refactored

tasks/groups.yml

@@ -0,0 +1,8 @@
+---
+
+- name: groups
+  group:
+    name: "{{ item }}"
+    gid: "{{ user_groups[item].gid }}"
+  with_items: "{{ user_groups.keys() }}"
+  when: user_groups is defined

tasks/home.yml

@@ -0,0 +1,10 @@
+---
+
+- name: home directory
+  file:
+    path: "{{ users[item].home | default('/home/'+item) }}"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: "{{ users[item].homedir_mode | default(700) }}"
+    state: directory
+  with_items: "{{ users.keys() }}"

tasks/linger.yml

@@ -0,0 +1,20 @@
+---
+
+- name: check if systemd lingering is enabled
+  stat:
+    path: /var/lib/systemd/linger/{{item}}
+  register: _users_systemd_linger_stat
+  with_items: "{{ users.keys() }}"
+
+- name: set systemd lingering
+  command:
+    loginctl
+    {{ users[item].linger | ternary('enable','disable') }}-linger
+    {{item}}
+  with_items: "{{ users.keys() }}"
+  when:
+    - users[item].linger is defined
+    - (
+        _users_systemd_linger_stat.results
+        | json_query("[?item=='"+item+"'].stat.exists") | first
+      ) != users[item].linger

tasks/main.yml

@@ -1,83 +1,7 @@
 ---
 
-- name: user groups
-  group:
-    name: "{{ item }}"
-    gid: "{{ user_groups[item].gid }}"
-    state: present
-  with_items: "{{ user_groups.keys() }}"
-  when: user_groups is defined
-
-- name: users primary group
-  group:
-    name: "{{ item }}"
-    gid: "{{ users[item].gid }}"
-    state: present
-  with_items: "{{ users.keys() }}"
-  when: users[item].gid is defined
-
-- name: user accounts
-  user:
-    name: "{{ item }}"
-    group: "{{ item }}"
-    groups: "{{ users[item].groups | default([]) | join(',') }}"
-    uid: "{{ users[item].uid }}"
-    home: "{{ users[item].home | default('/home/'+item) }}"
-    shell: "{{ users[item].shell | default('/usr/bin/fish') }}"
-    generate_ssh_key: yes
-    ssh_key_type: ed25519
-    state: present
-  with_items: "{{ users.keys() }}"
-
-- name: user passwords
-  user:
-    name: "{{ item }}"
-    password: "{{ users[item].password }}"
-  with_items: "{{ users.keys() }}"
-  when: users[item].password is defined
-
-- name: home directory
-  file:
-    path: "{{ users[item].home | default('/home/'+item) }}"
-    owner: "{{ item }}"
-    group: "{{ item }}"
-    mode: "{{ users[item].homedir_mode | default(700) }}"
-    state: directory
-  with_items: "{{ users.keys() }}"
-
-- name: ssh directory
-  file:
-    path: "{{ users[item].home | default('/home/'+item) }}/.ssh"
-    owner: "{{ item }}"
-    group: "{{ item }}"
-    mode: "700"
-    state: directory
-  with_items: "{{ users.keys() }}"
-
-- name: ssh authorized keys
-  template:
-    src: ssh_authorized_keys.j2
-    dest: "{{ users[item].home | default('/home/'+item) }}/.ssh/authorized_keys"
-    owner: "{{ item }}"
-    group: "{{ item }}"
-  with_items: "{{ users.keys() }}"
-  when: users[item].ssh_authorized_keys is defined
-
-- name: check if systemd lingering is enabled
-  stat:
-    path: /var/lib/systemd/linger/{{item}}
-  register: _users_systemd_linger_stat
-  with_items: "{{ users.keys() }}"
-
-- name: set systemd lingering
-  command:
-    loginctl
-    {{ users[item].linger | ternary('enable','disable') }}-linger
-    {{item}}
-  with_items: "{{ users.keys() }}"
-  when:
-    - users[item].linger is defined
-    - (
-        _users_systemd_linger_stat.results
-        | json_query("[?item=='"+item+"'].stat.exists") | first
-      ) != users[item].linger
+- include: groups.yml
+- include: user.yml
+- include: home.yml
+- include: ssh.yml
+- include: linger.yml

tasks/ssh.yml

@@ -0,0 +1,26 @@
+---
+
+- name: ssh_key
+  user:
+    name: "{{ item }}"
+    generate_ssh_key: yes
+    ssh_key_type: ed25519
+  with_items: "{{ users.keys() }}"
+
+- name: ssh directory
+  file:
+    path: "{{ users[item].home | default('/home/'+item) }}/.ssh"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+    mode: "700"
+    state: directory
+  with_items: "{{ users.keys() }}"
+
+- name: ssh authorized keys
+  template:
+    src: ssh_authorized_keys.j2
+    dest: "{{ users[item].home | default('/home/'+item) }}/.ssh/authorized_keys"
+    owner: "{{ item }}"
+    group: "{{ item }}"
+  with_items: "{{ users.keys() }}"
+  when: users[item].ssh_authorized_keys is defined

tasks/user.yml

@@ -0,0 +1,25 @@
+---
+
+- name: primary group
+  group:
+    name: "{{ item }}"
+    gid: "{{ users[item].gid }}"
+  with_items: "{{ users.keys() }}"
+  when: users[item].gid is defined
+
+- name: account
+  user:
+    name: "{{ item }}"
+    group: "{{ item }}"
+    groups: "{{ users[item].groups | default([]) | join(',') }}"
+    uid: "{{ users[item].uid }}"
+    home: "{{ users[item].home | default('/home/'+item) }}"
+    shell: "{{ users[item].shell | default('/usr/bin/fish') }}"
+  with_items: "{{ users.keys() }}"
+
+- name: password
+  user:
+    name: "{{ item }}"
+    password: "{{ users[item].password }}"
+  with_items: "{{ users.keys() }}"
+  when: users[item].password is defined

templates/ssh_authorized_keys.j2

@@ -1,3 +1,3 @@
-{% for  key in users[item].authorized_keys %}
+{% for  key in users[item].ssh_authorized_keys %}
 {{ key }}
 {% endfor %}