aboutsummaryrefslogblamecommitdiffstats
path: root/roles/users/tasks/main.yml
blob: db38667863909443220a24535d3ce7931f20a995 (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
12
13
   

                        

         







                                                                                        
                                                                                          


                                                                          
       
         









                                                                          
       
         









                                                                          
       
         










                                                                          
       
         






                                                                                                                           
       
         

                        
---
- import_tasks: root.yml
  tags:
  - users
  - root

- name: Create users
  user:
    name: '{{ item }}'
    state: present
    comment: '{{ userdata[item].name }}'
    shell: "{{ ('shell' in userdata[item])|ternary(userdata[item].shell,'/bin/bash') }}"
    uid: '{{ userdata[item].uid }}'
    password: "{{ ('password' in userdata[item])|ternary(userdata[item].password,omit) }}"
    group: users
    groups: "{{ (users[item] == 'sudo')|ternary([sudo_group],[]) }}"
  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
  tags:
  - users

- name: Create .ssh directories
  file:
    path: '~{{ item }}/.ssh'
    state: directory
    owner: '{{ item }}'
    group: users
    mode: 0700
  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
  when: "'authorized_keys' in userdata[item]"
  tags:
  - users

- name: Create authorized_keys
  template:
    dest: '~{{ item }}/.ssh/authorized_keys'
    src: authorized_keys.j2
    owner: '{{ item }}'
    group: users
    mode: 0600
  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
  when: "'authorized_keys' in userdata[item]"
  tags:
  - users

- name: Include user tasks
  include_tasks:
    file: '{{ user }}.yml'
    apply:
      tags:
      - users
  with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
  loop_control:
    loop_var: user
  when: "'tasks' in userdata[user] and userdata[user].tasks"
  tags:
  - users

- name: Remove users
  user:
    name: '{{ item }}'
    state: absent
    remove: yes
  with_items: '{{ userdata|dictsort()|map(attribute=0)|difference(users|dictsort()|selectattr(1)|map(attribute=0))|list }}'
  tags:
  - users

# vim: set ts=2 sw=2 et: