homeserver/roles/mgrote_users/tasks/main.yml
Michael Grote 3b4ceba56d
Some checks failed
ci/woodpecker/push/gitleaks Pipeline was successful
ci/woodpecker/push/ansible-lint Pipeline failed
d
2024-08-19 23:07:10 +02:00

44 lines
1.4 KiB
YAML

---
- name: set groups as list
ansible.builtin.set_fact:
groups_as_list: "{{ (groups_as_list | default([]) + item.groups.split(',')) | map('trim') | list | sort | unique }}"
loop: '{{ users }}'
when: item.groups is defined
ignore_errors: true
- name: create groups
ansible.builtin.group:
name: "{{ item }}"
state: present
loop: "{{ groups_as_list }}"
when: groups_as_list is defined
- name: create users
ansible.builtin.user:
name: "{{ item.username }}"
uid: "{{ item.uid | default(omit) }}"
shell: "{{ item.shell | default('/bin/bash') }}"
password: "{{ item.password }}"
update_password: "{{ item.update_password | default(omit) }}"
groups: "{{ item.groups | default(omit) }}"
createhome: "{{ item.createhome | default('yes') }}"
state: "{{ item.state | default('present') }}"
loop: '{{ users }}'
- name: add ssh key
ansible.posix.authorized_key:
user: "{{ item.username }}"
key: "{{ item.public_ssh_key }}"
state: present
when: item.public_ssh_key is defined
loop: '{{ users }}'
- name: add to sudoers
ansible.builtin.lineinfile:
dest: /etc/sudoers
state: present
regexp: '^{{ item.username }} '
line: "{{ item.username }} ALL=(ALL) {{ 'NOPASSWD:' if (item.allow_passwordless_sudo | d(false)) else '' }}ALL"
validate: 'visudo -cf %s'
when: item.allow_sudo|default(false) and item.allow_sudo is defined
loop: '{{ users }}'