- name: "check unix_users_version" shell: | [ "{{ unix_users_version }}" = "0" ] || \ (echo "Unexpected version {{ unix_users_version }}" 1>&2; exit 1) - name: create system users with_items: "{{ unix_users }}" user: name: "{{ item.username }}" comment: "{{ item.comment|default('unnamed user') }}" shell: "{{ item.shell|default('/bin/bash') }}" system: "{{ item.system|default('no') }}" - name: set password for users with_items: "{{ unix_users }}" when: item.password is defined user: name: "{{ item.username }}" password: "{{ item.password }}" - name: create ~/.ssh for each user with_items: "{{ unix_users }}" when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined file: state: directory path: "/home/{{ item.username }}/.ssh" owner: "{{ item.username }}" group: "{{ item.username }}" mode: 0755 - name: install ssh private keys with_items: "{{ unix_users }}" when: item.ssh_key is defined copy: content: "{{ item.ssh_key }}" dest: "/home/{{ item.username }}/.ssh/id_rsa" owner: "{{ item.username }}" group: "{{ item.username }}" mode: 0600 - name: install ssh public keys with_items: "{{ unix_users }}" when: item.ssh_key_pub is defined copy: content: "{{ item.ssh_key_pub }}" dest: "/home/{{ item.username }}/.ssh/id_rsa.pub" owner: "{{ item.username }}" group: "{{ item.username }}" mode: 0600 - name: add keys to authorized_keys (deprecated way) with_items: "{{ unix_users }}" when: authkeys_dir != None authorized_key: user: "{{ item.username }}" key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}" - name: add keys to authorized_keys (new way) with_items: "{{ unix_users }}" when: item.authorized_keys is defined authorized_key: user: "{{ item.username }}" key: "{{ item.authorized_keys }}" - name: give sudo access with_items: "{{ unix_users }}" when: item.sudo is defined and item.sudo copy: content: "{{ item.username }} ALL=(ALL:ALL) NOPASSWD: ALL" dest: "/etc/sudoers.d/{{ item.username }}" owner: root group: root mode: 0600