feat: use ansible block

2025-03-31 18:19:09 +02:00 · 2025-03-31 18:19:09 +02:00 · b5c819fb27
commit b5c819fb27
parent 7d762d095d
12 changed files with 399 additions and 424 deletions
--- a/tasks/user.yaml
+++ b/tasks/user.yaml
@ -1,81 +1,74 @@
 ---

-# manage facts
- name: "user - set default facts for {{ __user['username'] }}"
-  ansible.builtin.set_fact:
-    sudo_hosts: "{{ __user['hosts'] | default('all') }}"
-    sudo_file: "{{ __user['sudo'] | default('False') }}"
-    sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
-    user_state: "{{ __user['state'] | default('present') }}"
-  tags:
-    - "usermanagement"
+# manage users
+- name: "manage users"
+  block:

-# create users
- name: "user - create users with password - {{ __user['username'] }}"
-  ansible.builtin.user:
-    name: "{{ __user['username'] }}"
-    comment: "{{ __user['name'] }}"
-    password: "{{ __user['password'] }}"
-    shell: "{{ __user['shell'] | default('/bin/bash') }}"
-    state: "present"
-  when:
-    - "__user['password'] is defined"
-    - "user_state == 'present'"
-  tags:
-    - "usermanagement"
+    # manage facts
+    - name: "user - set default facts for {{ __user['username'] }}"
+      ansible.builtin.set_fact:
+        sudo_hosts: "{{ __user['hosts'] | default('all') }}"
+        sudo_file: "{{ __user['sudo'] | default('False') }}"
+        sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
+        user_state: "{{ __user['state'] | default('present') }}"

- name: "user - create users withouth password - {{ __user['username'] }}"
-  ansible.builtin.user:
-    name: "{{ __user['username'] }}"
-    comment: "{{ __user['name'] }}"
-    shell: "{{ __user['shell'] | default('/bin/bash') }}"
-    state: "state"
-  when:
-    - "__user['password'] is not defined"
-    - "user_state == 'present'"
-  tags:
-    - "usermanagement"
+    # create users
+    - name: "user - create users with password - {{ __user['username'] }}"
+      ansible.builtin.user:
+        name: "{{ __user['username'] }}"
+        comment: "{{ __user['name'] }}"
+        password: "{{ __user['password'] }}"
+        shell: "{{ __user['shell'] | default('/bin/bash') }}"
+        state: "present"
+      when:
+        - "__user['password'] is defined"
+        - "user_state == 'present'"

-# manage authorized_keys
- name: "user - manage authorized_keys - {{ __user['username'] }}"
-  ansible.posix.authorized_key:
-    user: "{{ __user['username'] }}"
-    key: "{{ __user['publickey'] }}"
-    state: "present"
-    manage_dir: "true"
-  when:
-    - "__user['publickey'] is defined"
-  tags:
-    - "usermanagement"
+    - name: "user - create users withouth password - {{ __user['username'] }}"
+      ansible.builtin.user:
+        name: "{{ __user['username'] }}"
+        comment: "{{ __user['name'] }}"
+        shell: "{{ __user['shell'] | default('/bin/bash') }}"
+        state: "state"
+      when:
+        - "__user['password'] is not defined"
+        - "user_state == 'present'"

-# delete users
- name: "user - delete users - {{ __user['username'] }}"
-  ansible.builtin.user:
-    name: "{{ __user['username'] }}"
-    state: "absent"
-    remove: "yes"
-  when: "user_state == 'absent'"
-  tags:
-    - "usermanagement"
+    # manage authorized_keys
+    - name: "user - manage authorized_keys - {{ __user['username'] }}"
+      ansible.posix.authorized_key:
+        user: "{{ __user['username'] }}"
+        key: "{{ __user['publickey'] }}"
+        state: "present"
+        manage_dir: "true"
+      when:
+        - "__user['publickey'] is defined"

-# manage sudoers file
- name: "user - create sudoers file - {{ __user['username'] }}"
-  ansible.builtin.template:
-    src: "templates/usermanagement/sudoers.d/sudoers.j2"
-    dest: "/etc/sudoers.d/{{ __user['username'] }}"
-    owner: "root"
-    group: "root"
-    mode: "0644"
-  when:
-    - "sudo_file"
-  tags:
-    - "usermanagement"
+    # delete users
+    - name: "user - delete users - {{ __user['username'] }}"
+      ansible.builtin.user:
+        name: "{{ __user['username'] }}"
+        state: "absent"
+        remove: "yes"
+      when: "user_state == 'absent'"
+
+    # manage sudoers file
+    - name: "user - create sudoers file - {{ __user['username'] }}"
+      ansible.builtin.template:
+        src: "templates/usermanagement/sudoers.d/sudoers.j2"
+        dest: "/etc/sudoers.d/{{ __user['username'] }}"
+        owner: "root"
+        group: "root"
+        mode: "0644"
+      when:
+        - "sudo_file"
+
+    - name: "user - delete sudoers file - {{ __user['username'] }}"
+      ansible.builtin.file:
+        state: "absent"
+        path: "/etc/sudoers.d/{{ __user['username'] }}"
+      when:
+        - "not sudo_file"

- name: "user - delete sudoers file - {{ __user['username'] }}"
-  ansible.builtin.file:
-    state: "absent"
-    path: "/etc/sudoers.d/{{ __user['username'] }}"
-  when:
-    - "not sudo_file"
  tags:
    - "usermanagement"