69 lines
2.5 KiB
YAML
69 lines
2.5 KiB
YAML
---
|
|
- name: Set root password
|
|
when: (system_cfg.root.password | default('') | string | length) > 0
|
|
ansible.builtin.shell: >-
|
|
set -o pipefail &&
|
|
echo 'root:{{ system_cfg.root.password | password_hash("sha512") }}' | {{ chroot_command }} /usr/sbin/chpasswd -e
|
|
args:
|
|
executable: /bin/bash
|
|
register: configuration_root_result
|
|
changed_when: configuration_root_result.rc == 0
|
|
no_log: true
|
|
|
|
- name: Lock root account when no password is set
|
|
when: (system_cfg.root.password | default('') | string | length) == 0
|
|
ansible.builtin.command: >-
|
|
{{ chroot_command }} /usr/bin/passwd -l root
|
|
register: configuration_root_lock_result
|
|
changed_when: configuration_root_lock_result.rc == 0
|
|
|
|
- name: Set root shell
|
|
ansible.builtin.command: >-
|
|
{{ chroot_command }} /usr/sbin/usermod --shell {{ system_cfg.root.shell }} root
|
|
register: configuration_root_shell_result
|
|
changed_when: configuration_root_shell_result.rc == 0
|
|
|
|
- name: Create user accounts
|
|
vars:
|
|
configuration_user_group: "{{ _configuration_platform.user_group }}"
|
|
configuration_useradd_cmd: >-
|
|
{{ chroot_command }} /usr/sbin/useradd --create-home --user-group
|
|
--uid {{ 1000 + _idx }}
|
|
--groups {{ configuration_user_group }} {{ item.key }}
|
|
{{ ('--password ' ~ (item.value.password | password_hash('sha512'))) if (item.value.password | default('') | string | length > 0) else '' }}
|
|
--shell {{ item.value.shell | default('/bin/bash') }}
|
|
ansible.builtin.command: "{{ configuration_useradd_cmd }}"
|
|
loop: "{{ system_cfg.users | dict2items }}"
|
|
loop_control:
|
|
index_var: _idx
|
|
label: "{{ item.key }}"
|
|
register: configuration_user_result
|
|
changed_when: configuration_user_result.rc == 0
|
|
no_log: true
|
|
|
|
- name: Ensure .ssh directory exists
|
|
when: (item.value['keys'] | default([]) | length) > 0
|
|
ansible.builtin.file:
|
|
path: "/mnt/home/{{ item.key }}/.ssh"
|
|
state: directory
|
|
owner: "{{ 1000 + _idx }}"
|
|
group: "{{ 1000 + _idx }}"
|
|
mode: "0700"
|
|
loop: "{{ system_cfg.users | dict2items }}"
|
|
loop_control:
|
|
index_var: _idx
|
|
label: "{{ item.key }}"
|
|
|
|
- name: Deploy SSH authorized_keys
|
|
when: (item.value['keys'] | default([]) | length) > 0
|
|
ansible.builtin.copy:
|
|
content: "{{ item.value['keys'] | join('\n') }}\n"
|
|
dest: "/mnt/home/{{ item.key }}/.ssh/authorized_keys"
|
|
owner: "{{ 1000 + _idx }}"
|
|
group: "{{ 1000 + _idx }}"
|
|
mode: "0600"
|
|
loop: "{{ system_cfg.users | dict2items }}"
|
|
loop_control:
|
|
index_var: _idx
|
|
label: "{{ item.key }}"
|