ansible-core/roles/core_users/tasks/main.yml
2024-01-05 15:55:27 +01:00

40 lines
1.4 KiB
YAML

---
# roles/core_users/tasks/main.yml
# requires python3-jmespath to run (pipx inject ansible-core jmespath)
- name: Ensure groups exist
ansible.builtin.group:
name: "{{ group_item.name }}"
state: "{{ group_item.state | default('present') }}"
gid: "{{ group_item.gid | default(omit) }}"
system: "{{ group_item.system | default(omit) }}"
loop: "{{ core_groups }}"
loop_control:
loop_var: group_item
when: core_groups is defined
- name: Ensure users exist
ansible.builtin.user:
name: "{{ user_item.name }}"
state: "{{ user_item.state | default('present') }}"
password: "{{ user_item.password | default(omit) }}"
shell: "{{ user_item.shell | default('/bin/bash') }}"
system: "{{ user_item.system | default(omit) }}"
uid: "{{ user_item.uid | default(omit) }}"
group: "{{ user_item.group | default(omit) }}"
groups: "{{ user_item.groups | default(omit) }}"
append: "{{ user_item.append | default(omit) }}"
create_home: "{{ user_item.create_home | default(omit) }}"
home: "{{ user_item.home | default(omit) }}"
loop: "{{ core_users }}"
loop_control:
loop_var: user_item
when: core_users is defined
- name: Authorized keys
ansible.posix.authorized_key:
user: "{{ item.0.name }}"
state: present
key: "{{ lookup('file', ssh_keys_dir+'/'+item.1+'.pub') }}"
loop: "{{ query('subelements', core_users, 'authorized_keys', {'skip_missing': True}) }}"