blob: 329c6abd07087fc8d98ced818d21ec6c76967d4b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
---
# file: roles/user_add/tasks/main.yaml
- name: Conf - Add User
ansible.builtin.user:
append: "{{ item.append | default(omit) }}"
createhome: "{{ 'yes' if users_create_homedirs else 'no' }}"
generate_ssh_key: "{{ item.generate_ssh_key | default(omit) }}"
groups: "{{ item.groups | join(',') if 'groups' in item else '' }}"
name: "{{ item.username }}"
password: "{{ item.password if item.password is defined else '!' }}"
shell: "{{ item.shell if item.shell is defined else users_shell }}"
state: present
with_items: "{{ users }}"
tags:
- user-add-conf
- name: Conf - SSH keys
ansible.builtin.authorized_key:
user: "{{ item.0.username }}"
key: "{{ item.1 }}"
with_subelements:
- "{{ users }}"
- ssh_key
- skip_missing: true
tags:
- user-add-conf
- name: Conf - Disable Password Login
ansible.builtin.lineinfile:
dest: "/etc/ssh/sshd_config"
regexp: "^PasswordAuthentication yes"
line: "PasswordAuthentication no"
notify:
- "Restart SSHd"
when:
- sshd_disable_password_login
tags:
- user-add-conf
|
