Select Git revision
.gitlab-ci.yml
main.yml 1.88 KiB
---
- name: Make sure groups exist
group:
name: "{{ item.groups }}"
state: present
with_items: "{{ human_users }}"
when: ( item.groups is defined )
become: true
- name: Make sure extra groups exist
group:
name: "{{ item.extra_groups }}"
state: present
with_items: "{{ human_users }}"
when: ( item.extra_groups is defined )
become: true
- name: Create user accounts
user:
name: "{{ item.name }}"
shell: "{{ item.shell | default('/bin/sh') }}"
password_lock: true
with_items: "{{ human_users }}"
become: true
- name: make user sudo if
ansible.builtin.template:
src: etc/sudoers.d/sudoers-user-file.jinja2
dest: /etc/sudoers.d/{{ item.name }}
owner: root
group: root
mode: 0440
validate: /usr/sbin/visudo -cf %s
when: ( item.sudo = true )
with_items: "{{ human_users }}"
- name: Add user to groups
user:
name: "{{ item.name }}"
groups: "{{ item.groups }}"
append: false
with_items: "{{ human_users }}"
when: ( item.groups is defined )
become: true
- name: Add user to additional groups
user:
name: "{{ item.name }}"
groups: "{{ item.extra_groups }}"
append: true
with_items: "{{ human_users }}"
when: ( item.extra_groups is defined )
become: true
- name: Delete absent user accounts
user:
name: "{{ item }}"
state: absent
force: true
remove: true
with_items: "{{ absent_users }}"
become: true
- name: Authorize personal SSH keys from file
authorized_key:
user: "{{ item.name }}"
key: "{{ lookup('file', item.ssh_key_file, errors='warn') }}"
state: present
with_items: "{{ human_users }}"
when: ( item.ssh_key_file is defined )