netz39-infra-ansible/roles/users/tasks/main.yml

58 lines
1.2 KiB
YAML
Raw Permalink Normal View History

2020-12-09 18:34:28 +01:00
---
- name: Ensure sudo is installed
package:
name:
2020-12-28 22:53:53 +01:00
- sudo
2020-12-09 18:34:28 +01:00
state: present
- name: Configure group sudo for sudoers without password
lineinfile:
path: /etc/sudoers
state: present
regexp: '^%sudo\s'
2020-12-28 22:53:53 +01:00
line: "%sudo ALL=(ALL) NOPASSWD: ALL"
2020-12-09 18:34:28 +01:00
validate: /usr/sbin/visudo -cf %s
- name: Add users | create users' shell and home dir
user:
name: "{{ item.logname }}"
shell: /bin/bash
createhome: yes
comment: "{{ item.viewname }}"
with_items: "{{ users }}"
- name: Add authorized keys for user
authorized_key:
user: "{{ item.0.logname }}"
key: "{{ item.1 }}"
state: present
with_subelements:
- "{{ users }}"
- ssh_pub
2020-12-28 22:53:53 +01:00
- skip_missing: true
2020-12-09 18:34:28 +01:00
- name: Place user in sudo group
user:
name: "{{ item.logname }}"
2020-12-28 22:53:53 +01:00
groups: [sudo]
2020-12-09 18:34:28 +01:00
append: yes
2020-12-12 23:10:18 +01:00
when: item.sudo
2020-12-09 18:34:28 +01:00
with_items: "{{ users }}"
2020-12-11 11:17:12 +01:00
- name: Check if /etc/aliases exists
stat:
path: /etc/aliases
register: aliases
2020-12-11 11:17:12 +01:00
- name: Set system email alias
lineinfile:
path: /etc/aliases
state: present
regexp: "^{{ item.logname }}:"
line: "{{ item.logname }}: {{ item.email }}"
notify: Update aliases
when:
- item.email is defined
- aliases.stat.exists
2020-12-11 11:17:12 +01:00
with_items: "{{ users }}"