40 lines
1.4 KiB
YAML
40 lines
1.4 KiB
YAML
---
|
|
# roles/core_users/tasks/main.yml
|
|
|
|
# requires python3-jmespath to run (pipx inject ansible-core jmespath)
|
|
|
|
- name: Ensure groups exist
|
|
ansible.builtin.group:
|
|
name: "{{ group_item.name }}"
|
|
state: "{{ group_item.state | default('present') }}"
|
|
gid: "{{ group_item.gid | default(omit) }}"
|
|
system: "{{ group_item.system | default(omit) }}"
|
|
loop: "{{ core_groups }}"
|
|
loop_control:
|
|
loop_var: group_item
|
|
when: core_groups is defined
|
|
|
|
- name: Ensure users exist
|
|
ansible.builtin.user:
|
|
name: "{{ user_item.name }}"
|
|
state: "{{ user_item.state | default('present') }}"
|
|
password: "{{ user_item.password | default(omit) }}"
|
|
shell: "{{ user_item.shell | default('/bin/bash') }}"
|
|
system: "{{ user_item.system | default(omit) }}"
|
|
uid: "{{ user_item.uid | default(omit) }}"
|
|
group: "{{ user_item.group | default(omit) }}"
|
|
groups: "{{ user_item.groups | default(omit) }}"
|
|
append: "{{ user_item.append | default(omit) }}"
|
|
create_home: "{{ user_item.create_home | default(omit) }}"
|
|
home: "{{ user_item.home | default(omit) }}"
|
|
loop: "{{ core_users }}"
|
|
loop_control:
|
|
loop_var: user_item
|
|
when: core_users is defined
|
|
|
|
- name: Authorized keys
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.0.name }}"
|
|
state: present
|
|
key: "{{ lookup('file', ssh_keys_dir+'/'+item.1+'.pub') }}"
|
|
loop: "{{ query('subelements', core_users, 'authorized_keys', {'skip_missing': True}) }}"
|