diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..89c70da --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,43 @@ +--- + +- name: Users | Install sudo package + package: + name: sudo + state: present + +- name: Users | Deploy /etc/sudoers + template: + src: sudoers.j2 + dest: /etc/sudoers + mode: 0440 + owner: root + group: root + +- name: Users | Create groups + group: + name: "{{ item.name }}" + state: present + with_items: "{{ os_groups | default([]) }}" + +- name: Users | Create users + user: + name: "{{ item.name }}" + state: "{{ item.state | default(omit) }}" + home: "{{ item.home | default(omit) }}" + move_home: yes + shell: "{{ item.shell | default(omit) }}" + password: "{{ item.password | default(omit) }}" + groups: "{{ item.groups | default(omit) }}" + append: no + system: "{{ item.system | default(omit) }}" + with_items: "{{ os_users }}" + +- name: Users | Deploy ssh public keys + authorized_key: + exclusive: yes + user: "{{ item.name }}" + key: "{{ lookup(item.lookup, item.keys_source) }}" + with_items: "{{ os_users }}" + when: + - item.lookup is defined + - item.keys_source is defined diff --git a/templates/sudoers.j2 b/templates/sudoers.j2 new file mode 100644 index 0000000..d84036b --- /dev/null +++ b/templates/sudoers.j2 @@ -0,0 +1,11 @@ +# {{ ansible_managed }} + +root ALL=(ALL) ALL + +%sudo ALL=(ALL) NOPASSWD: ALL + +{% for user in managed_users %} +{% if user.sudoer %} +{{ user.name }} ALL=(ALL) NOPASSWD: ALL +{% endif %} +{% endfor %}