Select Git revision
main.yml 1.55 KiB
---
# tasks file for users
- name: Assertions
assert:
that:
- ansible_os_family in [ 'OpenBSD', 'Debian' ]
- users is iterable
- users_lock_root_ssh in [ True, False ]
- users_use_sudo in [ True, False ]
- users_prune in [ True, False ]
# OpenBSD 5.7 was the last version that came with sudo installed.
- include: sudo.yml
when: users_use_sudo
- name: Create groups
with_items: '{{ users_unique_groups }}'
group:
name: '{{ item }}'
state: present
- name: Create users
with_items: '{{ users }}'
user:
append: yes
name: '{{ item.name }}'
createhome: yes
shell: '{{ item.shell|default("/bin/ksh" if ansible_os_family == "OpenBSD" else "/bin/bash") }}'
groups: '{{ item.groups|join(",") if item.groups is defined else omit }}'
state: present
uid: '{{ item.uid|default(omit) }}'
password: '{{ item.password|default(omit) }}'
comment: '{{ item.comment|default(omit) }}'
- name: Add public keys
with_items: '{{ users }}'
when: item.pubkeys is defined
authorized_key:
key: '{{ item.pubkeys|join ("\n") }}'
user: '{{ item.name }}'
state: present
- name: Add email aliases
with_items: '{{ users }}'
when: item.email is defined
lineinfile:
dest: '{{ aliases_file[ansible_os_family] }}'
create: yes
line: '{{ item.name }}: {{ item.email }}'
regexp: '^{{ item.name }}:'
notify:
- Update SMTPd database
- include: lock_root_ssh.yml
when: users_lock_root_ssh
- include: prune.yml
when: users_prune