aboutsummaryrefslogtreecommitdiffstats
path: root/fdio.infra.ansible/roles/user_add
diff options
context:
space:
mode:
Diffstat (limited to 'fdio.infra.ansible/roles/user_add')
-rw-r--r--fdio.infra.ansible/roles/user_add/defaults/main.yaml14
-rw-r--r--fdio.infra.ansible/roles/user_add/handlers/main.yaml7
-rw-r--r--fdio.infra.ansible/roles/user_add/tasks/main.yaml37
3 files changed, 58 insertions, 0 deletions
diff --git a/fdio.infra.ansible/roles/user_add/defaults/main.yaml b/fdio.infra.ansible/roles/user_add/defaults/main.yaml
new file mode 100644
index 0000000000..799f660b73
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/defaults/main.yaml
@@ -0,0 +1,14 @@
+---
+# file: defaults/main.yaml
+
+# Default shell for a user if none is specified.
+users_shell: /bin/bash
+
+# Default create home dirs for new users.
+users_create_homedirs: true
+
+# Default list of users to create.
+users: []
+
+# Default enable password login.
+sshd_disable_password_login: false
diff --git a/fdio.infra.ansible/roles/user_add/handlers/main.yaml b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
new file mode 100644
index 0000000000..e5c2a82780
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/handlers/main.yaml
@@ -0,0 +1,7 @@
+---
+# file: handlers/main.yaml
+
+- name: Restart SSHd
+ ansible.builtin.service:
+ name: sshd
+ state: restarted
diff --git a/fdio.infra.ansible/roles/user_add/tasks/main.yaml b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
new file mode 100644
index 0000000000..c01a1497d8
--- /dev/null
+++ b/fdio.infra.ansible/roles/user_add/tasks/main.yaml
@@ -0,0 +1,37 @@
+---
+# file: tasks/main.yaml
+
+- name: Add User
+ ansible.builtin.user:
+ append: "{{ item.append | default(omit) }}"
+ createhome: "{{ 'yes' if users_create_homedirs else 'no' }}"
+ generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}"
+ groups: "{{ item.groups | join(',') if 'groups' in item else '' }}"
+ name: "{{ item.username }}"
+ password: "{{ item.password if item.password is defined else '!' }}"
+ shell: "{{ item.shell if item.shell is defined else users_shell }}"
+ state: present
+ with_items: "{{ users }}"
+ tags:
+ - user-add-conf
+
+- name: SSH keys
+ ansible.builtin.authorized_key:
+ user: "{{ item.0.username }}"
+ key: "{{ item.1 }}"
+ with_subelements:
+ - "{{ users }}"
+ - ssh_key
+ - skip_missing: true
+ tags:
+ - user-add-conf
+
+- name: Disable Password Login
+ ansible.builtin.lineinfile:
+ dest: "/etc/ssh/sshd_config"
+ regexp: "^PasswordAuthentication yes"
+ line: "PasswordAuthentication no"
+ when:
+ - sshd_disable_password_login
+ tags:
+ - user-add-conf