blob: db38667863909443220a24535d3ce7931f20a995 (
plain) (
tree)
|
|
---
- import_tasks: root.yml
tags:
- users
- root
- name: Create users
user:
name: '{{ item }}'
state: present
comment: '{{ userdata[item].name }}'
shell: "{{ ('shell' in userdata[item])|ternary(userdata[item].shell,'/bin/bash') }}"
uid: '{{ userdata[item].uid }}'
password: "{{ ('password' in userdata[item])|ternary(userdata[item].password,omit) }}"
group: users
groups: "{{ (users[item] == 'sudo')|ternary([sudo_group],[]) }}"
with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
tags:
- users
- name: Create .ssh directories
file:
path: '~{{ item }}/.ssh'
state: directory
owner: '{{ item }}'
group: users
mode: 0700
with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
when: "'authorized_keys' in userdata[item]"
tags:
- users
- name: Create authorized_keys
template:
dest: '~{{ item }}/.ssh/authorized_keys'
src: authorized_keys.j2
owner: '{{ item }}'
group: users
mode: 0600
with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
when: "'authorized_keys' in userdata[item]"
tags:
- users
- name: Include user tasks
include_tasks:
file: '{{ user }}.yml'
apply:
tags:
- users
with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}'
loop_control:
loop_var: user
when: "'tasks' in userdata[user] and userdata[user].tasks"
tags:
- users
- name: Remove users
user:
name: '{{ item }}'
state: absent
remove: yes
with_items: '{{ userdata|dictsort()|map(attribute=0)|difference(users|dictsort()|selectattr(1)|map(attribute=0))|list }}'
tags:
- users
# vim: set ts=2 sw=2 et:
|
