gitadmin
/
ansible-development-environment
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ansible-development-environ.../roles/users/tasks/user.yml

136 lines
4.1 KiB
YAML
Raw Blame History

---
# tasks file for users
- name: create local ssh_key_directory
ansible.builtin.file:
path: "{{ users_ssh_key_directory }}"
state: directory
mode: "0750"
when:
- user.manage_ssh_key is defined
- user.manage_ssh_key | bool
delegate_to: localhost
become: no
- name: manage users {{ user.name }}
ansible.builtin.user:
name: "{{ user.name }}"
state: "{{ user.state | default('present') }}"
comment: "{{ user.comment | default(omit) }}"
create_home: "{{ users_create_home }}"
password: "{{ user.password | default(omit) }}"
uid: "{{ user.uid | default(omit) }}"
group: "{{ user.group | default(omit) }}"
groups: "{{ user.groups | default(omit) }}"
home: "{{ user.home | default(omit) }}"
shell: "{{ user.shell | default(users_shell) }}"
update_password: "{{ user.update_password | default(omit) }}"
expires: "{{ user.expires | default(omit) }}"
system: "{{ user.system | default(omit) }}"
register: users_manage_user
- name: set sudo options for {{ user.name }}
ansible.builtin.template:
src: sudo.j2
dest: "/etc/sudoers.d/{{ user.name }}"
mode: "0640"
when:
- user.sudo_options is defined
loop_control:
label: "{{ user.name }}"
- name: remove sudo options for {{ user.name }}
ansible.builtin.file:
path: "/etc/sudoers.d/{{ user.name }}"
state: absent
when:
- user.sudo_options is not defined
loop_control:
label: "{{ user.name }}"
- name: generate private ssh key for {{ user.name }}
ansible.builtin.command: "{{ users_ssh_keygen_command }}"
args:
creates: "{{ users_ssh_key_directory }}/{{ user.name }}"
when:
- user.manage_ssh_key is defined
- user.manage_ssh_key | bool
loop_control:
label: "{{ user.name }}"
delegate_to: localhost
become: no
- name: generate public ssh key for {{ user.name }}
ansible.builtin.shell: "{{ users_ssh_keygen_pubkey_command }} > {{ users_ssh_key_directory }}/{{ user.name }}.pub"
args:
creates: "{{ users_ssh_key_directory }}/{{ user.name }}.pub"
when:
- user.manage_ssh_key is defined
- user.manage_ssh_key | bool
loop_control:
label: "{{ user.name }}"
delegate_to: localhost
become: no
- name: convert ssh key to ppk for {{ user.name }}
ansible.builtin.shell: >
ssh-keygen -e -f "{{ users_ssh_key_directory }}/{{ user.name }}"
-C "Generated by Ansible role robertdebock.users"
> "{{ users_ssh_key_directory }}/{{ user.name }}.ppk"
args:
creates: "{{ users_ssh_key_directory }}/{{ user.name }}.ppk"
when:
- user.manage_ssh_key is defined
- user.manage_ssh_key | bool
delegate_to: localhost
become: no
- name: create .ssh directory for {{ user.name }}
ansible.builtin.file:
path: "/home/{{ user.name }}/.ssh"
state: directory
mode: "700"
become: yes
become_user: "{{ user.name }}"
when:
- user.manage_ssh_key is defined
- user.manage_ssh_key
- name: loop over authorized_keys for {{ user.name }}
ansible.builtin.include: user_authorized_key.yml
loop: "{{ user.authorized_keys }}"
loop_control:
label: "{{ user.name }}"
loop_var: authorized_key
when:
- user.authorized_keys is defined
- name: copy generated private ssh key for {{ user.name }}
ansible.builtin.copy:
src: "{{ users_ssh_key_directory }}/{{ user.name }}"
dest: "/home/{{ user.name }}/.ssh/id_rsa"
mode: "400"
owner: "{{ user.name }}"
group: "{{ user.group | default(omit) }}"
when:
- users_manage_user is defined
- user.copy_private_key is defined
- user.copy_private_key | bool
loop_control:
label: "{{ user.name }}"
- name: check users password valid time
command: awk 'BEGIN { FS = ":" } $1 == "{{ user.name }}" { print $5 }' /etc/shadow
register: users_pw_valid
changed_when: no
check_mode: no
when:
- user.state is defined and user.state != "absent" or
user.state is not defined
- name: set users password valid time
command: chage -M "{{ user.password_validity_days }}" "{{ user.name }}"
when:
- user.password_validity_days is defined
- users_pw_valid.stdout is defined
- users_pw_valid.stdout | int != user.password_validity_days | int
Reference in New Issue View Git Blame Copy Permalink