volker.raschek/ansible-role-unix-users
1
0
Fork 0
Code Issues 2 Pull Requests Actions Projects Releases Wiki Activity
Files
e4c12b98563ed685c0384598d051d10c844d1127
ansible-role-unix-users/tasks/create_unix_user.yaml
Markus Pesch e4c12b9856
All checks were successful
Ansible Linter / ansible-lint (push) Successful in 24s
Details
Lint Markdown files / markdown-lint (push) Successful in 4s
Details
fix: set btrfs device
2025-11-22 23:42:42 +01:00

231 lines
9.6 KiB
YAML
Raw Blame History

---
- name: "Define home directory for unix user: {{ unix_user.key }}"
ansible.builtin.set_fact:
user_user_home: "{{ unix_user.value.home | default('/home/' + unix_user.key) }}"
- name: "Create btrfs volume for unix user: {{ unix_user.key }}"
when: unix_user.value.btrfs is defined and
unix_user.value.btrfs
block:
- name: "Find btrfs device"
ansible.builtin.command:
cmd: /bin/bash -c "findmnt -no SOURCE -T {{ user_user_home }} | sed 's/\[.*\]//'"
register: _unix_users_btrfs_device
failed_when: _unix_users_btrfs_device.rc != 0
changed_when: _unix_users_btrfs_device.rc == 0
- name: "Found btrfs device"
ansible.builtin.debug:
msg: _unix_users_btrfs_device.stdout
when: _unix_users_debug is defined and
_unix_users_debug is true
- name: "Determine filesystem of device"
ansible.builtin.set_fact:
_unix_users_device_filesystem: "{{ ansible_facts['mounts'] | selectattr('device', 'equalto', _unix_users_btrfs_device.stdout) | map(attribute='fstype') | first }}"
- name: "Fail if device does not have a btrfs file system"
ansible.builtin.fail:
msg: "Determined device {{ _unix_users_btrfs_device.stdout }} does not have a btrfs filesystem"
when: _unix_users_device_filesystem != 'btrfs'
- name: "Create btrfs volume for unix user: {{ unix_user.key }}"
community.general.btrfs_subvolume:
filesystem_device: "{{ _unix_users_btrfs_device.stdout }}"
name: "{{ user_user_home }}"
state: present
- name: "Adapt home dir permissions"
ansible.builtin.file:
path: "{{ user_user_home }}"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
state: directory
mode: "0755"
- name: "Create unix user without additional groups and uid: {{ unix_user.key }}"
ansible.builtin.user:
name: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
comment: "{{ unix_user.value.name }}"
create_home: "{{ unix_user.value.create_home | default(true) }}"
home: "{{ user_user_home }}"
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
state: present
when: unix_user.value.groups is not defined and unix_user.value.uid is not defined
- name: "Create unix user without additional groups and with uid: {{ unix_user.key }}"
ansible.builtin.user:
name: "{{ unix_user.key }}"
uid: "{{ unix_user.value.uid }}"
group: "{{ unix_user.value.group | default('users') }}"
comment: "{{ unix_user.value.name }}"
create_home: "{{ unix_user.value.create_home | default(true) }}"
home: "{{ user_user_home }}"
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
state: present
when: unix_user.value.groups is not defined and unix_user.value.uid is defined
- name: "Create unix user with additional groups and uid: {{ unix_user.key }}"
ansible.builtin.user:
name: "{{ unix_user.key }}"
uid: "{{ unix_user.value.uid }}"
group: "{{ unix_user.value.group | default('users') }}"
groups: "{{ unix_user.value.groups | join(',') }}"
comment: "{{ unix_user.value.name }}"
create_home: "{{ unix_user.value.create_home | default(true) }}"
home: "{{ user_user_home }}"
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
state: present
when: unix_user.value.groups is defined and unix_user.value.uid is defined
- name: "Create unix user with additional groups and without uid: {{ unix_user.key }}"
ansible.builtin.user:
name: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
groups: "{{ unix_user.value.groups | join(',') }}"
comment: "{{ unix_user.value.name }}"
create_home: "{{ unix_user.value.create_home | default(true) }}"
home: "{{ user_user_home }}"
shell: "{{ unix_user.value.shell | default('/bin/bash') }}"
password: "{{ unix_user.value.password | password_hash('sha512') if unix_user.value.password is defined and unix_user.value.password | length > 0 else '!' }}"
state: present
when: unix_user.value.groups is defined and unix_user.value.uid is not defined
- name: "Adapt permissions and copy skel for unix user: {{ unix_user.key }}"
