diff --git a/tasks/user.yaml b/tasks/user.yaml index 10fec4f..eba191b 100644 --- a/tasks/user.yaml +++ b/tasks/user.yaml @@ -1,65 +1,70 @@ --- -# manage facts -- name: "user - set default facts for {{ __user['username'] }}" - ansible.builtin.set_fact: - sudo_hosts: "{{ __user['hosts'] | default('all') }}" - sudo_file: "{{ __user['sudo'] | default('False') }}" - sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}" - user_state: "{{ __user['state'] | default('present') }}" +# manage users +- name: "manage users" + tags: "usermanagement" + block: -# create user with password -- name: "user - create users with password - {{ __user['username'] }}" - ansible.builtin.user: - name: "{{ __user['username'] }}" - comment: "{{ __user['name'] }}" - password: "{{ __user['password'] }}" - shell: "{{ __user['shell'] | default('/bin/bash') }}" - state: "present" - when: - - "__user['password'] is defined" - - "user_state == 'present'" + # manage facts + - name: "user - set default facts for {{ __user['username'] }}" + ansible.builtin.set_fact: + sudo_hosts: "{{ __user['hosts'] | default('all') }}" + sudo_file: "{{ __user['sudo'] | default('False') }}" + sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}" + user_state: "{{ __user['state'] | default('present') }}" -# create user without password -- name: "user - create users without password - {{ __user['username'] }}" - ansible.builtin.user: - name: "{{ __user['username'] }}" - comment: "{{ __user['name'] }}" - shell: "{{ __user['shell'] | default('/bin/bash') }}" - state: "{{ user_state }}" - when: - - "__user['password'] is not defined" - - "user_state == 'present'" + # create user with password + - name: "user - create users with password - {{ __user['username'] }}" + ansible.builtin.user: + name: "{{ __user['username'] }}" + comment: "{{ __user['name'] }}" + password: "{{ __user['password'] }}" + shell: "{{ __user['shell'] | default('/bin/bash') }}" + state: "present" + when: + - "__user['password'] is defined" + - "user_state == 'present'" -# manage authorized_keys -- name: "user - manage authorized_keys - {{ __user['username'] }}" - ansible.posix.authorized_key: - user: "{{ __user['username'] }}" - key: "{{ __user['publickey'] }}" - state: "present" - manage_dir: "true" - when: "__user['publickey'] is defined" + # create user without password + - name: "user - create users without password - {{ __user['username'] }}" + ansible.builtin.user: + name: "{{ __user['username'] }}" + comment: "{{ __user['name'] }}" + shell: "{{ __user['shell'] | default('/bin/bash') }}" + state: "{{ user_state }}" + when: + - "__user['password'] is not defined" + - "user_state == 'present'" -# delete users -- name: "user - delete users - {{ __user['username'] }}" - ansible.builtin.user: - name: "{{ __user['username'] }}" - state: "absent" - remove: true - when: "user_state == 'absent'" + # manage authorized_keys + - name: "user - manage authorized_keys - {{ __user['username'] }}" + ansible.posix.authorized_key: + user: "{{ __user['username'] }}" + key: "{{ __user['publickey'] }}" + state: "present" + manage_dir: "true" + when: "__user['publickey'] is defined" -# manage sudoers file -- name: "user - create sudoers file - {{ __user['username'] }}" - ansible.builtin.template: - src: "templates/usermanagement/sudoers.d/sudoers.j2" - dest: "/etc/sudoers.d/{{ __user['username'] }}" - owner: "root" - group: "root" - mode: "0644" - when: "sudo_file" + # delete users + - name: "user - delete users - {{ __user['username'] }}" + ansible.builtin.user: + name: "{{ __user['username'] }}" + state: "absent" + remove: true + when: "user_state == 'absent'" -- name: "user - delete sudoers file - {{ __user['username'] }}" - ansible.builtin.file: - state: "absent" - path: "/etc/sudoers.d/{{ __user['username'] }}" - when: "not sudo_file" + # manage sudoers file + - name: "user - create sudoers file - {{ __user['username'] }}" + ansible.builtin.template: + src: "templates/usermanagement/sudoers.d/sudoers.j2" + dest: "/etc/sudoers.d/{{ __user['username'] }}" + owner: "root" + group: "root" + mode: "0644" + when: "sudo_file" + + - name: "user - delete sudoers file - {{ __user['username'] }}" + ansible.builtin.file: + state: "absent" + path: "/etc/sudoers.d/{{ __user['username'] }}" + when: "not sudo_file"