2022-05-09 08:17:07 +00:00
---
2023-02-12 14:08:40 +00:00
- name : "Define home directory for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.set_fact :
user_user_home : "{{ unix_user.value.home | default('/home/' + unix_user.key) }}"
2022-05-09 08:17:07 +00:00
2023-11-21 18:37:31 +00:00
- name : "Create btrfs volume for unix user: {{ unix_user.key }}"
community.general.btrfs_subvolume :
name : "{{ user_user_home }}"
when : unix_user.value.btrfs
2023-02-12 14:08:40 +00:00
- name : "Create unix user without additional groups and uid: {{ unix_user.key }}"
ansible.builtin.user :
2022-05-09 08:17:07 +00:00
name : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
comment : "{{ unix_user.value.name }}"
create_home : "{{ unix_user.value.create_home | default(true) }}"
home : "{{ user_user_home }}"
shell : "{{ unix_user.value.shell | default('/bin/bash') }}"
2023-02-15 20:41:11 +00:00
password : "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
2022-05-09 08:17:07 +00:00
state : present
2023-02-15 13:25:49 +00:00
when : unix_user.value.groups is not defined and unix_user.value.uid is not defined
2022-05-09 08:17:07 +00:00
2023-02-12 14:08:40 +00:00
- name : "Create unix user without additional groups and with uid: {{ unix_user.key }}"
ansible.builtin.user :
2022-05-09 08:17:07 +00:00
name : "{{ unix_user.key }}"
uid : "{{ unix_user.value.uid }}"
group : "{{ unix_user.value.group | default('users') }}"
comment : "{{ unix_user.value.name }}"
create_home : "{{ unix_user.value.create_home | default(true) }}"
home : "{{ user_user_home }}"
shell : "{{ unix_user.value.shell | default('/bin/bash') }}"
2023-02-15 20:41:11 +00:00
password : "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
2022-05-09 08:17:07 +00:00
state : present
2023-02-15 13:25:49 +00:00
when : unix_user.value.groups is not defined and unix_user.value.uid is defined
2022-05-09 08:17:07 +00:00
2023-02-12 14:08:40 +00:00
- name : "Create unix user with additional groups and uid: {{ unix_user.key }}"
ansible.builtin.user :
2022-05-09 08:17:07 +00:00
name : "{{ unix_user.key }}"
uid : "{{ unix_user.value.uid }}"
group : "{{ unix_user.value.group | default('users') }}"
groups : "{{ unix_user.value.groups | join(',') }}"
comment : "{{ unix_user.value.name }}"
create_home : "{{ unix_user.value.create_home | default(true) }}"
home : "{{ user_user_home }}"
shell : "{{ unix_user.value.shell | default('/bin/bash') }}"
2023-02-15 20:41:11 +00:00
password : "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
2022-05-09 08:17:07 +00:00
state : present
2023-02-15 13:25:49 +00:00
when : unix_user.value.groups is defined and unix_user.value.uid is defined
2022-05-09 08:17:07 +00:00
2023-02-12 14:08:40 +00:00
- name : "Create unix user with additional groups and without uid: {{ unix_user.key }}"
ansible.builtin.user :
2022-05-09 08:17:07 +00:00
name : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
groups : "{{ unix_user.value.groups | join(',') }}"
comment : "{{ unix_user.value.name }}"
create_home : "{{ unix_user.value.create_home | default(true) }}"
home : "{{ user_user_home }}"
shell : "{{ unix_user.value.shell | default('/bin/bash') }}"
2023-02-15 20:41:11 +00:00
password : "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
2022-05-09 08:17:07 +00:00
state : present
2023-02-15 13:25:49 +00:00
when : unix_user.value.groups is defined and unix_user.value.uid is not defined
2022-05-09 08:17:07 +00:00
2023-11-21 18:37:31 +00:00
- name : "Adapt permissions and copy skel for unix user: {{ unix_user.key }}"
block :
- name : "Copy skel dir"
ansible.builtin.copy :
src : /etc/skel/
dest : "{{ user_user_home }}"
remote_src : true
owner : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
- name : "Change permission unix users home dir: {{ unix_user.key }}"
ansible.builtin.file :
path : "{{ user_user_home }}"
owner : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
state : directory
when : unix_user.value.btrfs
2023-02-12 14:08:40 +00:00
- name : "Create .ssh directory for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.file :
