ka
/
ansible-role-users
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
42KB
Tree: a326cd6754
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'a326cd6754'
${ noResults }
ansible-role-users/tasks/main.yml

84 lines
2.2KB
Raw Blame History 

  1. ---

  2. 

  3. - name: user groups

  4.   group:

  5.     name: "{{ item }}"

  6.     gid: "{{ user_groups[item].gid }}"

  7.     state: present

  8.   with_items: "{{ user_groups.keys() }}"

  9.   when: user_groups is defined

  10. 

  11. - name: users primary group

  12.   group:

  13.     name: "{{ item }}"

  14.     gid: "{{ users[item].gid }}"

  15.     state: present

  16.   with_items: "{{ users.keys() }}"

  17.   when: users[item].gid is defined

  18. 

  19. - name: user accounts

  20.   user:

  21.     name: "{{ item }}"

  22.     group: "{{ item }}"

  23.     groups: "{{ users[item].groups | default([]) | join(',') }}"

  24.     uid: "{{ users[item].uid }}"

  25.     home: "{{ users[item].home | default('/home/'+item) }}"

  26.     shell: "{{ users[item].shell | default('/bin/bash') }}"

  27.     generate_ssh_key: yes

  28.     ssh_key_type: ed25519

  29.     state: present

  30.   with_items: "{{ users.keys() }}"

  31. 

  32. - name: user passwords

  33.   user:

  34.     name: "{{ item }}"

  35.     password: "{{ users[item].password }}"

  36.   with_items: "{{ users.keys() }}"

  37.   when: users[item].password is defined

  38. 

  39. - name: home directory

  40.   file:

  41.     path: "{{ users[item].home | default('/home/'+item) }}"

  42.     owner: "{{ item }}"

  43.     group: "{{ item }}"

  44.     mode: "{{ users[item].homedir_mode | default(700) }}"

  45.     state: directory

  46.   with_items: "{{ users.keys() }}"

  47. 

  48. - name: ssh directory

  49.   file:

  50.     path: "{{ users[item].home | default('/home/'+item) }}/.ssh"

  51.     owner: "{{ item }}"

  52.     group: "{{ item }}"

  53.     mode: "700"

  54.     state: directory

  55.   with_items: "{{ users.keys() }}"

  56. 

  57. - name: ssh authorized keys

  58.   template:

  59.     src: ssh_authorized_keys.j2

  60.     dest: "{{ users[item].home | default('/home/'+item) }}/.ssh/authorized_keys"

  61.     owner: "{{ item }}"

  62.     group: "{{ item }}"

  63.   with_items: "{{ users.keys() }}"

  64.   when: users[item].authorized_keys is defined

  65. 

  66. - name: check if systemd lingering is enabled

  67.   stat:

  68.     path: /var/lib/systemd/linger/{{item}}

  69.   register: _users_systemd_linger_stat

  70.   with_items: "{{ users.keys() }}"

  71. 

  72. - name: set systemd lingering

  73.   command:

  74.     loginctl

  75.     {{ users[item].linger | ternary('enable','disable') }}-linger

  76.     {{item}}

  77.   with_items: "{{ users.keys() }}"

  78.   when:

  79.     - users[item].linger is defined

  80.     - (

  81.         _users_systemd_linger_stat.results

  82.         | json_query("[?item=='"+item+"'].stat.exists") | first

  83.       ) != users[item].linger