|
|
|
|
@ -1,8 +1,8 @@
|
|
|
|
|
---
|
|
|
|
|
|
|
|
|
|
- name: Define home directory for user {{ unix_user.key }}
|
|
|
|
|
set_fact:
|
|
|
|
|
user_user_home: "{{ unix_user.value.home | default('/home/' + unix_user.key) }}"
|
|
|
|
|
ansible.builtin.set_fact:
|
|
|
|
|
user_user_home: "{{ unix_user.value.home | default('/home/' + unix_user.key) }}"
|
|
|
|
|
|
|
|
|
|
- name: Create unix user {{ unix_user.key }} without additional groups and uid
|
|
|
|
|
user:
|
|
|
|
|
@ -57,7 +57,7 @@
|
|
|
|
|
when: "unix_user.value.groups is defined and unix_user.value.uid is not defined"
|
|
|
|
|
|
|
|
|
|
- name: Create .ssh directory for user {{ unix_user.key }}
|
|
|
|
|
file:
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: "{{ user_user_home }}/.ssh"
|
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
|
@ -65,7 +65,7 @@
|
|
|
|
|
state: directory
|
|
|
|
|
|
|
|
|
|
- name: Create authorized_keys file for user {{ unix_user.key }}
|
|
|
|
|
template:
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: authorized_keys.j2
|
|
|
|
|
dest: "{{ user_user_home }}/.ssh/authorized_keys"
|
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
|
@ -74,13 +74,13 @@
|
|
|
|
|
when: unix_user.value.ssh.authorized_keys is defined and unix_user.value.ssh.authorized_keys | length > 0
|
|
|
|
|
|
|
|
|
|
- name: Remove authorized_keys file for user {{ unix_user.key }}
|
|
|
|
|
file:
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: "{{ user_user_home }}/.ssh/authorized_keys"
|
|
|
|
|
state: absent
|
|
|
|
|
when: unix_user.value.ssh.authorized_keys is not defined or unix_user.value.ssh.authorized_keys | length <= 0
|
|
|
|
|
|
|
|
|
|
- name: Create private SSH keys for user {{ unix_user.key }}
|
|
|
|
|
copy:
|
|
|
|
|
ansible.builtin.copy:
|
|
|
|
|
src: "{{ playbook_dir }}/ssh/private_keys/{{ item }}"
|
|
|
|
|
dest: "{{ user_user_home }}/.ssh/{{ item }}"
|
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
|
@ -101,7 +101,7 @@
|
|
|
|
|
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
|
|
|
|
|
|
|
|
|
|
- name: Correct permissions of public SSH keys for user {{ unix_user.key }}
|
|
|
|
|
file:
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: "{{ user_user_home }}/.ssh/{{ item }}.pub"
|
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
|
group: "{{ unix_user.value.group | default('users') }}"
|
|
|
|
|
@ -111,7 +111,7 @@
|
|
|
|
|
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
|
|
|
|
|
|
|
|
|
|
- name: Create custom SSH client config for user {{ unix_user.key }}
|
|
|
|
|
template:
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: config.j2
|
|
|
|
|
dest: "{{ user_user_home }}/.ssh/config"
|
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
|
@ -120,13 +120,13 @@
|
|
|
|
|
when: unix_user.value.ssh.config is defined and unix_user.value.ssh.config | length >= 0
|
|
|
|
|
|
|
|
|
|
- name: Remove custom SSH client config for user {{ unix_user.key }}
|
|
|
|
|
file:
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: "{{ user_user_home }}/.ssh/config"
|
|
|
|
|
state: absent
|
|
|
|
|
when: unix_user.value.ssh.config is not defined
|
|
|
|
|
|
|
|
|
|
- name: Create .forward file to forward emails for user {{ unix_user.key }}
|
|
|
|
|
template:
|
|
|
|
|
ansible.builtin.template:
|
|
|
|
|
src: forward.j2
|
|
|
|
|
dest: "{{ user_user_home }}/.forward"
|
|
|
|
|
owner: "{{ unix_user.key }}"
|
|
|
|
|
@ -135,7 +135,7 @@
|
|
|
|
|
when: unix_user.value.email is defined
|
|
|
|
|
|
|
|
|
|
- name: Remove .forward file to forward emails for user {{ unix_user.key }}
|
|
|
|
|
file:
|
|
|
|
|
ansible.builtin.file:
|
|
|
|
|
path: "{{ user_user_home }}/.forward"
|
|
|
|
|
state: absent
|
|
|
|
|
when: unix_user.value.email is not defined
|
|
|
|
|
when: unix_user.value.email is not defined
|
|
|
|
|
|
