| --- |
| # users tasks/main.yml |
| # |
| # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| # SPDX-License-Identifier: Apache-2.0 |
| |
| - name: include OS-specific vars |
| include_vars: "{{ ansible_os_family }}.yml" |
| |
| - name: include OS-specific tasks |
| include_tasks: "{{ ansible_os_family }}.yml" |
| |
| - name: Create groups |
| group: |
| name: "{{ item }}" |
| with_items: "{{ users_groups }}" |
| |
| - name: Create user accounts |
| user: |
| name: "{{ item.username }}" |
| comment: "{{ item.fullname | default(item.username) }}" |
| password: "{{ item[users_os_pw_type] }}" |
| home: "{{ item.homedir | default(omit) }}" |
| system: "{{ item.system | default(false) }}" |
| shell: "{{ item.shell | default(users_default_shell) }}" |
| with_items: "{{ userlist }}" |
| |
| - name: Add user to sudo-capable group if they're a sudoer |
| when: "'sudoer' in item and item.sudoer" |
| user: |
| name: "{{ item.username }}" |
| groups: "{{ users_os_sudoers_group }}" |
| append: true |
| with_items: "{{ userlist }}" |
| |
| - name: Add user to any extra_groups |
| when: "'extra_groups' in item and item.extra_groups" |
| user: |
| name: "{{ item.username }}" |
| groups: "{{ item.extra_groups }}" |
| append: true |
| with_items: "{{ userlist }}" |
| |
| - name: Add ssh key to user account, removing all others |
| when: "item.ssh_key | default(true)" |
| authorized_key: |
| user: "{{ item.username }}" |
| key: "{{ lookup('file', item.username ~ '.pub') }}" |
| exclusive: true |
| with_items: "{{ userlist }}" |
| |
| - name: Add users_sudoers file (if specified) |
| when: "users_sudoers | length > 0" |
| template: |
| src: "users_sudoers.j2" |
| dest: "/etc/sudoers.d/users_sudoers" |
| owner: "root" |
| group: "root" |
| mode: 0440 |
| validate: "visudo -c -s -f %s" |