You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
90 lines
2.8 KiB
YAML
90 lines
2.8 KiB
YAML
---
|
|
# remove user when remove variable is defined
|
|
- name: remove user
|
|
user: state=absent remove=yes
|
|
name={{ item.name }}
|
|
when: item.state == 'absent'
|
|
with_items:
|
|
- "{{ users }}"
|
|
|
|
- name: Ensure all groups are present or absent
|
|
group:
|
|
name: '{{ item.name | default(item) }}'
|
|
state: '{{ item.state | default("present") }}'
|
|
with_items: '{{ user_groups }}'
|
|
|
|
- name: get bash's path
|
|
command: which bash
|
|
register: bash_path
|
|
check_mode: no
|
|
changed_when: false
|
|
|
|
- name: create user
|
|
user:
|
|
state: present
|
|
name: "{{ item.username if item.username is defined else item.name }}"
|
|
groups:
|
|
- "{{ item.groups | default([]) | join(',')}}"
|
|
- "{{ 'sudo,adm' if item.sudo is defined and item.sudo }}"
|
|
append: true
|
|
shell: '{{ item.shell | default(bash_path.stdout) }}'
|
|
home: "{{ item.home | default('/home/' + (item.username | default(item.name))) }}"
|
|
with_items:
|
|
- "{{ users }}"
|
|
when: item.state != 'absent'
|
|
|
|
- name: add user's authorized_keys
|
|
authorized_key: user="{{ item.username if item.username is defined else item.name }}" manage_dir=true key="{{ item.public_key }}"
|
|
state=present exclusive=yes
|
|
with_items:
|
|
- "{{ users }}"
|
|
when: item.state != 'absent' and item.public_key is defined
|
|
|
|
- name: add user to root's authorized_keys
|
|
authorized_key: user="root" manage_dir=true key="{{ item.public_key }}"
|
|
state=present
|
|
with_items:
|
|
- "{{ users }}"
|
|
when: item.state != 'absent' and item.public_key is defined and item.sudo is defined and item.sudo
|
|
|
|
- name: remove user from root's authorized_keys
|
|
authorized_key: user="root" manage_dir=true key="{{ item.public_key }}"
|
|
state=absent
|
|
with_items:
|
|
- "{{ users }}"
|
|
when: item.state == 'absent' and item.public_key is defined
|
|
|
|
- name: create pve admin-group
|
|
command:
|
|
cmd: 'pveum groupadd admin -comment "System Administrators"'
|
|
when: "'proxmox' in group_names"
|
|
ignore_errors: True
|
|
|
|
- name: give pve admin-group privileges
|
|
command:
|
|
cmd: 'pveum aclmod / -group admin -role Administrator'
|
|
when: "'proxmox' in group_names"
|
|
|
|
- name: create pve user
|
|
command:
|
|
cmd: 'pveum useradd {{ item.username if item.username is defined else item.name }}@pam'
|
|
with_items:
|
|
- "{{ users }}"
|
|
when: item.state != 'absent' and 'proxmox' in group_names
|
|
ignore_errors: True
|
|
|
|
- name: disable pve user
|
|
command:
|
|
cmd: 'pveum usermod {{ item.username if item.username is defined else item.name }}@pam -enable 0'
|
|
with_items:
|
|
- "{{ users }}"
|
|
when: item.state == 'absent' and 'proxmox' in group_names
|
|
ignore_errors: True
|
|
|
|
- name: add user to pve admin group
|
|
command:
|
|
cmd: 'pveum usermod {{ item.username if item.username is defined else item.name }}@pam -group admin'
|
|
with_items:
|
|
- "{{ users }}"
|
|
when: item.state != 'absent' and 'proxmox' in group_names and item.sudo is defined and item.sudo
|