feat: fix users loop

2025-07-14 15:01:39 +02:00 · 2025-07-14 15:01:39 +02:00 · 3468418f94
commit 3468418f94
parent 376f7148ed
2 changed files with 60 additions and 66 deletions
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@ -180,6 +180,9 @@
 - name: "user - create users"
  ansible.builtin.include_tasks: "user.yaml"
  tags: "usermanagement"
  loop: "{{ users }}"
  loop_control:
    loop_var: "__user"
 # firewall
 - name: "firewall"
--- a/tasks/user.yaml
+++ b/tasks/user.yaml
@ -1,74 +1,65 @@
 ---
-# manage users
+# manage facts
- name: "manage users"
+- name: "user - set default facts for {{ __user['username'] }}"
-  tags: "usermanagement"
+  ansible.builtin.set_fact:
-  loop: "{{ user }}"
+    sudo_hosts: "{{ __user['hosts'] | default('all') }}"
-  loop_control:
+    sudo_file: "{{ __user['sudo'] | default('False') }}"
-    loop_var: "__user"
+    sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
    user_state: "{{ __user['state'] | default('present') }}"
-  block:
+# create user with password
 - name: "user - create users with password - {{ __user['username'] }}"
  ansible.builtin.user:
    name: "{{ __user['username'] }}"
    comment: "{{ __user['name'] }}"
    password: "{{ __user['password'] }}"
    shell: "{{ __user['shell'] | default('/bin/bash') }}"
    state: "present"
  when:
    - "__user['password'] is defined"
    - "user_state == 'present'"
-    # manage facts
+# create user without password
-    - name: "user - set default facts for {{ __user['username'] }}"
+- name: "user - create users without password - {{ __user['username'] }}"
-      ansible.builtin.set_fact:
+  ansible.builtin.user:
-        sudo_hosts: "{{ __user['hosts'] | default('all') }}"
+    name: "{{ __user['username'] }}"
-        sudo_file: "{{ __user['sudo'] | default('False') }}"
+    comment: "{{ __user['name'] }}"
-        sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
+    shell: "{{ __user['shell'] | default('/bin/bash') }}"
-        user_state: "{{ __user['state'] | default('present') }}"
+    state: "{{ user_state }}"
  when:
    - "__user['password'] is not defined"
    - "user_state == 'present'"
-    # create user with password
+# manage authorized_keys
-    - name: "user - create users with password - {{ __user['username'] }}"
+- name: "user - manage authorized_keys - {{ __user['username'] }}"
-      ansible.builtin.user:
+  ansible.posix.authorized_key:
-        name: "{{ __user['username'] }}"
+    user: "{{ __user['username'] }}"
-        comment: "{{ __user['name'] }}"
+    key: "{{ __user['publickey'] }}"
-        password: "{{ __user['password'] }}"
+    state: "present"
-        shell: "{{ __user['shell'] | default('/bin/bash') }}"
+    manage_dir: "true"
-        state: "present"
+  when: "__user['publickey'] is defined"
      when:
        - "__user['password'] is defined"
        - "user_state == 'present'"
-    # create user without password
+# delete users
-    - name: "user - create users without password - {{ __user['username'] }}"
+- name: "user - delete users - {{ __user['username'] }}"
-      ansible.builtin.user:
+  ansible.builtin.user:
-        name: "{{ __user['username'] }}"
+    name: "{{ __user['username'] }}"
-        comment: "{{ __user['name'] }}"
+    state: "absent"
-        shell: "{{ __user['shell'] | default('/bin/bash') }}"
+    remove: true
-        state: "{{ user_state }}"
+  when: "user_state == 'absent'"
      when:
        - "__user['password'] is not defined"
        - "user_state == 'present'"
-    # manage authorized_keys
+# manage sudoers file
-    - name: "user - manage authorized_keys - {{ __user['username'] }}"
+- name: "user - create sudoers file - {{ __user['username'] }}"
-      ansible.posix.authorized_key:
+  ansible.builtin.template:
-        user: "{{ __user['username'] }}"
+    src: "templates/usermanagement/sudoers.d/sudoers.j2"
-        key: "{{ __user['publickey'] }}"
+    dest: "/etc/sudoers.d/{{ __user['username'] }}"
-        state: "present"
+    owner: "root"
-        manage_dir: "true"
+    group: "root"
-      when: "__user['publickey'] is defined"
+    mode: "0644"
  when: "sudo_file"
-    # delete users
+- name: "user - delete sudoers file - {{ __user['username'] }}"
-    - name: "user - delete users - {{ __user['username'] }}"
+  ansible.builtin.file:
-      ansible.builtin.user:
+    state: "absent"
-        name: "{{ __user['username'] }}"
+    path: "/etc/sudoers.d/{{ __user['username'] }}"
-        state: "absent"
+  when: "not sudo_file"
        remove: true
      when: "user_state == 'absent'"
    # manage sudoers file
    - name: "user - create sudoers file - {{ __user['username'] }}"
      ansible.builtin.template:
        src: "templates/usermanagement/sudoers.d/sudoers.j2"
        dest: "/etc/sudoers.d/{{ __user['username'] }}"
        owner: "root"
        group: "root"
        mode: "0644"
      when: "sudo_file"
    - name: "user - delete sudoers file - {{ __user['username'] }}"
      ansible.builtin.file:
        state: "absent"
        path: "/etc/sudoers.d/{{ __user['username'] }}"
      when: "not sudo_file"