2022-05-09 08:17:07 +00:00
path : "{{ user_user_home }}/.ssh"
owner : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
2023-02-26 21:18:28 +00:00
mode : "0700"
2022-05-09 08:17:07 +00:00
state : directory
2023-02-12 14:08:40 +00:00
- name : "Create authorized_keys file for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.template :
2022-05-09 08:17:07 +00:00
src : authorized_keys.j2
dest : "{{ user_user_home }}/.ssh/authorized_keys"
owner : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
2023-02-26 21:18:28 +00:00
mode : "0600"
2022-07-19 15:54:56 +00:00
when : unix_user.value.ssh.authorized_keys is defined and unix_user.value.ssh.authorized_keys | length > 0
2022-05-09 08:17:07 +00:00
2023-02-12 14:08:40 +00:00
- name : "Remove authorized_keys file for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.file :
2022-05-09 08:17:07 +00:00
path : "{{ user_user_home }}/.ssh/authorized_keys"
state : absent
2022-07-19 15:54:56 +00:00
when : unix_user.value.ssh.authorized_keys is not defined or unix_user.value.ssh.authorized_keys | length <= 0
2023-02-12 14:08:40 +00:00
- name : "Create private SSH keys for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.copy :
2022-07-19 15:54:56 +00:00
src : "{{ playbook_dir }}/ssh/private_keys/{{ item }}"
dest : "{{ user_user_home }}/.ssh/{{ item }}"
owner : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
2023-02-26 21:18:28 +00:00
mode : "0600"
2022-07-19 15:54:56 +00:00
with_items :
- "{{ unix_user.value.ssh.private_keys }}"
when : unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
2023-02-12 14:08:40 +00:00
- name : "Extract public SSH keys from private keys for unix user: {{ unix_user.key }}"
ansible.builtin.shell :
2022-07-19 15:54:56 +00:00
args :
2022-07-20 13:52:27 +00:00
executable : /bin/bash
cmd : "ssh-keygen -y -f {{ user_user_home }}/.ssh/{{ item }} > {{ user_user_home }}/.ssh/{{ item }}.pub"
2022-07-19 15:54:56 +00:00
creates : "{{ user_user_home }}/.ssh/{{ item }}.pub"
with_items :
- "{{ unix_user.value.ssh.private_keys }}"
when : unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
2023-02-12 14:08:40 +00:00
- name : "Correct permissions of public SSH keys for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.file :
2022-07-19 15:54:56 +00:00
path : "{{ user_user_home }}/.ssh/{{ item }}.pub"
owner : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
2023-02-26 21:18:28 +00:00
mode : "0644"
2022-07-19 15:54:56 +00:00
with_items :
- "{{ unix_user.value.ssh.private_keys }}"
when : unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
2023-02-12 14:08:40 +00:00
- name : "Create custom SSH client config for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.template :
2022-07-19 15:54:56 +00:00
src : config.j2
dest : "{{ user_user_home }}/.ssh/config"
owner : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
2023-02-26 21:18:28 +00:00
mode : "0644"
2022-07-19 15:54:56 +00:00
when : unix_user.value.ssh.config is defined and unix_user.value.ssh.config | length >= 0
2023-02-12 14:08:40 +00:00
- name : "Remove custom SSH client config for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.file :
2022-07-19 15:54:56 +00:00
path : "{{ user_user_home }}/.ssh/config"
state : absent
when : unix_user.value.ssh.config is not defined
2022-05-09 08:17:07 +00:00
2023-02-12 14:08:40 +00:00
- name : "Create .forward file to forward emails for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.template :
2022-05-09 08:17:07 +00:00
src : forward.j2
dest : "{{ user_user_home }}/.forward"
owner : "{{ unix_user.key }}"
group : "{{ unix_user.value.group | default('users') }}"
2023-02-26 21:18:28 +00:00
mode : "0644"
2022-05-09 08:17:07 +00:00
when : unix_user.value.email is defined
2023-02-12 14:08:40 +00:00
- name : "Remove .forward file to forward emails for unix user: {{ unix_user.key }}"
2023-02-08 17:25:07 +00:00
ansible.builtin.file :
2022-05-09 08:17:07 +00:00
path : "{{ user_user_home }}/.forward"
state : absent
2023-02-08 17:25:07 +00:00
when : unix_user.value.email is not defined