homeserver/roles/nickjj.ansible-user/tasks/main.yml

48 lines
1.2 KiB
YAML
Raw Normal View History

2020-08-18 11:57:53 +02:00
---
- name: "Create user group(s)"
group:
name: "{{ item }}"
loop: "{{ user_groups }}"
when: user_groups
- name: "Create user"
user:
name: "{{ user_name }}"
groups: "{{ (user_groups | join(',')) }}"
generate_ssh_key: "{{ user_generate_ssh_key }}"
shell: "{{ user_shell }}"
- name: "Set authorized_key to allow SSH key based logins"
authorized_key:
user: "{{ user_name }}"
key: "{{ lookup('file', user_local_ssh_key_path) }}"
when: user_local_ssh_key_path | default(False)
- name: "Enable including files from sudoers.d/"
lineinfile:
path: "/etc/sudoers"
regexp: "^#includedir /etc/sudoers.d"
line: "#includedir /etc/sudoers.d"
state: "present"
backup: True
when: user_enable_passwordless_sudo
- name: Disable sudoers.d
lineinfile:
path: "/etc/sudoers"
regexp: "^#includedir /etc/sudoers.d"
line: "#includedir /etc/sudoers.d"
state: "absent"
backup: True
when: user_enable_passwordless_sudo == False
- name: "Enable passwordless sudo"
copy:
content: "%{{ user_name }} ALL=(ALL) NOPASSWD:ALL"
dest: "/etc/sudoers.d/{{ user_name }}"
owner: "root"
group: "root"
mode: "0440"
when: user_enable_passwordless_sudo