}"

- name: ssh authorized keys
template:
src: ssh_authorized_keys.j2
dest: "{{ users[item].home | default('/home/'+item) }}/.ssh/authorized_keys"
owner: "{{ item }}"
group: "{{ item }}"
with_items: "{{ users.keys() }}"
when: users[item].ssh_authorized_keys is defined

+ 25
- 0
tasks/user.yml Vedi File

@@ -0,0 +1,25 @@
---

- name: primary group
group:
name: "{{ item }}"
gid: "{{ users[item].gid }}"
with_items: "{{ users.keys() }}"
when: users[item].gid is defined

- name: account
user:
name: "{{ item }}"
group: "{{ item }}"
groups: "{{ users[item].groups | default([]) | join(',') }}"
uid: "{{ users[item].uid }}"
home: "{{ users[item].home | default('/home/'+item) }}"
shell: "{{ users[item].shell | default('/usr/bin/fish') }}"
with_items: "{{ users.keys() }}"

- name: password
user:
name: "{{ item }}"
password: "{{ users[item].password }}"
with_items: "{{ users.keys() }}"
when: users[item].password is defined

+ 1
- 1
templates/ssh_authorized_keys.j2 Vedi File

@@ -1,3 +1,3 @@
{% for key in users[item].authorized_keys %}
{% for key in users[item].ssh_authorized_keys %}
{{ key }}
{% endfor %}

Loading…
Annulla
Salva