aboutsummaryrefslogtreecommitdiff
path: root/os/config/roles/users/tasks
diff options
context:
space:
mode:
Diffstat (limited to 'os/config/roles/users/tasks')
-rw-r--r--os/config/roles/users/tasks/main.yml39
1 files changed, 39 insertions, 0 deletions
diff --git a/os/config/roles/users/tasks/main.yml b/os/config/roles/users/tasks/main.yml
new file mode 100644
index 0000000..990a041
--- /dev/null
+++ b/os/config/roles/users/tasks/main.yml
@@ -0,0 +1,39 @@
+- name: Add users in the system
+ user:
+ name: "{{ item.username }}"
+ #groups: docker
+ shell: "{{ item.shell | default('/bin/bash') }}"
+ append: no
+ loop: "{{ active_users
+ | selectattr('is_admin', 'defined')
+ | rejectattr('is_admin')
+ | list
+ | union( active_users
+ | selectattr('is_admin', 'undefined')
+ | list )}}"
+
+- name: Set admin rights
+ user:
+ name: "{{ item.username }}"
+ groups: docker, sudo
+ shell: "{{ item.shell | default('/bin/bash') }}"
+ append: no
+ loop: "{{ active_users
+ | selectattr('is_admin', 'defined')
+ | selectattr('is_admin')
+ | list }}"
+
+# [V How SSH Key works] magic is done by subelements, understand the trick at:
+# https://docs.ansible.com/ansible/latest/user_guide/playbooks_filters.html#subelements-filter
+- name: Add SSH keys
+ authorized_key:
+ user: "{{ item.0.username }}"
+ state: present
+ key: "{{ lookup('file', item.1) }}"
+ loop: "{{ active_users | subelements('ssh_keys', skip_missing=True) }}"
+
+- name: Disable old users
+ user:
+ name: "{{ item }}"
+ state: absent
+ loop: "{{ disabled_users }}"