diff --git a/roles/accounts/tasks/main.yml b/roles/accounts/tasks/main.yml index 27b4b90..0524374 100644 --- a/roles/accounts/tasks/main.yml +++ b/roles/accounts/tasks/main.yml @@ -1,26 +1,7 @@ --- -- name: Create admins accounts - user: - state: present - name: '{{ item.value.name }}' - uid: '{{ item.value.uid }}' - password: '{{ item.value.password_hash_openbsd }}' - groups: wheel - shell: /bin/ksh - append: yes - with_dict: - "{{ evolix_users }}" - tags: - - admin - -- name: Add admins ssh keys - lineinfile: - state: present - dest: '/home/{{ item.value.name }}/.ssh/authorized_keys' - line: '{{ item.value.ssh_keys }}' - create: yes - with_dict: - "{{ evolix_users }}" - tags: - - admin - +- name: Create user accounts + include: user.yml + vars: + user: "{{ item.value }}" + with_dict: "{{ evolinux_users }}" + when: evolinux_users != {} \ No newline at end of file diff --git a/roles/accounts/tasks/user.yml b/roles/accounts/tasks/user.yml new file mode 100644 index 0000000..109c8a5 --- /dev/null +++ b/roles/accounts/tasks/user.yml @@ -0,0 +1,24 @@ +--- +- name: "User '{{ user.name }}' is present" + user: + state: present + name: '{{ user.name }}' + uid: '{{ user.uid }}' + password: '{{ user.password_hash_openbsd }}' + groups: wheel + shell: /bin/ksh + append: yes + tags: + - admin + +- name: "SSH public keys for '{{ user.name }}' are present" + authorized_key: + user: "{{ user.name }}" + key: "{{ ssk_key }}" + state: present + with_items: "{{ user.ssh_keys }}" + loop_control: + loop_var: ssk_key + when: user.ssh_keys is defined + tags: + - admin \ No newline at end of file diff --git a/roles/base/tasks/evobackup.yml b/roles/base/tasks/evobackup.yml index 3ac7b05..669c86f 100644 --- a/roles/base/tasks/evobackup.yml +++ b/roles/base/tasks/evobackup.yml @@ -15,6 +15,6 @@ path: /etc/daily.local line: '#sh /usr/share/scripts/zzz_evobackup' owner: root - mode: "0700" + mode: "0644" tags: - evobackup