-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy path_system_users.yml
58 lines (48 loc) · 1.72 KB
/
_system_users.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
---
- name: Create system users
block:
# - debug:
# msg: "Adding {{user.name}} to {{ inventory_hostname }}"
# msg: "Adding {{user.name}} to {{ inventory_hostname }} ]] {{user.group_names}} / {{group_names}} --> {{user.group_names | intersect(group_names)|length }}"
- name: Add {{user.name }} user to hosts
become: true
user:
name: "{{ user.name }}"
uid: "{{ user.uid }}"
shell: "{{ user.shell }}"
group: "{{ user.group }}"
groups: "{{ user.groups | default('') }}"
create_home: "{{ user.create_home }}"
- name: ssh keys available for {{ user.name }}
become: false
local_action: stat path=files/ssh/{{ user.name }}/authorized_keys.vault
register: ssh_keys_file
# - debug:
# msg: "ssh key stat files/ssh/{{ user.name }}_authorized_keys.vault /{{ ssh_keys_file }}"
- name: Create ssh dir for {{user.name}}
file:
dest: ~{{ user.name }}/.ssh/
state: directory
owner: "{{ user.name }}"
group: "{{ user.group }}"
mode: 0700
when: ssh_keys_file.stat.exists
- name: Copy {{user.name}} ssh keys to host
copy:
src: files/ssh/{{ user.name }}/authorized_keys.vault
dest: ~{{ user.name }}/.ssh/authorized_keys
owner: "{{ user.name }}"
group: "{{ user.group }}"
mode: 0600
when: ssh_keys_file.stat.exists
- name: setup sudoers file
template:
src: files/sudoers/sudoers
dest: /etc/sudoers
backup: yes
owner: root
group: root
mode: 0440
validate: /usr/sbin/visudo -cf %s
when: (user.group_names | intersect(group_names)|length) or
(user.group_names[0] == 'all')