89 lines
2.4 KiB
YAML
89 lines
2.4 KiB
YAML
---
|
|
- name: Create default users
|
|
user:
|
|
name: "{{ item.name }}"
|
|
shell: "{{ item.shell | default('/usr/sbin/nologin') }}"
|
|
groups: "{{ (item.secondary_groups | default('')) | join(',') }}"
|
|
comment: "{{ item.comment | default('') }}"
|
|
home: "{{ item.home }}"
|
|
generate_ssh_key: yes
|
|
ssh_key_type: ed25519
|
|
ssh_key_bits: 256
|
|
ssh_key_file: .ssh/id_ed25519
|
|
create_home: "yes"
|
|
state: "{{ item.state | default('present') }}"
|
|
remove: "yes"
|
|
loop: "{{ default_users }}"
|
|
when: item.state is not defined or item.state != "absent"
|
|
tags:
|
|
- create_default
|
|
|
|
- name: Add authorized_keys for default users
|
|
ansible.builtin.template:
|
|
src: authorized_keys.j2
|
|
dest: "{{ item.home }}/.ssh/authorized_keys"
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: '0640'
|
|
loop: "{{ default_users }}"
|
|
when: item.authorized_keys is defined and (item.state is not defined or item.state != "absent")
|
|
tags:
|
|
- create
|
|
|
|
- name: Create users
|
|
user:
|
|
name: "{{ item.name }}"
|
|
shell: "{{ item.shell | default('/usr/sbin/nologin') }}"
|
|
groups: "{{ (item.secondary_groups | default('')) | join(',') }}"
|
|
comment: "{{ item.comment | default('') }}"
|
|
uid: "{{ item.uid | default(omit) }}"
|
|
home: "{{ item.home }}"
|
|
generate_ssh_key: yes
|
|
ssh_key_type: ed25519
|
|
ssh_key_bits: 256
|
|
ssh_key_file: .ssh/id_ed25519
|
|
create_home: "yes"
|
|
state: "{{ item.state | default('present') }}"
|
|
remove: "yes"
|
|
loop: "{{ users }}"
|
|
when: item.state is not defined or item.state != "absent"
|
|
tags:
|
|
- create
|
|
|
|
|
|
- name: Add .bashrc
|
|
ansible.builtin.copy:
|
|
src: bashrc
|
|
dest: "{{ item.home }}/.bashrc"
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: '0640'
|
|
loop: "{{ users }}"
|
|
when: item.state is not defined or item.state != "absent"
|
|
tags:
|
|
- create
|
|
|
|
- name: Add authorized_keys
|
|
ansible.builtin.template:
|
|
src: authorized_keys.j2
|
|
dest: "{{ item.home }}/.ssh/authorized_keys"
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: '0640'
|
|
loop: "{{ users }}"
|
|
when: item.authorized_keys is defined and (item.state is not defined or item.state != "absent")
|
|
tags:
|
|
- create
|
|
|
|
- name: Remove users
|
|
user:
|
|
name: "{{ item.name }}"
|
|
state: "{{ item.state | default('absent') }}"
|
|
remove: "yes"
|
|
loop: "{{ users }}"
|
|
when: item.state is defined and item.state == "absent"
|
|
tags:
|
|
- remove
|
|
|
|
|