EvoBSD/roles/accounts/tasks/user.yml

64 lines
1.4 KiB
YAML

# yamllint disable rule:line-length
---
- name: "Group '{{ user.name }}' is present"
group:
state: present
name: "{{ user.name }}"
gid: "{{ user.uid }}"
tags:
- accounts
- admin
- name: "User '{{ user.name }}' is present"
user:
state: present
name: '{{ user.name }}'
uid: '{{ user.uid }}'
password: '{{ user.password_hash_openbsd }}'
group: "{{ user.name }}"
groups: wheel
shell: /bin/ksh
append: true
tags:
- accounts
- admin
- name: "Home directory for '{{ user.name }}' is only accesible by owner"
file:
name: '/home/{{ user.name }}'
mode: "0700"
owner: "{{ user.name }}"
group: "{{ user.name }}"
state: directory
tags:
- accounts
- admin
- name: "SSH public keys for '{{ user.name }}' are present"
authorized_key:
user: "{{ user.name }}"
key: "{{ ssk_key }}"
state: present
with_items: "{{ user.ssh_keys }}"
loop_control:
loop_var: ssk_key
when: user.ssh_keys is defined
tags:
- accounts
- admin
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
user:
name: "{{ user.name }}"
groups: "{{ groups_item }}"
append: true
with_items:
- "{{ evobsd_internal_group }}"
- "{{ evobsd_ssh_group }}"
- "{{ evobsd_sudo_group }}"
loop_control:
loop_var: groups_item
tags:
- accounts
- admin