refactor(users): migrate system.user to system.users[] for multi-user support
This commit is contained in:
@@ -1,38 +1,53 @@
|
||||
---
|
||||
- name: Create user account
|
||||
- name: Set root password
|
||||
vars:
|
||||
configuration_root_cmd: >-
|
||||
{{ chroot_command }} /usr/sbin/usermod --password
|
||||
'{{ system_cfg.root.password | password_hash('sha512') }}' root --shell /bin/bash
|
||||
ansible.builtin.command: "{{ configuration_root_cmd }}"
|
||||
register: configuration_root_result
|
||||
changed_when: configuration_root_result.rc == 0
|
||||
|
||||
- name: Create user accounts
|
||||
vars:
|
||||
configuration_user_group: >-
|
||||
{{ "sudo" if is_debian | bool else "wheel" }}
|
||||
configuration_useradd_cmd: >-
|
||||
{{ chroot_command }} /usr/sbin/useradd --create-home --user-group
|
||||
--groups {{ configuration_user_group }} {{ system_cfg.user.name }}
|
||||
--password {{ system_cfg.user.password | password_hash('sha512') }} --shell /bin/bash
|
||||
configuration_root_cmd: >-
|
||||
{{ chroot_command }} /usr/sbin/usermod --password
|
||||
'{{ system_cfg.root.password | password_hash('sha512') }}' root --shell /bin/bash
|
||||
ansible.builtin.command: "{{ item }}"
|
||||
loop:
|
||||
- "{{ configuration_useradd_cmd }}"
|
||||
- "{{ configuration_root_cmd }}"
|
||||
--uid {{ 1000 + ansible_loop.index0 }}
|
||||
--groups {{ configuration_user_group }} {{ item.name }}
|
||||
--password {{ item.password | password_hash('sha512') }} --shell /bin/bash
|
||||
ansible.builtin.command: "{{ configuration_useradd_cmd }}"
|
||||
loop: "{{ system_cfg.users }}"
|
||||
loop_control:
|
||||
extended: true
|
||||
label: "{{ item.name }}"
|
||||
register: configuration_user_result
|
||||
changed_when: configuration_user_result.rc == 0
|
||||
|
||||
- name: Ensure .ssh directory exists
|
||||
when: system_cfg.user.keys | length > 0
|
||||
when: item.keys | default([]) | length > 0
|
||||
ansible.builtin.file:
|
||||
path: /mnt/home/{{ system_cfg.user.name }}/.ssh
|
||||
path: "/mnt/home/{{ item.name }}/.ssh"
|
||||
state: directory
|
||||
owner: 1000
|
||||
group: 1000
|
||||
owner: "{{ 1000 + ansible_loop.index0 }}"
|
||||
group: "{{ 1000 + ansible_loop.index0 }}"
|
||||
mode: "0700"
|
||||
loop: "{{ system_cfg.users }}"
|
||||
loop_control:
|
||||
extended: true
|
||||
label: "{{ item.name }}"
|
||||
|
||||
- name: Add SSH public keys to authorized_keys
|
||||
when: system_cfg.user.keys | length > 0
|
||||
vars:
|
||||
_uid: "{{ 1000 + (system_cfg.users | map(attribute='name') | list).index(item.0.name) }}"
|
||||
ansible.builtin.lineinfile:
|
||||
path: /mnt/home/{{ system_cfg.user.name }}/.ssh/authorized_keys
|
||||
line: "{{ item }}"
|
||||
owner: 1000
|
||||
group: 1000
|
||||
path: "/mnt/home/{{ item.0.name }}/.ssh/authorized_keys"
|
||||
line: "{{ item.1 }}"
|
||||
owner: "{{ _uid }}"
|
||||
group: "{{ _uid }}"
|
||||
mode: "0600"
|
||||
create: true
|
||||
loop: "{{ system_cfg.user.keys }}"
|
||||
loop: "{{ system_cfg.users | subelements('keys', skip_missing=True) }}"
|
||||
loop_control:
|
||||
label: "{{ item.0.name }}: {{ item.1[:40] }}..."
|
||||
|
||||
Reference in New Issue
Block a user