ansible/common
ansible/common
1
0
Fork 0
Code Issues Pull requests Releases Activity
common/tasks/user.yaml
Simon Cornet 4a88a5b28d feat: move to dedicated repo
2024-11-22 11:13:16 +01:00

81 lines
2.2 KiB
YAML
Raw Blame History

---
# manage facts
- name: "user - set default facts for {{ __user['username'] }}"
ansible.builtin.set_fact:
sudo_hosts: "{{ __user['hosts'] | default('all') }}"
sudo_file: "{{ __user['sudo'] | default('False') }}"
sudo_pwless: "{{ __user['sudo_passwordless'] | default('False') }}"
user_state: "{{ __user['state'] | default('present') }}"
tags:
- "usermanagement"
# create users
- name: "user - create users with password - {{ __user['username'] }}"
ansible.builtin.user:
name: "{{ __user['username'] }}"
comment: "{{ __user['name'] }}"
password: "{{ __user['password'] }}"
shell: "{{ __user['shell'] | default('/bin/bash') }}"
state: "present"
when:
- "__user['password'] is defined"
- "user_state == 'present'"
tags:
- "usermanagement"
- name: "user - create users withouth password - {{ __user['username'] }}"
ansible.builtin.user:
name: "{{ __user['username'] }}"
comment: "{{ __user['name'] }}"
shell: "{{ __user['shell'] | default('/bin/bash') }}"
state: "state"
when:
- "__user['password'] is not defined"
- "user_state == 'present'"
tags:
- "usermanagement"
# manage authorized_keys
- name: "user - manage authorized_keys - {{ __user['username'] }}"
ansible.posix.authorized_key:
user: "{{ __user['username'] }}"
key: "{{ __user['publickey'] }}"
state: "present"
manage_dir: "true"
when:
- "__user['publickey'] is defined"
tags:
- "usermanagement"
# delete users
- name: "user - delete users - {{ __user['username'] }}"
ansible.builtin.user:
name: "{{ __user['username'] }}"
state: "absent"
remove: "yes"
when: "user_state == 'absent'"
tags:
- "usermanagement"
# manage sudoers file
- name: "user - create sudoers file - {{ __user['username'] }}"
ansible.builtin.template:
src: "templates/usermanagement/sudoers.d/sudoers.j2"
dest: "/etc/sudoers.d/{{ __user['username'] }}"
owner: "root"
group: "root"
mode: "0644"
when:
- "sudo_file"
tags:
- "usermanagement"
- name: "user - delete sudoers file - {{ __user['username'] }}"
ansible.builtin.file:
state: "absent"
path: "/etc/sudoers.d/{{ __user['username'] }}"
when:
- "not sudo_file"
tags:
- "usermanagement"
Reference in a new issue View git blame Copy permalink