--- # tasks file for users - name: manage users {{ user.name }} user: name: "{{ user.name }}" state: "{{ user.state | default('present') }}" comment: "{{ user.comment | default(omit) }}" password: "{{ user.password | default(omit) }}" uid: "{{ user.uid | default(omit) }}" group: "{{ user.group | default(omit) }}" groups: "{{ user.groups | default(omit) }}" shell: "{{ user.shell | default(users_shell) }}" register: users_manage_user - name: set sudo options for {{ user.name }} template: src: sudo.j2 dest: "/etc/sudoers.d/{{ user.name }}" when: - user.sudo_options is defined loop_control: label: "{{ user.name }}" - name: remove sudo options for {{ user.name }} file: path: "/etc/sudoers.d/{{ user.name }}" state: absent when: - user.sudo_options is not defined loop_control: label: "{{ user.name }}" - name: generate private ssh key for {{ user.name }} command: "{{ users_ssh_keygen_command }}" args: creates: "{{ users_ssh_key_directory }}/{{ user.name }}" when: - user.manage_ssh_key is defined - user.manage_ssh_key | bool loop_control: label: "{{ user.name }}" delegate_to: localhost become: no - name: generate public ssh key for {{ user.name }} shell: "{{ users_ssh_keygen_pubkey_command }} > {{ users_ssh_key_directory }}/{{ user.name }}.pub" args: creates: "{{ users_ssh_key_directory }}/{{ user.name }}.pub" when: - user.manage_ssh_key is defined - user.manage_ssh_key | bool loop_control: label: "{{ user.name }}" delegate_to: localhost become: no - name: read generated public ssh key for {{ user.name }} command: cat "{{ users_ssh_key_directory }}/{{ user.name }}.pub" when: - user.manage_ssh_key is defined - user.manage_ssh_key | bool changed_when: no register: ssh_public_key delegate_to: localhost become: no loop_control: label: "{{ user.name }}" - name: convert ssh key to ppk for {{ user.name }} shell: > ssh-keygen -e -f "{{ users_ssh_key_directory }}/{{ user.name }}" -C "Generated by Ansible role robertdebock.users" > "{{ users_ssh_key_directory }}/{{ user.name }}.ppk" args: creates: "{{ users_ssh_key_directory }}/{{ user.name }}.ppk" when: - user.manage_ssh_key is defined - user.manage_ssh_key | bool delegate_to: localhost become: no - name: create .ssh directory for {{ user.name }} file: path: "{{ user.home }}/.ssh" state: directory mode: "0700" become: yes become_user: "{{ user.name }}" when: - users_manage_user is defined - user.home is defined - name: loop over authorized_key for {{ user.name }} include: user_authorized_key.yml with_items: - "{{ user.authorized_key }}" loop_control: label: "{{ user.name }}" loop_var: authorized_key when: - user.authorized_key is defined - name: loop over authorized_keys for {{ user.name }} include: user_authorized_key.yml with_items: - "{{ user.authorized_keys }}" loop_control: label: "{{ user.name }}" loop_var: authorized_key when: - user.authorized_keys is defined - name: place generated ssh_public_key for {{ user.name }} authorized_key: user: "{{ user.name }}" state: present key: "{{ item.stdout }}" with_items: - "{{ ssh_public_key }}" when: - ssh_public_key is defined - user.manage_ssh_key is defined - user.manage_ssh_key | bool loop_control: label: "{{ user.name }}" - name: copy generated private ssh key for {{ user.name }} copy: src: "{{ users_ssh_key_directory }}/{{ item.name }}" dest: "{{ item.home }}/.ssh/id_rsa" mode: "0400" owner: "{{ item.name }}" group: "{{ item.group }}" with_items: - "{{ users_manage_user }}" when: - users_manage_user is defined - user.copy_private_key is defined - user.copy_private_key | bool loop_control: label: "{{ user.name }}"