Select Git revision
main.yml 2.04 KiB
---
- name: Make sure groups exist
group:
name: "{{ item.groups }}"
state: present
with_items: "{{ human_users }}"
when: ( item.groups is defined )
become: true
- name: Make sure extra groups exist
group:
name: "{{ item.extra_groups }}"
state: present
with_items: "{{ human_users }}"
when: ( item.extra_groups is defined )
become: true
- name: Create user accounts
user:
name: "{{ item.name }}"
shell: "{{ item.shell | default('/bin/sh') }}"
password: "{% if item.sudo == false %}{{ item.password }}{% endif %}"
password_lock: "{{ item.sudo }}"
with_items: "{{ human_users }}"
become: true
- name: Make user sudo if variables say so
ansible.builtin.template:
src: etc/sudoers.d/sudoers-user-file.jinja2
dest: /etc/sudoers.d/{{ item.name }}
owner: root
group: root
mode: 0440
validate: /usr/sbin/visudo -cf %s
when:
- ( item.sudo is defined)
- ( item.sudo is true )
with_items: "{{ human_users }}"
become: true
- name: Add user to groups
user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
append: false
with_items: "{{ human_users }}"
when: ( item.groups is defined )
become: true
- name: Add user to additional groups
user:
name: "{{ item.name }}"
groups: "{{ item.extra_groups }}"
append: true
with_items: "{{ human_users }}"
when: ( item.extra_groups is defined )
become: true
- name: Delete absent user accounts
user:
name: "{{ item }}"
state: absent
force: true
remove: true
with_items: "{{ absent_users }}"
become: true
- name: Authorize personal SSH keys from file
authorized_key:
user: "{{ item.name }}"