--- - name: user groups group: name: "{{ item }}" gid: "{{ user_groups[item].gid }}" state: present with_items: "{{ user_groups.keys() }}" when: user_groups is defined - name: users primary group group: name: "{{ item }}" gid: "{{ users[item].gid }}" state: present with_items: "{{ users.keys() }}" when: users[item].gid is defined - name: user accounts user: name: "{{ item }}" group: "{{ item }}" groups: "{{ users[item].groups | default([]) | join(',') }}" uid: "{{ users[item].uid }}" home: "{{ users[item].home | default('/home/'+item) }}" shell: "{{ users[item].shell | default('/usr/bin/fish') }}" generate_ssh_key: yes ssh_key_type: ed25519 state: present with_items: "{{ users.keys() }}" - name: user passwords user: name: "{{ item }}" password: "{{ users[item].password }}" with_items: "{{ users.keys() }}" when: users[item].password is defined - name: home directory file: path: "{{ users[item].home | default('/home/'+item) }}" owner: "{{ item }}" group: "{{ item }}" mode: "{{ users[item].homedir_mode | default(700) }}" state: directory with_items: "{{ users.keys() }}" - name: ssh directory file: path: "{{ users[item].home | default('/home/'+item) }}/.ssh" owner: "{{ item }}" group: "{{ item }}" mode: "700" state: directory with_items: "{{ users.keys() }}" - name: ssh authorized keys template: src: ssh_authorized_keys.j2 dest: "{{ users[item].home | default('/home/'+item) }}/.ssh/authorized_keys" owner: "{{ item }}" group: "{{ item }}" with_items: "{{ users.keys() }}" when: users[item].ssh_authorized_keys is defined - name: check if systemd lingering is enabled stat: path: /var/lib/systemd/linger/{{item}} register: _users_systemd_linger_stat with_items: "{{ users.keys() }}" - name: set systemd lingering command: loginctl {{ users[item].linger | ternary('enable','disable') }}-linger {{item}} with_items: "{{ users.keys() }}" when: - users[item].linger is defined - ( _users_systemd_linger_stat.results | json_query("[?item=='"+item+"'].stat.exists") | first ) != users[item].linger