when: unix_user.value.btrfs is defined and
unix_user.value.btrfs
block:
- name: "Copy skel files"
ansible.builtin.include_tasks: copy_skel_file.yaml
loop_control:
loop_var: skel_file
with_items:
- ".bash_logout"
- ".bash_profile"
- ".bashrc"
- name: "Change permission unix users home dir: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
state: directory
mode: "0755"
- name: "Create .ssh directory for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.ssh"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0700"
state: directory
- name: "Create authorized_keys file for unix user: {{ unix_user.key }}"
ansible.builtin.template:
src: authorized_keys.j2
dest: "{{ user_user_home }}/.ssh/authorized_keys"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0600"
when: unix_user.value.ssh.authorized_keys is defined and unix_user.value.ssh.authorized_keys | length > 0
- name: "Remove authorized_keys file for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.ssh/authorized_keys"
state: absent
when: unix_user.value.ssh.authorized_keys is not defined or unix_user.value.ssh.authorized_keys | length <= 0
- name: "Create private SSH keys for unix user: {{ unix_user.key }}"
ansible.builtin.copy:
src: "{{ playbook_dir }}/ssh/private_keys/{{ item }}"
dest: "{{ user_user_home }}/.ssh/{{ item }}"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0600"
with_items:
- "{{ unix_user.value.ssh.private_keys }}"
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length > 0
- name: "Extract public SSH keys from private keys for unix user: {{ unix_user.key }}"
ansible.builtin.shell:
args:
executable: /bin/bash
cmd: "ssh-keygen -y -f {{ user_user_home }}/.ssh/{{ item }} > {{ user_user_home }}/.ssh/{{ item }}.pub"
creates: "{{ user_user_home }}/.ssh/{{ item }}.pub"
with_items:
- "{{ unix_user.value.ssh.private_keys }}"
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length > 0
- name: "Correct permissions of public SSH keys for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.ssh/{{ item }}.pub"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0644"
with_items:
- "{{ unix_user.value.ssh.private_keys }}"
when: unix_user.value.ssh.private_keys is defined and unix_user.value.ssh.private_keys | length >= 0
- name: "Create custom SSH client config for unix user: {{ unix_user.key }}"
ansible.builtin.template:
src: config.j2
dest: "{{ user_user_home }}/.ssh/config"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0644"
when: unix_user.value.ssh.config is defined and unix_user.value.ssh.config | length >= 0
- name: "Remove custom SSH client config for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.ssh/config"
state: absent
when: unix_user.value.ssh.config is not defined
- name: "Create .forward file to forward emails for unix user: {{ unix_user.key }}"
ansible.builtin.template:
src: forward.j2
dest: "{{ user_user_home }}/.forward"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0644"
when: unix_user.value.email is defined
- name: "Remove .forward file to forward emails for unix user: {{ unix_user.key }}"
ansible.builtin.file:
path: "{{ user_user_home }}/.forward"
state: absent
when: unix_user.value.email is not defined
- name: "Create XDG base directories"
ansible.builtin.file:
path: "{{ item }}"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0755"
state: "directory"
with_items:
- "{{ unix_user.value.xdg.dirs.cache | default(user_user_home + '/.cache') }}"
- "{{ unix_user.value.xdg.dirs.config | default(user_user_home + '/.config') }}"
- "{{ unix_user.value.xdg.dirs.data | default(user_user_home + '/.local/share') }}"
- "{{ unix_user.value.xdg.dirs.state | default(user_user_home + '/.local/state') }}"
- name: "Create shell rc files"
when: unix_user.value.shell_rc_files is defined
ansible.builtin.include_tasks: create_shell_rc_file.yaml
with_items:
- "{{ unix_user.value.shell_rc_files }}"
loop_control:
loop_var: shell_rc_file
- name: "Create .netrc file"
when: unix_user.value.netrc is defined and unix_user.value.netrc | length > 0
ansible.builtin.template:
src: netrc.j2
dest: "{{ user_user_home }}/.netrc"
owner: "{{ unix_user.key }}"
group: "{{ unix_user.value.group | default('users') }}"
mode: "0600"
Reference in New Issue View Git Blame Copy Permalink