--- - name: "Define home directory for unix user: {{ unix_user.key }}" ansible.builtin.set_fact: user_user_home: "{{ unix_user.value.home | default('/home/' + unix_user.key) }}" - name: "Create btrfs volume for unix user: {{ unix_user.key }}" when: unix_user.value.btrfs is defined and unix_user.value.btrfs block: - name: "Create btrfs volume for unix user: {{ unix_user.key }}" community.general.btrfs_subvolume: name: "{{ user_user_home }}" - name: "Adapt home dir permissions" ansible.builtin.file: path: "{{ user_user_home }}" owner: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" state: directory mode: "0755" - name: "Create unix user without additional groups and uid: {{ unix_user.key }}" ansible.builtin.user: name: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" comment: "{{ unix_user.value.name }}" create_home: "{{ unix_user.value.create_home | default(true) }}" home: "{{ user_user_home }}" shell: "{{ unix_user.value.shell | default('/bin/bash') }}" password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}" state: present when: unix_user.value.groups is not defined and unix_user.value.uid is not defined - name: "Create unix user without additional groups and with uid: {{ unix_user.key }}" ansible.builtin.user: name: "{{ unix_user.key }}" uid: "{{ unix_user.value.uid }}" group: "{{ unix_user.value.group | default('users') }}" comment: "{{ unix_user.value.name }}" create_home: "{{ unix_user.value.create_home | default(true) }}" home: "{{ user_user_home }}" shell: "{{ unix_user.value.shell | default('/bin/bash') }}" password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}" state: present when: unix_user.value.groups is not defined and unix_user.value.uid is defined - name: "Create unix user with additional groups and uid: {{ unix_user.key }}" ansible.builtin.user: name: "{{ unix_user.key }}" uid: "{{ unix_user.value.uid }}" group: "{{ unix_user.value.group | default('users') }}" groups: "{{ unix_user.value.groups | join(',') }}" comment: "{{ unix_user.value.name }}" create_home: "{{ unix_user.value.create_home | default(true) }}" home: "{{ user_user_home }}" shell: "{{ unix_user.value.shell | default('/bin/bash') }}" password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}" state: present when: unix_user.value.groups is defined and unix_user.value.uid is defined - name: "Create unix user with additional groups and without uid: {{ unix_user.key }}" ansible.builtin.user: name: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" groups: "{{ unix_user.value.groups | join(',') }}" comment: "{{ unix_user.value.name }}" create_home: "{{ unix_user.value.create_home | default(true) }}" home: "{{ user_user_home }}" shell: "{{ unix_user.value.shell | default('/bin/bash') }}" password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}" state: present when: unix_user.value.groups is defined and unix_user.value.uid is not defined - name: "Adapt permissions and copy skel for unix user: {{ unix_user.key }}" when: unix_user.value.btrfs is defined and unix_user.value.btrfs block: - name: "Copy skel files" ansible.builtin.include_tasks: copy_skel_file.yml loop_control: loop_var: skel_file with_items: - ".bash_logout" - ".bash_profile" - ".bashrc" - name: "Change permission unix users home dir: {{ unix_user.key }}" ansible.builtin.file: path: "{{ user_user_home }}" owner: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" state: directory mode: "0755" - name: "Create .ssh directory for unix user: {{ unix_user.key }}" ansible.builtin.file: path: "{{ user_user_home }}/.ssh" owner: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" mode: "0700" state: directory - name: "Create authorized_keys file for unix user: {{ unix_user.key }}" ansible.builtin.template: src: authorized_keys.j2 dest: "{{ user_user_home }}/.ssh/authorized_keys" owner: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" mode: "0600" when: unix_user.value.ssh.authorized_keys is defined and unix_user.value.ssh.authorized_keys | length > 0 - name: "Remove authorized_keys file for unix user: {{ unix_user.key }}" ansible.builtin.file: path: "{{ user_user_home }}/.ssh/authorized_keys" state: absent when: unix_user.value.ssh.authorized_keys is not defined or unix_user.value.ssh.authorized_keys | length <= 0 - name: "Create private SSH keys for unix user: {{ unix_user.key }}" ansible.builtin.copy: src: "{{ playbook_dir }}/ssh/private_keys/{{ item }}" dest: "{{ user_user_home }}/.ssh/{{ item }}" owner: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" mode: "0600" with_items: - "{{ unix_user.value.ssh.private_keys }}" when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length > 0 - name: "Extract public SSH keys from private keys for unix user: {{ unix_user.key }}" ansible.builtin.shell: args: executable: /bin/bash cmd: "ssh-keygen -y -f {{ user_user_home }}/.ssh/{{ item }} > {{ user_user_home }}/.ssh/{{ item }}.pub" creates: "{{ user_user_home }}/.ssh/{{ item }}.pub" with_items: - "{{ unix_user.value.ssh.private_keys }}" when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length > 0 - name: "Correct permissions of public SSH keys for unix user: {{ unix_user.key }}" ansible.builtin.file: path: "{{ user_user_home }}/.ssh/{{ item }}.pub" owner: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" mode: "0644" with_items: - "{{ unix_user.value.ssh.private_keys }}" when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0 - name: "Create custom SSH client config for unix user: {{ unix_user.key }}" ansible.builtin.template: src: config.j2 dest: "{{ user_user_home }}/.ssh/config" owner: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" mode: "0644" when: unix_user.value.ssh.config is defined and unix_user.value.ssh.config | length >= 0 - name: "Remove custom SSH client config for unix user: {{ unix_user.key }}" ansible.builtin.file: path: "{{ user_user_home }}/.ssh/config" state: absent when: unix_user.value.ssh.config is not defined - name: "Create .forward file to forward emails for unix user: {{ unix_user.key }}" ansible.builtin.template: src: forward.j2 dest: "{{ user_user_home }}/.forward" owner: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" mode: "0644" when: unix_user.value.email is defined - name: "Remove .forward file to forward emails for unix user: {{ unix_user.key }}" ansible.builtin.file: path: "{{ user_user_home }}/.forward" state: absent when: unix_user.value.email is not defined - name: "Create XDG base directories" ansible.builtin.file: path: "{{ item }}" owner: "{{ unix_user.key }}" group: "{{ unix_user.value.group | default('users') }}" mode: "0755" state: "directory" with_items: - "{{ unix_user.value.xdg.dirs.cache | default(user_user_home + '/.cache') }}" - "{{ unix_user.value.xdg.dirs.config | default(user_user_home + '/.config') }}" - "{{ unix_user.value.xdg.dirs.data | default(user_user_home + '/.local/share') }}" - "{{ unix_user.value.xdg.dirs.state | default(user_user_home + '/.local/state') }}" - name: "Create shell rc files" when: unix_user.value.shell_rc_files is defined ansible.builtin.include_tasks: create_shell_rc_file.yml with_items: - "{{ unix_user.value.shell_rc_files }}" loop_control: loop_var: shell_rc_file