2022-05-09 08:17:07 +00:00
|
|
|
---
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Define home directory for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.set_fact:
|
|
|
|
user_user_home: "{{ unix_user.value.home | default('/home/' + unix_user.key) }}"
|
2022-05-09 08:17:07 +00:00
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Create unix user without additional groups and uid: {{ unix_user.key }}"
|
|
|
|
ansible.builtin.user:
|
2022-05-09 08:17:07 +00:00
|
|
|
name: "{{ unix_user.key }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
comment: "{{ unix_user.value.name }}"
|
|
|
|
create_home: "{{ unix_user.value.create_home | default(true) }}"
|
|
|
|
home: "{{ user_user_home }}"
|
|
|
|
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
|
|
|
|
password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}"
|
|
|
|
state: present
|
|
|
|
when: "unix_user.value.groups is not defined and unix_user.value.uid is not defined"
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Create unix user without additional groups and with uid: {{ unix_user.key }}"
|
|
|
|
ansible.builtin.user:
|
2022-05-09 08:17:07 +00:00
|
|
|
name: "{{ unix_user.key }}"
|
|
|
|
uid: "{{ unix_user.value.uid }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
comment: "{{ unix_user.value.name }}"
|
|
|
|
create_home: "{{ unix_user.value.create_home | default(true) }}"
|
|
|
|
home: "{{ user_user_home }}"
|
|
|
|
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
|
|
|
|
password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}"
|
|
|
|
state: present
|
|
|
|
when: "unix_user.value.groups is not defined and unix_user.value.uid is defined"
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Create unix user with additional groups and uid: {{ unix_user.key }}"
|
|
|
|
ansible.builtin.user:
|
2022-05-09 08:17:07 +00:00
|
|
|
name: "{{ unix_user.key }}"
|
|
|
|
uid: "{{ unix_user.value.uid }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
groups: "{{ unix_user.value.groups | join(',') }}"
|
|
|
|
comment: "{{ unix_user.value.name }}"
|
|
|
|
create_home: "{{ unix_user.value.create_home | default(true) }}"
|
|
|
|
home: "{{ user_user_home }}"
|
|
|
|
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
|
|
|
|
password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}"
|
|
|
|
state: present
|
|
|
|
when: "unix_user.value.groups is defined and unix_user.value.uid is defined"
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Create unix user with additional groups and without uid: {{ unix_user.key }}"
|
|
|
|
ansible.builtin.user:
|
2022-05-09 08:17:07 +00:00
|
|
|
name: "{{ unix_user.key }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
groups: "{{ unix_user.value.groups | join(',') }}"
|
|
|
|
comment: "{{ unix_user.value.name }}"
|
|
|
|
create_home: "{{ unix_user.value.create_home | default(true) }}"
|
|
|
|
home: "{{ user_user_home }}"
|
|
|
|
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
|
|
|
|
password: "{{ unix_user.value.password | default('') | password_hash('sha512') }}"
|
|
|
|
state: present
|
|
|
|
when: "unix_user.value.groups is defined and unix_user.value.uid is not defined"
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Create .ssh directory for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.file:
|
2022-05-09 08:17:07 +00:00
|
|
|
path: "{{ user_user_home }}/.ssh"
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
mode: 0700
|
|
|
|
state: directory
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Create authorized_keys file for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.template:
|
2022-05-09 08:17:07 +00:00
|
|
|
src: authorized_keys.j2
|
|
|
|
dest: "{{ user_user_home }}/.ssh/authorized_keys"
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
mode: 0600
|
2022-07-19 15:54:56 +00:00
|
|
|
when: unix_user.value.ssh.authorized_keys is defined and unix_user.value.ssh.authorized_keys | length > 0
|
2022-05-09 08:17:07 +00:00
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Remove authorized_keys file for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.file:
|
2022-05-09 08:17:07 +00:00
|
|
|
path: "{{ user_user_home }}/.ssh/authorized_keys"
|
|
|
|
state: absent
|
2022-07-19 15:54:56 +00:00
|
|
|
when: unix_user.value.ssh.authorized_keys is not defined or unix_user.value.ssh.authorized_keys | length <= 0
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Create private SSH keys for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.copy:
|
2022-07-19 15:54:56 +00:00
|
|
|
src: "{{ playbook_dir }}/ssh/private_keys/{{ item }}"
|
|
|
|
dest: "{{ user_user_home }}/.ssh/{{ item }}"
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
mode: 0600
|
|
|
|
with_items:
|
|
|
|
- "{{ unix_user.value.ssh.private_keys }}"
|
|
|
|
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Extract public SSH keys from private keys for unix user: {{ unix_user.key }}"
|
|
|
|
ansible.builtin.shell:
|
2022-07-19 15:54:56 +00:00
|
|
|
args:
|
2022-07-20 13:52:27 +00:00
|
|
|
executable: /bin/bash
|
|
|
|
cmd: "ssh-keygen -y -f {{ user_user_home }}/.ssh/{{ item }} > {{ user_user_home }}/.ssh/{{ item }}.pub"
|
2022-07-19 15:54:56 +00:00
|
|
|
creates: "{{ user_user_home }}/.ssh/{{ item }}.pub"
|
|
|
|
with_items:
|
|
|
|
- "{{ unix_user.value.ssh.private_keys }}"
|
|
|
|
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Correct permissions of public SSH keys for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.file:
|
2022-07-19 15:54:56 +00:00
|
|
|
path: "{{ user_user_home }}/.ssh/{{ item }}.pub"
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
mode: 0644
|
|
|
|
with_items:
|
|
|
|
- "{{ unix_user.value.ssh.private_keys }}"
|
|
|
|
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Create custom SSH client config for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.template:
|
2022-07-19 15:54:56 +00:00
|
|
|
src: config.j2
|
|
|
|
dest: "{{ user_user_home }}/.ssh/config"
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
mode: 0644
|
|
|
|
when: unix_user.value.ssh.config is defined and unix_user.value.ssh.config | length >= 0
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Remove custom SSH client config for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.file:
|
2022-07-19 15:54:56 +00:00
|
|
|
path: "{{ user_user_home }}/.ssh/config"
|
|
|
|
state: absent
|
|
|
|
when: unix_user.value.ssh.config is not defined
|
2022-05-09 08:17:07 +00:00
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Create .forward file to forward emails for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.template:
|
2022-05-09 08:17:07 +00:00
|
|
|
src: forward.j2
|
|
|
|
dest: "{{ user_user_home }}/.forward"
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
mode: 0644
|
|
|
|
when: unix_user.value.email is defined
|
|
|
|
|
2023-02-12 14:08:40 +00:00
|
|
|
- name: "Remove .forward file to forward emails for unix user: {{ unix_user.key }}"
|
2023-02-08 17:25:07 +00:00
|
|
|
ansible.builtin.file:
|
2022-05-09 08:17:07 +00:00
|
|
|
path: "{{ user_user_home }}/.forward"
|
|
|
|
state: absent
|
2023-02-08 17:25:07 +00:00
|
|
|
when: unix_user.value.email is not defined
|