diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-04-12 18:11:07 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-04-12 18:11:07 +0300 |
commit | 5df713fefd62a8ef392944a39f35c4324a73b910 (patch) | |
tree | 7509f6e2cc208ee59fdf7687dce0e2d813df40db /roles | |
parent | 39e48621be51ac5a7173860c1985b40c74780279 (diff) | |
download | debian-ansible-5df713fefd62a8ef392944a39f35c4324a73b910.tar.gz |
Add a role to create Unix system users
Including setting authorized_keys, and passwordless sudo access.
Diffstat (limited to 'roles')
-rw-r--r-- | roles/unix_users/README | 3 | ||||
-rw-r--r-- | roles/unix_users/defaults/main.yml | 21 | ||||
-rw-r--r-- | roles/unix_users/tasks/main.yml | 23 |
3 files changed, 47 insertions, 0 deletions
diff --git a/roles/unix_users/README b/roles/unix_users/README new file mode 100644 index 0000000..f16f873 --- /dev/null +++ b/roles/unix_users/README @@ -0,0 +1,3 @@ +This role creates Unix system users (i.e., ones listed in +`/etc/passwd`, traditionally). To use this role, define a variable +`system_users`, see `defaults/main.yml` for details. diff --git a/roles/unix_users/defaults/main.yml b/roles/unix_users/defaults/main.yml new file mode 100644 index 0000000..d79958e --- /dev/null +++ b/roles/unix_users/defaults/main.yml @@ -0,0 +1,21 @@ +# List of system users to create. Value a list of dicts with keys: +# +# username -- the username of the new user +# comment -- the GECOS/realname of the new user +# shell -- the shell to use (defaults to /bin/bash) +# system -- yes/no, is user a system user (default no) +# sudo -- yes/no, should user have sudo access? (without password) +# + +unix_users: [] + + +# Specify directory where per-user authorized_keys files are stored. +# Each user has their own file in the directory, named after their +# username. You MUST specify this variable. You may put more than one +# key in each user's file. +# +# You MUST create a file for each user in unix_users. An empty file +# will do. + +authkeys_dir: / diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml new file mode 100644 index 0000000..ad9095f --- /dev/null +++ b/roles/unix_users/tasks/main.yml @@ -0,0 +1,23 @@ +- name: create system users + with_items: "{{ unix_users }}" + user: + name: "{{ item.username }}" + comment: "{{ item.comment|default('unnamed user') }}" + shell: "{{ item.shell|default('/bin/bash') }}" + system: "{{ item.system|default('no') }}" + +- name: add keys to authorized_keys + with_items: "{{ unix_users }}" + authorized_key: + user: "{{ item.username }}" + key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}" + +- name: give sudo access + with_items: "{{ unix_users }}" + when: "{{ item.sudo|default(False) }}" + copy: + content: "{{ item.username }} ALL=(ALL:ALL) NOPASSWD: ALL" + dest: "/etc/sudoers.d/{{ item.username }}" + owner: root + group: root + mode: 0600 |