main.yml 1.77 KB
Newer Older
1
2
3
4
5
6
---

- name: create Arch Linux-specific groups
  group: name="{{ item }}" state=present system=no
  with_items: "{{ arch_groups }}"

7
8
9
10
11
- name: filter arch_users for users with non-matching hosts
  set_fact: arch_users_filtered="{{ (arch_users_filtered | default([])) + [ item ] }}"
  when: item.value.hosts is not defined or inventory_hostname in item.value.hosts
  with_dict: "{{ arch_users }}"

12
13
14
15
16
- name: create Arch Linux-specific users
  user:
    name: "{{ item.key }}"
    group: users
    groups: "{{ item.value.groups | join(',') }}"
17
    comment: "{{ item.value.name }}"
18
    shell: "{{ item.value.shell | default('/bin/bash') }}"
19
20
    password: ""
    update_password: on_create
21
    state: present
22
  loop: "{{ arch_users_filtered }}"
23

24
- name: create .ssh directory
25
  file: path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700
26
  loop: "{{ arch_users_filtered }}"
27

28
- name: configure ssh keys
29
  template: src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600
30
  when: item.value.ssh_key is defined
31
  loop: "{{ arch_users_filtered }}"
32

33
- name: remove ssh keys if undefined
34
  file: path=/home/{{ item.key }}/.ssh/authorized_keys state=absent
35
  when: item.value.ssh_key is not defined
36
  loop: "{{ arch_users_filtered }}"
37

38
39
40
41
- name: get list of remote users
  find: paths="/home" file_type="directory"
  register: all_users

Jelle van der Waa's avatar
Jelle van der Waa committed
42
  # TODO: this removes the keys of svn-packages and svn-community on gemini temporarily. add some form of whitelist for those users?
43
44
- name: disable ssh keys of disabled users
  file: path="/home/{{ item }}/.ssh/authorized_keys" state=absent
45
  when: item not in (arch_users_filtered | map(attribute='key'))
46
  with_items: "{{ all_users.files | map(attribute='path') | map('basename') | list }}"