2023-10-25 22:26:17 +02:00
|
|
|
---
|
2024-10-08 17:02:29 +02:00
|
|
|
- name: Set groups as list
|
2023-10-25 22:26:17 +02:00
|
|
|
ansible.builtin.set_fact:
|
2024-10-23 18:01:13 +02:00
|
|
|
groups_as_list: "{{ (((item.groups) | list) | sort) | unique }}"
|
2024-10-08 17:02:29 +02:00
|
|
|
loop: "{{ users }}"
|
2023-10-25 22:26:17 +02:00
|
|
|
when: item.groups is defined
|
2024-10-23 20:16:30 +02:00
|
|
|
become: false
|
2024-10-08 17:57:13 +02:00
|
|
|
no_log: true
|
2023-10-25 22:26:17 +02:00
|
|
|
|
2024-10-08 17:02:29 +02:00
|
|
|
- name: Ensure groups exist
|
2023-10-25 22:26:17 +02:00
|
|
|
ansible.builtin.group:
|
|
|
|
name: "{{ item }}"
|
|
|
|
state: present
|
2024-10-08 17:02:29 +02:00
|
|
|
loop: '{{ groups_as_list }}'
|
2023-10-25 22:26:17 +02:00
|
|
|
when: groups_as_list is defined
|
2024-10-08 17:02:29 +02:00
|
|
|
no_log: true
|
2023-10-25 22:26:17 +02:00
|
|
|
|
2024-10-08 17:02:29 +02:00
|
|
|
- name: Ensure users exist
|
2023-10-25 22:26:17 +02:00
|
|
|
ansible.builtin.user:
|
|
|
|
name: "{{ item.username }}"
|
|
|
|
uid: "{{ item.uid | default(omit) }}"
|
|
|
|
shell: "{{ item.shell | default('/bin/bash') }}"
|
|
|
|
password: "{{ item.password }}"
|
|
|
|
update_password: "{{ item.update_password | default(omit) }}"
|
|
|
|
groups: "{{ item.groups | default(omit) }}"
|
|
|
|
createhome: "{{ item.createhome | default('yes') }}"
|
|
|
|
state: "{{ item.state | default('present') }}"
|
|
|
|
loop: '{{ users }}'
|
2024-10-23 21:24:24 +02:00
|
|
|
#no_log: true
|
2023-10-25 22:26:17 +02:00
|
|
|
|
2024-10-08 17:02:29 +02:00
|
|
|
- name: Ensure user ssh-keys exist
|
2023-10-25 22:26:17 +02:00
|
|
|
ansible.posix.authorized_key:
|
|
|
|
user: "{{ item.username }}"
|
|
|
|
key: "{{ item.public_ssh_key }}"
|
2024-10-23 20:16:30 +02:00
|
|
|
state: "{{ item.state | default('present') }}"
|
2023-10-25 22:26:17 +02:00
|
|
|
when: item.public_ssh_key is defined
|
|
|
|
loop: '{{ users }}'
|
2024-10-23 21:24:24 +02:00
|
|
|
#no_log: true
|
2023-10-25 22:26:17 +02:00
|
|
|
|
2024-10-08 17:02:29 +02:00
|
|
|
- name: Ensure users are added to sudoers
|
2024-10-23 21:53:19 +02:00
|
|
|
ansible.builtin.blockinfile:
|
|
|
|
create: true # todo extra task fur abbau
|
|
|
|
path: "/etc/sudoers.d/users-sudo-{{ item.username }}"
|
|
|
|
state: present
|
|
|
|
block: |
|
|
|
|
{{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if (item.allow_passwordless_sudo | d(false)) else '' }}ALL
|
|
|
|
validate: 'visudo -cf %s'
|
2023-10-25 22:26:17 +02:00
|
|
|
loop: '{{ users }}'
|
2024-10-23 20:16:30 +02:00
|
|
|
when: item.allow_sudo|default(false) and item.allow_sudo is defined
|
2024-10-23 21:24:24 +02:00
|
|
|
#no_log: true
|