sandwich/Ansible-Bootstrap
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor(users): change system.users from list to dict keyed by username

Browse Source
This commit is contained in:
MORAWSKI Norbert
2026-03-20 14:33:13 +01:00
parent 398f1b081d
commit c0e672a32a
9 changed files with 73 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
roles/configuration/tasks/users.yml
View File

@@ -26,44 +26,43 @@
- name: Create user accounts
vars:
configuration_user_group: "{{ _configuration_platform.user_group }}"
# UID starts at 1000; safe for fresh installs only
configuration_useradd_cmd: >-
{{ chroot_command }} /usr/sbin/useradd --create-home --user-group
--uid {{ 1000 + ansible_loop.index0 }}
--groups {{ configuration_user_group }} {{ item.name }}
--password {{ item.password | password_hash('sha512') }} --shell {{ item.shell | default('/bin/bash') }}
--uid {{ 1000 + _idx }}
--groups {{ configuration_user_group }} {{ item.key }}
{{ ('--password ' ~ (item.value.password | password_hash('sha512'))) if (item.value.password | default('') | string | length > 0) else '' }}
--shell {{ item.value.shell | default('/bin/bash') }}
ansible.builtin.command: "{{ configuration_useradd_cmd }}"
loop: "{{ system_cfg.users }}"
loop: "{{ system_cfg.users | dict2items }}"
loop_control:
extended: true
label: "{{ item.name }}"
index_var: _idx
label: "{{ item.key }}"
register: configuration_user_result
changed_when: configuration_user_result.rc == 0
no_log: true
- name: Ensure .ssh directory exists
when: "'keys' in item and item['keys'] is iterable and item['keys'] is not string and item['keys'] | length > 0"
when: (item.value['keys'] | default([]) | length) > 0
ansible.builtin.file:
path: "/mnt/home/{{ item.name }}/.ssh"
path: "/mnt/home/{{ item.key }}/.ssh"
state: directory
owner: "{{ 1000 + ansible_loop.index0 }}"
group: "{{ 1000 + ansible_loop.index0 }}"
owner: "{{ 1000 + _idx }}"
group: "{{ 1000 + _idx }}"
mode: "0700"
loop: "{{ system_cfg.users }}"
loop: "{{ system_cfg.users | dict2items }}"
loop_control:
extended: true
label: "{{ item.name }}"
index_var: _idx
label: "{{ item.key }}"
- name: Add SSH public keys to authorized_keys
vars:
configuration_uid: "{{ 1000 + (system_cfg.users | map(attribute='name') | list).index(item.0.name) }}"
ansible.builtin.lineinfile:
path: "/mnt/home/{{ item.0.name }}/.ssh/authorized_keys"
line: "{{ item.1 }}"
owner: "{{ configuration_uid }}"
group: "{{ configuration_uid }}"
- name: Deploy SSH authorized_keys
when: (item.value['keys'] | default([]) | length) > 0
ansible.builtin.copy:
content: "{{ item.value['keys'] | join('\n') }}\n"
dest: "/mnt/home/{{ item.key }}/.ssh/authorized_keys"
owner: "{{ 1000 + _idx }}"
group: "{{ 1000 + _idx }}"
mode: "0600"
create: true
loop: "{{ system_cfg.users | subelements('keys', skip_missing=True) }}"
loop: "{{ system_cfg.users | dict2items }}"
loop_control:
label: "{{ item.0.name }}: {{ item.1[:40] }}..."
index_var: _idx
label: "{{ item.key }}"