forked from evolix/ansible-roles
evolinux-users: add user to internal group if defined and Debian >= 9
This commit is contained in:
parent
74ca43fe05
commit
c87e3ee576
|
@ -34,4 +34,5 @@ evolinux_users:
|
|||
|
||||
* `evolinux_sudo_group`: which group to use for sudo (default: `evolinux-sudo`)
|
||||
* `evolinux_ssh_group`: which group to use for ssh (default: `evolinux-ssh`)
|
||||
* `evolinux_internal_group`: which group to use for all created users (eg. the company name)
|
||||
* `evolinux_root_disable_ssh`: disable root's ssh access (default: `True`)
|
||||
|
|
|
@ -3,5 +3,6 @@ evolinux_users: {}
|
|||
|
||||
evolinux_sudo_group: "evolinux-sudo"
|
||||
evolinux_ssh_group: "evolinux-ssh"
|
||||
evolinux_internal_group: ""
|
||||
|
||||
evolinux_root_disable_ssh: True
|
||||
|
|
|
@ -43,6 +43,8 @@
|
|||
|
||||
# Unix groups
|
||||
|
||||
## Group for SSH authorizations
|
||||
|
||||
- name: "Unix group '{{ evolinux_ssh_group }}' is present (Debian 10 or later)"
|
||||
group:
|
||||
name: "{{ evolinux_ssh_group }}"
|
||||
|
@ -56,6 +58,29 @@
|
|||
append: yes
|
||||
when: ansible_distribution_major_version | version_compare('10', '>=')
|
||||
|
||||
## Optional group for all evolinux users
|
||||
|
||||
- name: "Unix group '{{ evolinux_internal_group }}' is present (Debian 9 or later)"
|
||||
group:
|
||||
name: "{{ evolinux_internal_group }}"
|
||||
state: present
|
||||
when:
|
||||
- evolinux_internal_group is defined
|
||||
- evolinux_internal_group != ""
|
||||
- ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
- name: "Unix user '{{ user.name }}' belongs to group '{{ evolinux_internal_group }}' (Debian 9 or later)"
|
||||
user:
|
||||
name: '{{ user.name }}'
|
||||
groups: "{{ evolinux_internal_group }}"
|
||||
append: yes
|
||||
when:
|
||||
- evolinux_internal_group is defined
|
||||
- evolinux_internal_group != ""
|
||||
- ansible_distribution_major_version | version_compare('9', '>=')
|
||||
|
||||
## Optional secondary groups, defined per user
|
||||
|
||||
- name: "Secondary Unix groups are present"
|
||||
group:
|
||||
name: "{{ group }}"
|
||||
|
@ -71,6 +96,8 @@
|
|||
append: yes
|
||||
when: user.groups is defined
|
||||
|
||||
# Permissions on home directory
|
||||
|
||||
- name: "Home directory for '{{ user.name }}' is not accessible by group and other users"
|
||||
file:
|
||||
name: '/home/{{ user.name }}'
|
||||
|
@ -86,7 +113,7 @@
|
|||
check_mode: no
|
||||
register: grep_profile_evomaintenance
|
||||
|
||||
# Don't add the trap if it is present or commented
|
||||
## Don't add the trap if it is present or commented
|
||||
- name: "User '{{ user.name }}' has its shell trap for evomaintenance"
|
||||
lineinfile:
|
||||
state: present
|
||||
|
|
Loading…
Reference in a new issue