users/tasks/main.yml

59 lines
1.6 KiB
YAML
Raw Permalink Normal View History

2018-01-07 17:13:37 +00:00
---
- name: Create and configure users
2018-01-07 17:13:37 +00:00
user:
name: '{{ item.name }}'
shell: '{{ item.shell | default("/bin/bash") }}'
password: '{{ item.password | default(omit) }}'
update_password: on_create
groups: '{{ item.groups | default([]) }}'
state: '{{ item.state | default("present") }}'
with_items: '{{ users }}'
- name: Ensure .ssh directory
file:
dest: '{% if item.name != "root" %}/home{% endif %}/{{ item.name }}/.ssh'
2018-01-07 17:13:37 +00:00
state: directory
mode: 0700
owner: '{{ item.name }}'
group: '{{ item.name }}'
with_items: '{{ users }}'
- name: Install SSH keys for user
2018-01-07 17:13:37 +00:00
copy:
content: '{{ item.ssh_key }}'
dest: '{% if item.name != "root" %}/home{% endif %}/{{ item.name }}/.ssh/authorized_keys'
mode: 0600
2018-01-07 17:13:37 +00:00
owner: '{{ item.name }}'
group: '{{ item.name }}'
when: item.ssh_key is defined
with_items: '{{ users }}'
- name: Install Github SSH keys for user
get_url:
url: 'https://github.com/{{ item.github_key_user }}.keys'
dest: '{% if item.name != "root" %}/home{% endif %}/{{ item.name }}/.ssh/authorized_keys'
force: yes
mode: 0600
owner: '{{ item.name }}'
group: '{{ item.name }}'
when: item.github_key_user is defined and item.ssh_key is not defined
with_items: '{{ users }}'
- name: Set up sudo access for user
copy:
content: |
{{ item.name }} ALL=(ALL) NOPASSWD: ALL
dest: '/etc/sudoers.d/{{ item.name }}'
when: item.sudo is defined and item.sudo
with_items: '{{ users }}'
- name: Revoke sudo access for user
file:
dest: '/etc/sudoers.d/{{ item.name }}'
state: absent
when: item.sudo is not defined or not item.sudo
with_items: '{{ users }}'
...