Jérémy Lecour
7b88393ccf
* rename admin-users to evolinux-users * splitting the "sudo" part for users between jessie and stretch * with stretch, the sudo group is customizable and properly configured * import evolinux-users role from evolinux-base at proper time to ensure ssh connections are possible for other users before cutting root's access * evomaintenance is also included in evolinux-base to have it available when users are created
43 lines
1.1 KiB
YAML
43 lines
1.1 KiB
YAML
---
|
|
|
|
- name: "Test if '{{ user.name }}' exists"
|
|
command: 'getent passwd {{ user.name }}'
|
|
register: loginisbusy
|
|
failed_when: False
|
|
changed_when: False
|
|
check_mode: no
|
|
|
|
- name: "Test if uid exists for '{{ user.name }}'"
|
|
command: 'getent passwd {{ user.uid }}'
|
|
register: uidisbusy
|
|
failed_when: False
|
|
changed_when: False
|
|
check_mode: no
|
|
|
|
- name: "Add Unix account with classical uid for '{{ user.name }}'"
|
|
user:
|
|
state: present
|
|
uid: '{{ user.uid }}'
|
|
name: '{{ user.name }}'
|
|
comment: '{{ user.fullname }}'
|
|
shell: /bin/bash
|
|
password: '{{ user.password_hash }}'
|
|
update_password: on_create
|
|
when: loginisbusy.rc != 0 and uidisbusy.rc != 0
|
|
|
|
- name: "Add Unix account with random uid for '{{ user.name }}'"
|
|
user:
|
|
state: present
|
|
name: '{{ user.name }}'
|
|
comment: '{{ user.fullname }}'
|
|
shell: /bin/bash
|
|
password: '{{ user.password_hash }}'
|
|
update_password: on_create
|
|
when: loginisbusy.rc != 0 and uidisbusy.rc == 0
|
|
|
|
- name: "Fix perms on homedirectory for '{{ user.name }}'"
|
|
file:
|
|
name: '/home/{{ user.name }}'
|
|
mode: "0700"
|
|
state: directory
|