ansible-user/tasks/main.yml

57 lines
1.4 KiB
YAML
Raw Normal View History

2023-01-15 10:05:39 +00:00
---
# tasks file for ansible-user
- name: Print user name
ansible.builtin.debug:
2023-01-15 10:17:27 +00:00
msg: '{{ user_name }}'
2023-01-15 10:05:39 +00:00
- name: Create system user
become: true
ansible.builtin.user:
name: '{{ user_name }}'
system: true
2023-01-15 10:17:27 +00:00
password: "{{ user_password | default('') }}"
2023-01-15 10:05:39 +00:00
groups: "{{ user_groups | join(',') }}"
2023-01-15 11:52:55 +00:00
uid: "{{ user_uid }}"
2023-01-15 10:05:39 +00:00
home: "{{ user_home | default('/') }}"
shell: "{{ user_shell | default('/usr/bin/nologin') }}"
when: user_name != "root" and not user_ldap
2023-01-15 10:17:27 +00:00
- name: Simulate login
ansible.builtin.stat:
path: '/home/{{ user.name }}'
become: true
become_user: '{{ user.name }}'
2023-01-15 10:05:39 +00:00
when: user_ldap
- name: Ensure .ssh exist for user
become: true
ansible.builtin.file:
state: directory
path: "{{ user_home | default('/') }}/.ssh"
owner: '{{ user_name }}'
mode: 0700
- name: Copy ssh config for user
become: true
ansible.builtin.template:
dest: "{{ user_home | default('/') }}/.ssh/config"
src: 'config.j2'
force: true
mode: '600'
selevel: s0
owner: '{{ user_name }}'
- name: Install ssh private key
become: true
ansible.builtin.copy:
content: '{{ item.key }}'
2023-01-15 10:17:27 +00:00
dest: '{{ user_home }}/.ssh/{{ item.keyname }}'
2023-01-15 10:05:39 +00:00
mode: 0600
owner: '{{ user_name }}'
with_items: '{{ user_privatekey }}'
- name: Deploy SSH-Keys to remote host
ansible.posix.authorized_key:
user: '{{ user_name }}'
key: '{{ item }}'
exclusive: false
with_items: '{{ user_authorized_key }}'