50 lines
1.7 KiB
YAML
50 lines
1.7 KiB
YAML
---
|
|
- name: Create local user accounts
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
shell: "{{ item.shell }}"
|
|
uid: "{{ item.userid }}"
|
|
expires: "{{ (((item.expiry_date + ' 00:00:00') | to_datetime).strftime('%s')) if item.expiry_date is defined else omit }}"
|
|
home: "{{ item.home | default(omit) }}"
|
|
groups: "{{ item.groups | default(omit) }}"
|
|
loop: "{{ local_accounts_list }}"
|
|
|
|
- name: Add home
|
|
ansible.builtin.set_fact:
|
|
accounts_with_home: "{{ accounts_with_home | default([]) + [item | combine({'home': item.home | default('/home/' + item.name)})] }}"
|
|
loop: "{{ local_accounts_list }}"
|
|
|
|
- name: Determine key path
|
|
ansible.builtin.set_fact:
|
|
key_path: "{{ (local_accounts_pk_path | default('/tmp')) | regex_replace('/$', '') }}/id_rsa"
|
|
|
|
- name: Generate SSH key pairs for local users
|
|
community.crypto.openssh_keypair:
|
|
path: "{{ key_path }}_{{ item.name }}"
|
|
type: ed25519
|
|
loop: "{{ accounts_with_home }}"
|
|
when: item.passwordless | default(false) | bool
|
|
delegate_to: localhost
|
|
run_once: true
|
|
become: false
|
|
|
|
- name: Ensure .ssh directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ item.home }}/.ssh"
|
|
state: directory
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: '0700'
|
|
loop: "{{ accounts_with_home }}"
|
|
when: item.passwordless | default(false) | bool
|
|
|
|
- name: Copy public keys to authorized_keys for passwordless authentication
|
|
ansible.builtin.copy:
|
|
content: "{{ lookup('file', key_path + '_' + item.name + '.pub') }}"
|
|
dest: "{{ item.home }}/.ssh/authorized_keys"
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: '0600'
|
|
loop: "{{ accounts_with_home }}"
|
|
when: not ansible_check_mode and item.passwordless | default(false) | bool
|