tasks/main.yml

---
# users tasks/main.yml
#
# SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org>
# SPDX-License-Identifier: Apache-2.0

- name: include OS-specific vars
  include_vars: "{{ ansible_os_family }}.yml"

- name: include OS-specific tasks
  include_tasks: "{{ ansible_os_family }}.yml"

- name: Create groups
  group:
    name: "{{ item }}"
  with_items: "{{ users_groups }}"

- name: Create user accounts
  user:
    name: "{{ item.username }}"
    comment: "{{ item.fullname | default(item.username) }}"
    password: "{{ item[users_os_pw_type] }}"
    home: "{{ item.homedir | default(omit) }}"
    system: "{{ item.system | default(false) }}"
  with_items: "{{ userlist }}"

- name: Add user to sudo-capable group if they're a sudoer
  when: "'sudoer' in item and item.sudoer"
  user:
    name: "{{ item.username }}"
    groups: "{{ users_os_sudoers_group }}"
    append: true
  with_items: "{{ userlist }}"

- name: Add user to any extra_groups
  when: "'extra_groups' in item and item.extra_groups"
  user:
    name: "{{ item.username }}"
    groups: "{{ item.extra_groups }}"
    append: true
  with_items: "{{ userlist }}"

- name: Add ssh key to user account, removing all others
  when: "item.ssh_key | default(true)"
  authorized_key:
    user: "{{ item.username }}"
    key: "{{ lookup('file', item.username ~ '.pub') }}"
    exclusive: true
  with_items: "{{ userlist }}"

- name: Add users_sudoers file (if specified)
  when: "users_sudoers | length > 0"
  template:
    src: "users_sudoers.j2"
    dest: "/etc/sudoers.d/users_sudoers"
    owner: "root"
    group: "root"
    mode: 0440
    validate: "visudo -c -s -f %s"