53 lines
1.7 KiB
YAML
53 lines
1.7 KiB
YAML
---
|
|
- name: Create local user accounts
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
shell: "{{ item.shell }}"
|
|
uid: "{{ item.userid }}"
|
|
expires: "{{ (((item.expiry_date + ' 00:00:00') | to_datetime).strftime('%s')) if item.expiry_date is defined else omit }}"
|
|
home: "{{ item.home | default(omit)}}"
|
|
groups: "{{ item.groups | default(omit) }}"
|
|
loop: "{{ local_accounts_list }}"
|
|
|
|
- name: Add key_path to the user accounts
|
|
ansible.builtin.set_fact:
|
|
local_accounts_list_agg: >-
|
|
{{
|
|
local_accounts_list_agg | default([]) + [
|
|
item | combine({
|
|
'home': item.home | default('/home/' + item.name),
|
|
'key_path': local_accounts_key_path | regex_replace('/$', '') + '/id_' + local_accounts_key_type + '_' + item.name
|
|
})
|
|
]
|
|
}}
|
|
loop: "{{ local_accounts_list }}"
|
|
when: item.passwordless | default(false) | bool
|
|
|
|
- name: Generate SSH key pairs for local users
|
|
community.crypto.openssh_keypair:
|
|
path: "{{ item.key_path }}"
|
|
type: "{{ local_accounts_key_type }}"
|
|
loop: "{{ local_accounts_list_agg | default([]) }}"
|
|
delegate_to: localhost
|
|
run_once: true
|
|
become: false
|
|
|
|
- name: Ensure .ssh directory exists
|
|
ansible.builtin.file:
|
|
path: "{{ item.home }}/.ssh"
|
|
state: directory
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: '0700'
|
|
loop: "{{ local_accounts_list_agg | default([]) }}"
|
|
|
|
- name: Copy public keys to authorized_keys for passwordless authentication
|
|
ansible.builtin.copy:
|
|
content: "{{ lookup('file', item.key_path + '.pub') }}"
|
|
dest: "{{ item.home }}/.ssh/authorized_keys"
|
|
owner: "{{ item.name }}"
|
|
group: "{{ item.name }}"
|
|
mode: '0600'
|
|
loop: "{{ local_accounts_list_agg | default([]) }}"
|
|
when: not ansible_check_mode
|