48 lines
1.1 KiB
YAML
48 lines
1.1 KiB
YAML
---
|
|
- name: Add users | create users, shell, home dirs
|
|
user:
|
|
name: "{{ item }}"
|
|
shell: /bin/bash
|
|
createhome: yes
|
|
comment: 'created with ansible'
|
|
password_lock: true
|
|
append: true
|
|
with_items:
|
|
- "{{ admin_users }}"
|
|
|
|
- name: Create .ssh user directories
|
|
file:
|
|
path: "{{ '/home/' + item + '/.ssh' }}"
|
|
state: directory
|
|
mode: "0700"
|
|
owner: "{{ item }}"
|
|
group: "{{ item }}"
|
|
with_items:
|
|
- "{{ admin_users }}"
|
|
|
|
- name: Set authorized keys for users
|
|
copy:
|
|
src: "{{'users/' + item + '_authorized_keys'}}"
|
|
remote_src: no
|
|
dest: "{{ '/home/' + item + '/.ssh/authorized_keys' }}"
|
|
mode: "0600"
|
|
owner: "{{ item }}"
|
|
group: "{{ item }}"
|
|
with_items:
|
|
- "{{ admin_users }}"
|
|
|
|
- name: Place users in sudo group
|
|
user:
|
|
name: "{{ item }}"
|
|
groups: sudo
|
|
append: yes
|
|
with_items:
|
|
- "{{ admin_users }}"
|
|
|
|
- name: Configure group sudo for sudoers without password
|
|
lineinfile:
|
|
path: /etc/sudoers
|
|
state: present
|
|
regexp: '^%sudo\s'
|
|
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
|
|
validate: /usr/sbin/visudo -cf %s
|