104 lines
2.8 KiB
YAML
104 lines
2.8 KiB
YAML
---
|
|
# HELP
|
|
# If you want NO password, set password: '*'
|
|
# If you just want a group with the same users name, and no others, use group: []
|
|
# If you don't want a home directory use create_home: no
|
|
|
|
# Optional
|
|
# ssh_authorized: true|false (default true) - Adds users public key to authorized_keys on server
|
|
# ssh_keys: true|false (default false) - Adds users public AND private key to server
|
|
# create_home: yes|no (default yes) - Creates /home/user directory
|
|
|
|
|
|
|
|
- name: Registering {{ user }} home directory variable
|
|
shell: >
|
|
getent passwd {{ user }} | cut -d: -f6
|
|
changed_when: false
|
|
register: user_home
|
|
|
|
# Create group by same ID as user
|
|
- name: Creating group {{ user }}
|
|
group:
|
|
name: '{{ user }}'
|
|
gid: '{{ id }}'
|
|
when: gid is undefined
|
|
|
|
# Create group by options gid
|
|
- name: Creating group {{ user }}
|
|
group:
|
|
name: '{{ user }}'
|
|
gid: '{{ gid }}'
|
|
when: gid is defined
|
|
|
|
- name: Creating user {{ user }}
|
|
user:
|
|
name: '{{ user }}'
|
|
uid: '{{ id }}'
|
|
comment: '{{ user }}'
|
|
group: '{{ user }}'
|
|
groups: '{{ group }}'
|
|
password: '{{ password }}'
|
|
update_password: always
|
|
create_home: '{{ create_home | default("yes") }}'
|
|
shell: /bin/bash
|
|
|
|
#- name: Setting user {{ user }} password
|
|
#user:
|
|
#password: '{{ password }}'
|
|
#when: password is defined
|
|
|
|
- name: Adding users sudoers.d file
|
|
file:
|
|
path: '/etc/sudoers.d/{{ user }}'
|
|
state: touch
|
|
mode: "0640" #-rw-r-----
|
|
when: '"sudo" in group'
|
|
|
|
- name: Setting user to nopasswd sudo access
|
|
lineinfile:
|
|
path: '/etc/sudoers.d/{{ user }}'
|
|
line: '{{ user }} ALL=(ALL) NOPASSWD:ALL'
|
|
when: '"sudo" in group'
|
|
|
|
# Create users ~/.ssh directory
|
|
- name: Creating {{ user }} ~/.ssh directory
|
|
file:
|
|
path: '{{ "~" + user | expanduser }}/.ssh'
|
|
state: directory
|
|
|
|
# Authorize users SSH keys
|
|
# NOTE, when: ssh_authorize|bool == true
|
|
# IS working, BUT even if ssh_authorize = false the
|
|
# with_file: still errors if 'keys/{{ user }}.key.pub' does NOT exists
|
|
# So you have to create at least a blank users/keys/user.key.pub file
|
|
- name: Authorizing SSH keys for {{ user }}
|
|
authorized_key:
|
|
user: '{{ user }}'
|
|
key: '{{ item }}'
|
|
with_file:
|
|
- 'keys/{{ user }}.key.pub'
|
|
when: ssh_authorize|default(true)|bool
|
|
|
|
# Create users public key
|
|
- name: Copying {{ user }} SSH public key
|
|
copy:
|
|
src: 'keys/{{ user }}.key.pub'
|
|
#dest: '{{ user_home }}/.ssh/id_rsa.pub'
|
|
dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa.pub'
|
|
owner: '{{ user }}'
|
|
group: '{{ user }}'
|
|
mode: 0644
|
|
when: ssh_keys|default(false)|bool
|
|
|
|
# Create users private key
|
|
- name: Copying {{ user }} SSH private key
|
|
copy:
|
|
src: '../../../vault/{{ user }}.key'
|
|
#dest: '{{ user_home }}/.ssh/id_rsa'
|
|
dest: '{{ "~" + user | expanduser }}/.ssh/id_rsa'
|
|
owner: '{{ user }}'
|
|
group: '{{ user }}'
|
|
mode: 0600
|
|
when: ssh_keys|default(false)|bool
|