diff options
author | Emil Renner Berthing <esmil@labitat.dk> | 2019-01-13 20:07:50 +0100 |
---|---|---|
committer | Emil Renner Berthing <esmil@labitat.dk> | 2019-01-13 21:30:45 +0100 |
commit | bbced59f27d07563734cd0b3cb3da5e4e77634ae (patch) | |
tree | 500a7735c9700a97adaa4ae381a4ebaf65a7c2f5 /roles/users/tasks/main.yml | |
parent | 47611fb28c90050bce9c6a1f25722b9f96523b64 (diff) | |
download | labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.gz labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.tar.xz labitat-ansible-bbced59f27d07563734cd0b3cb3da5e4e77634ae.zip |
users: add more flexible user management
Now user data is in roles/users/defaults/main.yml
and each server should have a hash like this
users:
'foo': sudo
'bar': true
'baz': false
#'qux': false
This means the user foo will be created with sudo
access, the user bar will be created without sudo
access, while baz and qux will be removed.
Diffstat (limited to 'roles/users/tasks/main.yml')
-rw-r--r-- | roles/users/tasks/main.yml | 71 |
1 files changed, 49 insertions, 22 deletions
diff --git a/roles/users/tasks/main.yml b/roles/users/tasks/main.yml index cf21626..23a4945 100644 --- a/roles/users/tasks/main.yml +++ b/roles/users/tasks/main.yml @@ -3,37 +3,64 @@ tags: - users - root -- import_tasks: esmil.yml - tags: - - users - - esmil -- import_tasks: ast.yml - tags: - - users - - ast -- import_tasks: flummer.yml - tags: - - users - - flummer -- import_tasks: riiiis.yml + +- name: Create users + user: + name: '{{ item }}' + state: present + comment: '{{ userdata[item].name }}' + shell: "{{ ('shell' in userdata[item])|ternary(userdata[item].shell,'/bin/bash') }}" + uid: '{{ userdata[item].uid }}' + group: users + groups: "{{ (users[item] == 'sudo')|ternary([sudo_group],[]) }}" + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' tags: - users - - riiiis -- import_tasks: knielsen.yml + +- name: Create .ssh directories + file: + path: '~{{ item }}/.ssh' + state: directory + owner: '{{ item }}' + group: users + mode: 0700 + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + when: "'authorized_keys' in userdata[item]" tags: - users - - knielsen -- import_tasks: k2OS.yml + +- name: Create authorized_keys + template: + dest: '~{{ item }}/.ssh/authorized_keys' + src: authorized_keys.j2 + owner: '{{ item }}' + group: users + mode: 0600 + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + when: "'authorized_keys' in userdata[item]" tags: - users - - k2OS -- import_tasks: signout.yml + +- name: Include user tasks + include_tasks: + file: '{{ user }}.yml' + apply: + tags: + - users + with_items: '{{ users|dictsort()|selectattr(1)|map(attribute=0)|list }}' + loop_control: + loop_var: user + when: "'tasks' in userdata[user] and userdata[user].tasks" tags: - users - - signout -- import_tasks: semi.yml + +- name: Remove users + user: + name: '{{ item }}' + state: absent + remove: yes + with_items: '{{ userdata|dictsort()|map(attribute=0)|difference(users|dictsort()|selectattr(1)|map(attribute=0))|list }}' tags: - users - - semi # vim: set ts=2 sw=2 et: |