homeserver/roles/mgrote.users/tasks/main.yml

---
  - name: set groups as list
    ansible.builtin.set_fact:
      groups_as_list: "{{ (groups_as_list|default([]) + item.groups.split(','))|map('trim')|list|sort|unique }}"
    loop: '{{ users }}'
    when: item.groups is defined

  - name: create groups
    ansible.builtin.group:
      name: "{{ item }}"
      state: present
    loop: "{{ groups_as_list }}"
    when: groups_as_list is defined

  - name: create users
    ansible.builtin.user:
      name: "{{ item.username }}"
      uid: "{{ item.uid | default(omit) }}"
      shell: "{{ item.shell | default('/bin/bash') }}"
      password: "{{ item.password }}"
      update_password: "{{ item.update_password | default(omit) }}"
      groups: "{{ item.groups | default(omit) }}"
      createhome: "{{ item.createhome | default('yes') }}"
      state: "{{ item.state | default('present') }}"
    loop: '{{ users }}'

  - name: add ssh key
    ansible.posix.authorized_key:
      user: "{{ item.username }}"
      key: "{{ item.public_ssh_key }}"
      state: present
    when: item.public_ssh_key is defined
    loop: '{{ users }}'

  - name: add to sudoers
    ansible.builtin.lineinfile:
      dest: /etc/sudoers
      state: present
      regexp: '^{{ item.username }} '
      line: "{{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if ( item.allow_passwordless_sudo|d(false) )  else '' }}ALL"
      validate: 'visudo -cf %s'
    when: item.allow_sudo|default(false) == true and item.allow_sudo is defined
    loop: '{{ users }}'
Ersatz: create-users (#272) Co-authored-by: Michael Grote <michael.grote@posteo.de> Reviewed-on: https://git.mgrote.net/mg/ansible/pulls/272 Co-authored-by: mg <michael.grote@posteo.de> Co-committed-by: mg <michael.grote@posteo.de> 2021-12-28 11:25:29 +01:00			`---`
			`- name: set groups as list`
			`ansible.builtin.set_fact:`
			`groups_as_list: "{{ (groups_as_list\|default([]) + item.groups.split(','))\|map('trim')\|list\|sort\|unique }}"`
			`loop: '{{ users }}'`
			`when: item.groups is defined`

			`- name: create groups`
			`ansible.builtin.group:`
			`name: "{{ item }}"`
			`state: present`
			`loop: "{{ groups_as_list }}"`
			`when: groups_as_list is defined`

			`- name: create users`
			`ansible.builtin.user:`
			`name: "{{ item.username }}"`
			`uid: "{{ item.uid \| default(omit) }}"`
			`shell: "{{ item.shell \| default('/bin/bash') }}"`
			`password: "{{ item.password }}"`
			`update_password: "{{ item.update_password \| default(omit) }}"`
			`groups: "{{ item.groups \| default(omit) }}"`
			`createhome: "{{ item.createhome \| default('yes') }}"`
			`state: "{{ item.state \| default('present') }}"`
			`loop: '{{ users }}'`

			`- name: add ssh key`
			`ansible.posix.authorized_key:`
			`user: "{{ item.username }}"`
			`key: "{{ item.public_ssh_key }}"`
			`state: present`
			`when: item.public_ssh_key is defined`
			`loop: '{{ users }}'`

			`- name: add to sudoers`
			`ansible.builtin.lineinfile:`
			`dest: /etc/sudoers`
			`state: present`
			`regexp: '^{{ item.username }} '`
			`line: "{{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if ( item.allow_passwordless_sudo\|d(false) ) else '' }}ALL"`
			`validate: 'visudo -cf %s'`
			`when: item.allow_sudo\|default(false) == true and item.allow_sudo is defined`
			`loop: '{{ users }}'`