Jérémy Dubois
70ab0c80de
So that new users are not created and customized password are not reset based on vars files when executing evolixisation.yml again
91 lines
2 KiB
YAML
91 lines
2 KiB
YAML
# yamllint disable rule:line-length
|
|
---
|
|
- name: "Group '{{ user.name }}' is present"
|
|
ansible.builtin.group:
|
|
state: present
|
|
name: "{{ user.name }}"
|
|
gid: "{{ user.uid }}"
|
|
tags:
|
|
- accounts
|
|
- admin
|
|
- users
|
|
|
|
- name: "User '{{ user.name }}' is present"
|
|
ansible.builtin.user:
|
|
state: present
|
|
name: '{{ user.name }}'
|
|
uid: '{{ user.uid }}'
|
|
password: '{{ user.password_hash_openbsd }}'
|
|
group: "{{ user.name }}"
|
|
groups: wheel
|
|
shell: /bin/ksh
|
|
append: true
|
|
tags:
|
|
- accounts
|
|
- admin
|
|
- users
|
|
|
|
- name: "Gather available local users for usage in check_mode"
|
|
ansible.builtin.getent:
|
|
database: passwd
|
|
tags:
|
|
- accounts
|
|
- admin
|
|
- users
|
|
|
|
- name: "Home directory for '{{ user.name }}' is only accesible by owner"
|
|
ansible.builtin.file:
|
|
name: '/home/{{ user.name }}'
|
|
mode: "0700"
|
|
owner: "{{ user.name }}"
|
|
group: "{{ user.name }}"
|
|
state: directory
|
|
when: user.name in getent_passwd.keys()
|
|
tags:
|
|
- accounts
|
|
- admin
|
|
- users
|
|
|
|
- name: "SSH public keys for '{{ user.name }}' are present"
|
|
ansible.posix.authorized_key:
|
|
user: "{{ user.name }}"
|
|
key: "{{ ssk_key }}"
|
|
state: present
|
|
with_items: "{{ user.ssh_keys }}"
|
|
loop_control:
|
|
loop_var: ssk_key
|
|
when:
|
|
- user.ssh_keys is defined
|
|
- user.name in getent_passwd.keys()
|
|
tags:
|
|
- accounts
|
|
- admin
|
|
- users
|
|
|
|
- name: "Gather available local groups for usage in check_mode"
|
|
ansible.builtin.getent:
|
|
database: group
|
|
tags:
|
|
- accounts
|
|
- admin
|
|
- users
|
|
|
|
- name: "Add {{ user.name }} to {{ evobsd_internal_group }}, {{ evobsd_ssh_group }}, {{ evobsd_sudo_group }} group"
|
|
ansible.builtin.user:
|
|
name: "{{ user.name }}"
|
|
groups: "{{ groups_item }}"
|
|
append: true
|
|
with_items:
|
|
- "{{ evobsd_internal_group }}"
|
|
- "{{ evobsd_ssh_group }}"
|
|
- "{{ evobsd_sudo_group }}"
|
|
loop_control:
|
|
loop_var: groups_item
|
|
when:
|
|
- user.name in getent_passwd.keys()
|
|
- groups_item in getent_group.keys()
|
|
tags:
|
|
- accounts
|
|
- admin
|
|
- users
|