forked from singleplatform-eng/ansible-users
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmain.yml
70 lines (64 loc) · 2.45 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
---
- name: Creating groups
group:
name: "{{item.name}}"
gid: "{{item.gid | default(omit)}}"
system: "{{item.system | default(no)}}"
with_items: "{{groups_to_create}}"
tags: ['users','groups','configuration']
- name: Per-user group creation
group: name="{{item.username}}"
gid="{{item.gid | default(item.uid) | default(omit)}}"
with_items: "{{users}}"
when: "'group' not in item and users_create_per_user_group"
tags: ['users','configuration']
- name: User creation
user:
name: "{{item.username}}"
group: "{{item.group | default(item.username if users_create_per_user_group else users_group)}}"
# empty string removes user from all secondary groups
groups: "{{item.groups | join(',') if 'groups' in item else ''}}"
append: "{{item.append | default(omit)}}"
shell: "{{item.shell if item.shell is defined else users_default_shell}}"
password: "{{item.password if item.password is defined else '!'}}"
comment: "{{item.name if item.name is defined else ''}}"
uid: "{{item.uid | default(omit)}}"
home: "{{ item.home | default('/home/' + item.username) }}"
createhome: "{{'yes' if users_create_homedirs else 'no'}}"
generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}"
update_password: "{{item.update_password | default(omit)}}"
with_items: "{{users}}"
tags: ['users','configuration']
- name: SSH keys
authorized_key:
user: "{{item.0.username}}"
key: "{{item.1}}"
path: "{{ item.0.home | default('/home/' + item.0.username) }}/{{ authorized_keys_file }}"
with_subelements:
- "{{users}}"
- ssh_key
- skip_missing: yes
tags: ['users','configuration']
- name: Setup user profiles
blockinfile:
block: "{{item.profile}}"
dest: "{{ item.home | default('/home/' + item.username) }}/.profile"
owner: "{{item.username}}"
group: "{{item.group | default(item.username if users_create_per_user_group else users_group)}}"
mode: 0644
create: true
when: users_create_homedirs and item.profile is defined
with_items: "{{users}}"
- name: Deleted user removal
user:
name: "{{item.username}}"
state: absent
remove: "{{item.remove | default(omit)}}"
force: "{{item.force | default(omit)}}"
with_items: "{{users_deleted}}"
tags: ['users','configuration']
- name: Deleted per-user group removal
group: name="{{item.username}}" state=absent
with_items: "{{users_deleted}}"
when: users_create_per_user_group
tags: ['users','configuration']