commit 81caf9170a5ef1e0c3d6fb05489aa52efc0caa3b
parent e587c3bdb2c9bf977cba8cb147aa0446fed5e628
Author: Andreas Gruhler <andreas.gruhler@adfinis-sygroup.ch>
Date: Thu, 19 Sep 2019 20:42:11 +0200
more defaults
Diffstat:
| M | ansible/playbook.yml | | | 93 | +++++++++++++++++++++++++++++++++++++++++-------------------------------------- |
1 file changed, 48 insertions(+), 45 deletions(-)
diff --git a/ansible/playbook.yml b/ansible/playbook.yml
@@ -55,50 +55,53 @@
group: '{{ ansible_user }}'
mode: '0600'
- - name: add additional users
- user:
- name: '{{ item.name }}'
- shell: /bin/bash
- groups: '{{ item.additional_groups }}'
- append: yes
- loop: '{{ additional_users }}'
- become: yes
-
- - name: generate additional users ssh keys
- user:
- name: '{{ item.name }}'
- generate_ssh_key: '{{ item.generate_ssh_key }}'
- loop: '{{ additional_users }}'
- when: item.generate_ssh_key | default(false, true) and not item.ssh_key | default(false, true)
- become: yes
-
- - name: ensure ssh directory for additional users exists
- file:
- path: '/home/{{ item.name }}/.ssh'
- state: directory
- mode: '0700'
- loop: '{{ additional_users }}'
- become: yes
-
- - name: set additional users ssh keys from existing key
- copy:
- src: '{{ item.ssh_key }}'
- dest: '/home/{{ item.name }}/.ssh/id_rsa'
- owner: '{{ item.name }}'
- group: '{{ item.name }}'
- mode: '0600'
- loop: '{{ additional_users }}'
- when: item.ssh_key | default(false, true) and not item.generate_ssh_key | default(false, true)
- become: yes
-
- - name: set authorized key for user
- authorized_key:
- user: '{{ item.name }}'
- state: present
- key: '{{ lookup("file", item.authorized_key) }}'
- loop: '{{ additional_users }}'
- when: item.authorized_key | default(false, true)
- become: yes
+ - block:
+ - name: add additional users
+ user:
+ name: '{{ item.name }}'
+ shell: /bin/bash
+ groups: '{{ item.additional_groups }}'
+ append: yes
+ loop: '{{ additional_users }}'
+ become: yes
+
+ - name: generate additional users ssh keys
+ user:
+ name: '{{ item.name }}'
+ generate_ssh_key: '{{ item.generate_ssh_key }}'
+ loop: '{{ additional_users }}'
+ when: item.generate_ssh_key | default(false, true) and not item.ssh_key | default(false, true)
+ become: yes
+
+ - name: ensure ssh directory for additional users exists
+ file:
+ path: '/home/{{ item.name }}/.ssh'
+ state: directory
+ mode: '0700'
+ loop: '{{ additional_users }}'
+ become: yes
+
+ - name: set additional users ssh keys from existing key
+ copy:
+ src: '{{ item.ssh_key }}'
+ dest: '/home/{{ item.name }}/.ssh/id_rsa'
+ owner: '{{ item.name }}'
+ group: '{{ item.name }}'
+ mode: '0600'
+ loop: '{{ additional_users }}'
+ when: item.ssh_key | default(false, true) and not item.generate_ssh_key | default(false, true)
+ become: yes
+
+ - name: set authorized key for user
+ authorized_key:
+ user: '{{ item.name }}'
+ state: present
+ key: '{{ lookup("file", item.authorized_key) }}'
+ loop: '{{ additional_users }}'
+ when: item.authorized_key | default(false, true)
+ become: yes
+ when: additional_users | default(false, true)
+ # endblock add additional users
- name: set passwordless login
lineinfile:
@@ -107,7 +110,7 @@
regexp: '^%{{ sudo_group }}'
line: '%{{ sudo_group }} ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
- when: ssh_passwordless_login
+ when: ssh_passwordless_login | default(false, true)
become: yes
- block:
