65 lines
1.4 KiB
YAML
65 lines
1.4 KiB
YAML
---
|
|
- name: Test if uid exists
|
|
command: 'getent passwd {{ uid }}'
|
|
register: uidisbusy
|
|
ignore_errors: True
|
|
changed_when: False
|
|
check_mode: no
|
|
tags:
|
|
- app_user
|
|
|
|
- name: Add Unix account with uid {{ uid }} for {{ username }}
|
|
user:
|
|
uid: '{{ uid }}'
|
|
name: '{{ username }}'
|
|
shell: /bin/bash
|
|
update_password: on_create
|
|
state: present
|
|
when: uidisbusy|failed
|
|
tags:
|
|
- app_user
|
|
|
|
- name: Add Unix account with random uid for {{ username }}
|
|
user:
|
|
name: '{{ username }}'
|
|
shell: /bin/bash
|
|
update_password: on_create
|
|
state: present
|
|
when: uidisbusy|success
|
|
tags:
|
|
- app_user
|
|
|
|
- name: the www-data user must be in the {{ username }} group
|
|
user:
|
|
name: www-data
|
|
groups: '{{ username }}'
|
|
append: yes
|
|
tags:
|
|
- app_user
|
|
|
|
- name: add {{ username }} in the adm group (for logs)
|
|
user:
|
|
name: '{{ username }}'
|
|
groups: adm
|
|
append: yes
|
|
tags:
|
|
- app_user
|
|
|
|
# Home directory must be accessible to the group (for www-data)
|
|
- name: Fix perms on homedirectory for {{ username }}
|
|
file:
|
|
name: '/home/{{ username }}'
|
|
mode: "750"
|
|
state: directory
|
|
tags:
|
|
- app_user
|
|
|
|
# - name: Add evomaintenance trap for {{ username }}
|
|
# lineinfile:
|
|
# dest: '/home/{{ username }}/.profile'
|
|
# insertafter: EOF
|
|
# line: 'trap "sudo /usr/share/scripts/evomaintenance.sh" 0'
|
|
# state: absent
|
|
# tags:
|
|
# - app_user
|