summaryrefslogtreecommitdiff
path: root/roles/unix_users/tasks/main.yml
blob: 76816322c87bfd9aab2ebc6350ddeef817edb1e7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
- name: "check unix_users_version"
  shell: |
    [ "{{ unix_users_version }}" = "0" ] || \
      (echo "Unexpected version {{ unix_users_version }}" 1>&2; exit 1)

- name: create system users
  with_items: "{{ unix_users }}"
  user:
    name: "{{ item.username }}"
    comment: "{{ item.comment|default('unnamed user') }}"
    shell: "{{ item.shell|default('/bin/bash') }}"
    system: "{{ item.system|default('no') }}"

- name: set password for users
  with_items: "{{ unix_users }}"
  when: item.password is defined
  user:
    name: "{{ item.username }}"
    password: "{{ item.password }}"

- name: create ~/.ssh for each user
  with_items: "{{ unix_users }}"
  when: item.ssh_key is defined or item.ssh_key_pub is defined or item.authorized_keys is defined
  file:
    state: directory
    path: "/home/{{ item.username }}/.ssh"
    owner: "{{ item.username }}"
    group: "{{ item.username }}"
    mode: 0755

- name: install ssh private keys
  with_items: "{{ unix_users }}"
  when: item.ssh_key is defined
  copy:
    content: "{{ item.ssh_key }}"
    dest: "/home/{{ item.username }}/.ssh/id_rsa"
    owner: "{{ item.username }}"
    group: "{{ item.username }}"
    mode: 0600

- name: install ssh public keys
  with_items: "{{ unix_users }}"
  when: item.ssh_key_pub is defined
  copy:
    content: "{{ item.ssh_key_pub }}"
    dest: "/home/{{ item.username }}/.ssh/id_rsa.pub"
    owner: "{{ item.username }}"
    group: "{{ item.username }}"
    mode: 0600

- name: add keys to authorized_keys (deprecated way)
  with_items: "{{ unix_users }}"
  when: authkeys_dir != None
  authorized_key:
    user: "{{ item.username }}"
    key: "{{ lookup('file', authkeys_dir + '/' + item.username) }}"

- name: add keys to authorized_keys (new way)
  with_items: "{{ unix_users }}"
  when: item.authorized_keys is defined
  authorized_key:
    user: "{{ item.username }}"
    key: "{{ item.authorized_keys }}"

- name: give sudo access
  with_items: "{{ unix_users }}"
  when: item.sudo is defined and item.sudo
  copy:
    content: "{{ item.username }} ALL=(ALL:ALL) NOPASSWD: ALL"
    dest: "/etc/sudoers.d/{{ item.username }}"
    owner: root
    group: root
    mode: 0600