blob: d948dc8b91edf612e7fa70dd2c6f6822a8be6310 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
- name: create system users
with_items: "{{ unix_users }}"
user:
name: "{{ item.username }}"
comment: "{{ item.comment|default('unnamed user') }}"
shell: "{{ item.shell|default('/bin/bash') }}"
system: "{{ item.system|default('no') }}"
- name: create ~/.ssh for each user
with_items: "{{ unix_users }}"
when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined
file:
state: directory
path: "/home/{{ item.username }}/.ssh"
owner: "{{ item.username }}"
group: "{{ item.username }}"
mode: 0755
- name: install ssh private keys
with_items: "{{ unix_users }}"
when: item.ssh_key is defined
copy:
content: "{{ item.ssh_key }}"
dest: "/home/{{ item.username }}/.ssh/id_rsa"
owner: "{{ item.username }}"
group: "{{ item.username }}"
mode: 0600
- name: install ssh public keys
with_items: "{{ unix_users }}"
when: item.ssh_key_pub is defined
copy:
content: "{{ item.ssh_key_pub }}"
dest: "/home/{{ item.username }}/.ssh/id_rsa.pub"
owner: "{{ item.username }}"
group: "{{ item.username }}"
mode: 0600
- name: add keys to authorized_keys (deprecated way)
with_items: "{{ unix_users }}"
when: authkeys_dir != None
authorized_key:
user: "{{ item.username }}"
key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}"
- name: add keys to authorized_keys (new way)
with_items: "{{ unix_users }}"
when: item.authorized_keys is defined
authorized_key:
user: "{{ item.username }}"
key: "{{ item.authorized_keys }}"
- name: give sudo access
with_items: "{{ unix_users }}"
when: "{{ item.sudo|default(False) }}"
copy:
content: "{{ item.username }} ALL=(ALL:ALL) NOPASSWD: ALL"
dest: "/etc/sudoers.d/{{ item.username }}"
owner: root
group: root
mode: 0600
|