-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcreate_users.yaml
38 lines (37 loc) · 1.17 KB
/
create_users.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
- name: Create Users
become: true
ansible.builtin.user:
name: '{{ item["username"] }}'
create_home: yes
shell: /bin/bash
append: yes
groups: '{{item.groups | default([]) | join(",")}}'
password: '{{item.password | default("!")}}'
expires: '{{(item.expires | to_datetime).strftime("%s")}}'
update_password: 'on_create'
loop: "{{users}}"
- name: Deploy keys
become: true
ansible.posix.authorized_key:
user: "{{ item[0].username }}"
state: present
key: '{{ item[1] }}'
loop: "{{users|subelements('authorized_keys')}}"
- name: sudo allow
become: true
community.general.sudoers:
runas: root
state: present
user: '{{ item[0].username }}'
commands: '{{ item[1] }}'
name: "ansible_sudoers_{{item[0].username | replace('.', '_')}}"
loop: "{{lookup('subelements', users, 'sudo_allow', {'skip_missing': True})}}"
- name: sudo deny
become: true
community.general.sudoers:
runas: root
state: absent
user: '{{ item[0].username }}'
commands: '{{ item[1] }}'
name: "ansible_sudoers_{{item[0].username | replace('.', '_')}}"
loop: "{{lookup('subelements', users, 'sudo_deny', {'skip_missing': True})}}"