2018-01-07 17:13:37 +00:00
|
|
|
---
|
|
|
|
|
2018-01-07 17:34:00 +00:00
|
|
|
- name: Create and configure users
|
2018-01-07 17:13:37 +00:00
|
|
|
user:
|
|
|
|
name: '{{ item.name }}'
|
|
|
|
shell: '{{ item.shell | default("/bin/bash") }}'
|
|
|
|
password: '{{ item.password | default(omit) }}'
|
|
|
|
update_password: on_create
|
|
|
|
groups: '{{ item.groups | default([]) }}'
|
|
|
|
state: '{{ item.state | default("present") }}'
|
|
|
|
with_items: '{{ users }}'
|
|
|
|
|
|
|
|
- name: Ensure .ssh directory
|
|
|
|
file:
|
2018-01-07 17:28:54 +00:00
|
|
|
dest: '{% if item.name != "root" %}/home{% endif %}/{{ item.name }}/.ssh'
|
2018-01-07 17:13:37 +00:00
|
|
|
state: directory
|
|
|
|
mode: 0700
|
|
|
|
owner: '{{ item.name }}'
|
|
|
|
group: '{{ item.name }}'
|
|
|
|
with_items: '{{ users }}'
|
|
|
|
|
2018-01-07 17:34:00 +00:00
|
|
|
- name: Install SSH keys for user
|
2018-01-07 17:13:37 +00:00
|
|
|
copy:
|
|
|
|
content: '{{ item.ssh_key }}'
|
2018-01-07 17:28:54 +00:00
|
|
|
dest: '{% if item.name != "root" %}/home{% endif %}/{{ item.name }}/.ssh/authorized_keys'
|
2018-01-07 17:20:42 +00:00
|
|
|
mode: 0600
|
2018-01-07 17:13:37 +00:00
|
|
|
owner: '{{ item.name }}'
|
|
|
|
group: '{{ item.name }}'
|
|
|
|
when: item.ssh_key is defined
|
|
|
|
with_items: '{{ users }}'
|
2018-01-07 17:20:42 +00:00
|
|
|
|
|
|
|
- name: Install Github SSH keys for user
|
|
|
|
get_url:
|
|
|
|
url: 'https://github.com/{{ item.github_key_user }}.keys'
|
2018-01-07 17:28:54 +00:00
|
|
|
dest: '{% if item.name != "root" %}/home{% endif %}/{{ item.name }}/.ssh/authorized_keys'
|
2018-01-07 17:24:08 +00:00
|
|
|
force: yes
|
2018-01-07 17:20:42 +00:00
|
|
|
mode: 0600
|
|
|
|
owner: '{{ item.name }}'
|
|
|
|
group: '{{ item.name }}'
|
|
|
|
when: item.github_key_user is defined and item.ssh_key is not defined
|
|
|
|
with_items: '{{ users }}'
|
2018-01-07 17:40:34 +00:00
|
|
|
|
|
|
|
- name: Set up sudo access for user
|
|
|
|
copy:
|
|
|
|
content: |
|
|
|
|
{{ item.name }} ALL=(ALL) NOPASSWD: ALL
|
|
|
|
dest: '/etc/sudoers.d/{{ item.name }}'
|
|
|
|
when: item.sudo is defined and item.sudo
|
|
|
|
with_items: '{{ users }}'
|
|
|
|
|
|
|
|
- name: Revoke sudo access for user
|
|
|
|
file:
|
|
|
|
dest: '/etc/sudoers.d/{{ item.name }}'
|
|
|
|
state: absent
|
|
|
|
when: item.sudo is not defined or not item.sudo
|
|
|
|
with_items: '{{ users }}'
|
|
|
|
|
|
|
|
...
|