Sandwich
8071a7c56c
Flat network fields (bridge, ip, prefix, gateway, vlan) are now converted into a single-entry interfaces[] list during normalization. All virtualization tasks (proxmox, vmware, libvirt, xen) and configuration (NM, Alpine, Void) now consume system_cfg.network.interfaces exclusively for multi-NIC support. Also fixes: user.key -> user.keys in system_cfg output, strict list-only DNS in example inventories, removes legacy single-MAC virtualization_mac_address default.
39 lines
1.3 KiB
YAML
39 lines
1.3 KiB
YAML
---
|
|
- name: Create user account
|
|
vars:
|
|
configuration_user_group: >-
|
|
{{ "sudo" if is_debian | bool else "wheel" }}
|
|
configuration_useradd_cmd: >-
|
|
{{ chroot_command }} /usr/sbin/useradd --create-home --user-group
|
|
--groups {{ configuration_user_group }} {{ system_cfg.user.name }}
|
|
--password {{ system_cfg.user.password | password_hash('sha512') }} --shell /bin/bash
|
|
configuration_root_cmd: >-
|
|
{{ chroot_command }} /usr/sbin/usermod --password
|
|
'{{ system_cfg.root.password | password_hash('sha512') }}' root --shell /bin/bash
|
|
ansible.builtin.command: "{{ item }}"
|
|
loop:
|
|
- "{{ configuration_useradd_cmd }}"
|
|
- "{{ configuration_root_cmd }}"
|
|
register: configuration_user_result
|
|
changed_when: configuration_user_result.rc == 0
|
|
|
|
- name: Ensure .ssh directory exists
|
|
when: system_cfg.user.keys | length > 0
|
|
ansible.builtin.file:
|
|
path: /mnt/home/{{ system_cfg.user.name }}/.ssh
|
|
state: directory
|
|
owner: 1000
|
|
group: 1000
|
|
mode: "0700"
|
|
|
|
- name: Add SSH public keys to authorized_keys
|
|
when: system_cfg.user.keys | length > 0
|
|
ansible.builtin.lineinfile:
|
|
path: /mnt/home/{{ system_cfg.user.name }}/.ssh/authorized_keys
|
|
line: "{{ item }}"
|
|
owner: 1000
|
|
group: 1000
|
|
mode: "0600"
|
|
create: true
|
|
loop: "{{ system_cfg.user.keys }}"
|