volker.raschek/ansible-role-unix-users
1
0
Fork 0
Code Issues 2 Pull Requests Actions Projects Releases Wiki Activity

refac: use .yaml instead of .yml extension
All checks were successful
Ansible Linter / ansible-lint (push) Successful in 24s
Details
Lint Markdown files / markdown-lint (push) Successful in 4s
Details

Browse Source
This commit is contained in:
Markus Pesch
2025-10-25 12:37:50 +02:00
parent 0db7c7265a
commit 22048124fd
9 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

206
tasks/create_unix_user.yaml Normal file
View File

@@ -0,0 +1,206 @@
---
- name: "Define home directory for unix user: {{ unix_user.key }}"
ansible.builtin.set_fact:
user_user_home: "{{ unix_user.value.home | default('/home/' + unix_user.key) }}"
- name: "Create btrfs volume for unix user: {{ unix_user.key }}"
when: unix_user.value.btrfs is defined and
unix_user.value.btrfs
block:
- name: "Create btrfs volume for unix user: {{ unix_user.key }}"
community.general.btrfs_subvolume:
name: "{{ user_user_home }}"
- name: "Adapt home dir permissions"
ansible.builtin.file:
path: "{{ user_user_home }}"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
state: directory
mode: "0755"
- name: "Create unix user without additional groups and uid: {{ unix_user.key }}"
ansible.builtin.user:
name: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
comment: "{{ unix_user.value.name }}"
create_home: "{{ unix_user.value.create_home | default(true) }}"
home: "{{ user_user_home }}"
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
state: present
when: unix_user.value.groups is not defined and unix_user.value.uid is not defined
- name: "Create unix user without additional groups and with uid: {{ unix_user.key }}"
ansible.builtin.user:
name: "{{ unix_user.key }}"
uid: "{{ unix_user.value.uid }}"
group: "{{ unix_user.value.group | default('users') }}"
comment: "{{ unix_user.value.name }}"
create_home: "{{ unix_user.value.create_home | default(true) }}"
home: "{{ user_user_home }}"
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
state: present
when: unix_user.value.groups is not defined and unix_user.value.uid is defined
- name: "Create unix user with additional groups and uid: {{ unix_user.key }}"
ansible.builtin.user:
name: "{{ unix_user.key }}"
uid: "{{ unix_user.value.uid }}"
group: "{{ unix_user.value.group | default('users') }}"
groups: "{{ unix_user.value.groups | join(',') }}"
comment: "{{ unix_user.value.name }}"
create_home: "{{ unix_user.value.create_home | default(true) }}"
home: "{{ user_user_home }}"
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
state: present
when: unix_user.value.groups is defined and unix_user.value.uid is defined
- name: "Create unix user with additional groups and without uid: {{ unix_user.key }}"
ansible.builtin.user:
name: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
groups: "{{ unix_user.value.groups | join(',') }}"
comment: "{{ unix_user.value.name }}"
create_home: "{{ unix_user.value.create_home | default(true) }}"
home: "{{ user_user_home }}"
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
state: present
when: unix_user.value.groups is defined and unix_user.value.uid is not defined
- name: "Adapt permissions and copy skel for unix user: {{ unix_user.key }}"
when: unix_user.value.btrfs is defined and
unix_user.value.btrfs
block:
- name: "Copy skel files"
ansible.builtin.include_tasks: copy_skel_file.yaml
loop_control:
loop_var: skel_file
with_items:
- ".bash_logout"
- ".bash_profile"
- ".bashrc"
- name: "Change permission unix users home dir: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
state: directory
mode: "0755"
- name: "Create .ssh directory for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.ssh"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0700"
state: directory
- name: "Create authorized_keys file for unix user: {{ unix_user.key }}"
ansible.builtin.template:
src: authorized_keys.j2
dest: "{{ user_user_home }}/.ssh/authorized_keys"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0600"
when: unix_user.value.ssh.authorized_keys is defined and unix_user.value.ssh.authorized_keys | length > 0
- name: "Remove authorized_keys file for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.ssh/authorized_keys"
state: absent
when: unix_user.value.ssh.authorized_keys is not defined or unix_user.value.ssh.authorized_keys | length <= 0
- name: "Create private SSH keys for unix user: {{ unix_user.key }}"
ansible.builtin.copy:
src: "{{ playbook_dir }}/ssh/private_keys/{{ item }}"
dest: "{{ user_user_home }}/.ssh/{{ item }}"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0600"
with_items:
- "{{ unix_user.value.ssh.private_keys }}"
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length > 0
- name: "Extract public SSH keys from private keys for unix user: {{ unix_user.key }}"
ansible.builtin.shell:
args:
executable: /bin/bash
cmd: "ssh-keygen -y -f {{ user_user_home }}/.ssh/{{ item }} > {{ user_user_home }}/.ssh/{{ item }}.pub"
creates: "{{ user_user_home }}/.ssh/{{ item }}.pub"
with_items:
- "{{ unix_user.value.ssh.private_keys }}"
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length > 0
- name: "Correct permissions of public SSH keys for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.ssh/{{ item }}.pub"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0644"
with_items:
- "{{ unix_user.value.ssh.private_keys }}"
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
- name: "Create custom SSH client config for unix user: {{ unix_user.key }}"
ansible.builtin.template:
src: config.j2
dest: "{{ user_user_home }}/.ssh/config"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0644"
when: unix_user.value.ssh.config is defined and unix_user.value.ssh.config | length >= 0
- name: "Remove custom SSH client config for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.ssh/config"
state: absent
when: unix_user.value.ssh.config is not defined
- name: "Create .forward file to forward emails for unix user: {{ unix_user.key }}"
ansible.builtin.template:
src: forward.j2
dest: "{{ user_user_home }}/.forward"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0644"
when: unix_user.value.email is defined
- name: "Remove .forward file to forward emails for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.forward"
state: absent
when: unix_user.value.email is not defined
- name: "Create XDG base directories"
ansible.builtin.file:
path: "{{ item }}"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0755"
state: "directory"
with_items:
- "{{ unix_user.value.xdg.dirs.cache | default(user_user_home + '/.cache') }}"
- "{{ unix_user.value.xdg.dirs.config | default(user_user_home + '/.config') }}"
- "{{ unix_user.value.xdg.dirs.data | default(user_user_home + '/.local/share') }}"
- "{{ unix_user.value.xdg.dirs.state | default(user_user_home + '/.local/state') }}"
- name: "Create shell rc files"
when: unix_user.value.shell_rc_files is defined
ansible.builtin.include_tasks: create_shell_rc_file.yaml
with_items:
- "{{ unix_user.value.shell_rc_files }}"
loop_control:
loop_var: shell_rc_file
- name: "Create .netrc file"
when: unix_user.value.netrc is defined and unix_user.value.netrc | length > 0
ansible.builtin.template:
src: netrc.j2
dest: "{{ user_user_home }}/.netrc"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0600"