34 lines
1.0 KiB
YAML
34 lines
1.0 KiB
YAML
- name: Prepare global users
|
|
block:
|
|
- name: Ensure required groups exist
|
|
ansible.builtin.group:
|
|
name: "{{ item.name }}"
|
|
state: "{{ item.state }}"
|
|
loop: "{{ user_groups }}"
|
|
|
|
- name: Allow passwordless sudo for certain groups
|
|
ansible.builtin.lineinfile:
|
|
dest: /etc/sudoers
|
|
state: present
|
|
regexp: '^%wheel'
|
|
line: '%wheel ALL=(ALL) NOPASSWD: ALL'
|
|
validate: 'visudo -cf %s'
|
|
when: 'item.sudo'
|
|
loop: "{{ user_groups }}"
|
|
|
|
- name: Create the users user
|
|
ansible.builtin.user:
|
|
name: "{{ item.name }}"
|
|
shell: /bin/bash
|
|
groups: "{% for grp in item.groups %}{{ grp }}{% if not loop.last %},{% endif %}{% endfor %}"
|
|
append: false
|
|
password:
|
|
loop: "{{ users }}"
|
|
|
|
- name: Set authorized keys for user
|
|
ansible.posix.authorized_key:
|
|
user: "{{ item.0.name }}"
|
|
state: "{{ item.1.state }}"
|
|
key: "{{ item.1.key }}"
|
|
loop: "{{ users | subelements('ssh_keys') }}"
|