2024-02-13 20:17:35 +01:00
|
|
|
---
|
|
|
|
- name: Create group ansible
|
|
|
|
become: true
|
|
|
|
ansible.builtin.group:
|
|
|
|
name: 'ansible'
|
2024-02-14 21:25:00 +01:00
|
|
|
state: "{{ l3d_users__ansible_user_state | ternary('present', 'absent') }}"
|
2024-02-13 20:17:35 +01:00
|
|
|
|
|
|
|
- name: Create user ansible
|
|
|
|
become: true
|
|
|
|
ansible.builtin.user:
|
|
|
|
name: 'ansible'
|
|
|
|
comment: 'User for ansible to login and perform tasks'
|
|
|
|
shell: '/bin/bash'
|
|
|
|
group: 'ansible'
|
2024-02-14 21:25:00 +01:00
|
|
|
state: "{{ l3d_users__ansible_user_state | ternary('present', 'absent') }}"
|
2024-04-16 14:09:31 +02:00
|
|
|
system: true
|
2024-02-16 18:00:07 +01:00
|
|
|
password: "{{ l3d_users__ansible_user_password }}"
|
2024-02-13 20:17:35 +01:00
|
|
|
create_home: true
|
|
|
|
|
|
|
|
- name: Set dedicated SSH keys for User ansible and drop all other keys
|
|
|
|
become: true
|
|
|
|
ansible.posix.authorized_key:
|
|
|
|
user: 'ansible'
|
2024-02-14 21:25:00 +01:00
|
|
|
state: "{{ l3d_users__ansible_user_state | ternary('present', 'absent') }}"
|
|
|
|
key: "{{ l3d_users__ansible_ssh_keys }}"
|
2024-02-13 20:17:35 +01:00
|
|
|
exclusive: true
|
2024-02-14 21:25:00 +01:00
|
|
|
when: l3d_users__set_ansible_ssh_keys | bool
|
2024-02-13 20:17:35 +01:00
|
|
|
|
|
|
|
- name: Add admin keys to user ansible
|
2024-02-13 20:23:39 +01:00
|
|
|
become: true
|
2024-02-14 03:16:24 +01:00
|
|
|
ansible.posix.authorized_key:
|
|
|
|
user: 'ansible'
|
2024-02-14 21:25:00 +01:00
|
|
|
state: "{{ l3d_users__ansible_user_state | ternary('present', 'absent') }}"
|
2024-02-18 15:44:57 +01:00
|
|
|
key: "{{ user.pubkeys | default() }}"
|
2024-04-09 18:27:39 +02:00
|
|
|
exclusive: false
|
2024-02-14 21:25:00 +01:00
|
|
|
loop: "{{ _l3d_users__merged_users }}"
|
2024-02-18 15:44:57 +01:00
|
|
|
when: user.admin | default(false) | bool and user.admin_ansible_login | default(true) | bool
|
2024-02-14 03:16:24 +01:00
|
|
|
loop_control:
|
2024-02-18 15:44:57 +01:00
|
|
|
label: "user={{ user.name }}"
|
|
|
|
loop_var: user
|