diff options
Diffstat (limited to 'fdio.infra.ansible/roles/user_add')
-rw-r--r-- | fdio.infra.ansible/roles/user_add/defaults/main.yaml | 14 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/user_add/handlers/main.yaml | 7 | ||||
-rw-r--r-- | fdio.infra.ansible/roles/user_add/tasks/main.yaml | 37 |
3 files changed, 58 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/user_add/defaults/main.yaml b/fdio.infra.ansible/roles/user_add/defaults/main.yaml new file mode 100644 index 0000000000..799f660b73 --- /dev/null +++ b/fdio.infra.ansible/roles/user_add/defaults/main.yaml @@ -0,0 +1,14 @@ +--- +# file: defaults/main.yaml + +# Default shell for a user if none is specified. +users_shell: /bin/bash + +# Default create home dirs for new users. +users_create_homedirs: true + +# Default list of users to create. +users: [] + +# Default enable password login. +sshd_disable_password_login: false diff --git a/fdio.infra.ansible/roles/user_add/handlers/main.yaml b/fdio.infra.ansible/roles/user_add/handlers/main.yaml new file mode 100644 index 0000000000..e5c2a82780 --- /dev/null +++ b/fdio.infra.ansible/roles/user_add/handlers/main.yaml @@ -0,0 +1,7 @@ +--- +# file: handlers/main.yaml + +- name: Restart SSHd + ansible.builtin.service: + name: sshd + state: restarted diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml new file mode 100644 index 0000000000..c01a1497d8 --- /dev/null +++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml @@ -0,0 +1,37 @@ +--- +# file: tasks/main.yaml + +- name: Add User + ansible.builtin.user: + append: "{{ item.append | default(omit) }}" + createhome: "{{ 'yes' if users_create_homedirs else 'no' }}" + generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}" + groups: "{{ item.groups | join(',') if 'groups' in item else '' }}" + name: "{{ item.username }}" + password: "{{ item.password if item.password is defined else '!' }}" + shell: "{{ item.shell if item.shell is defined else users_shell }}" + state: present + with_items: "{{ users }}" + tags: + - user-add-conf + +- name: SSH keys + ansible.builtin.authorized_key: + user: "{{ item.0.username }}" + key: "{{ item.1 }}" + with_subelements: + - "{{ users }}" + - ssh_key + - skip_missing: true + tags: + - user-add-conf + +- name: Disable Password Login + ansible.builtin.lineinfile: + dest: "/etc/ssh/sshd_config" + regexp: "^PasswordAuthentication yes" + line: "PasswordAuthentication no" + when: + - sshd_disable_password_login + tags: + - user-add-conf |