61 lines
1.9 KiB
YAML
61 lines
1.9 KiB
YAML
---
|
|
- name: "Create new user account"
|
|
block:
|
|
- name: Show which user account is being handled
|
|
debug:
|
|
msg: "Attempting to create account for {{ user.username }}..."
|
|
|
|
- name: Check if the user accounts already exists
|
|
getent:
|
|
database: passwd
|
|
key: "{{ user.username }}"
|
|
register: user_exists
|
|
ignore_errors: true
|
|
|
|
- name: Prepare password store entry
|
|
become: false
|
|
delegate_to: localhost
|
|
command: "pass init -p users/{{ user.username }}/sudo/ {{ item.email }}"
|
|
when: user_exists is failed
|
|
tags:
|
|
- molecule-notest
|
|
|
|
- name: Create a new user account with a new password
|
|
user:
|
|
name: "{{ user.username }}"
|
|
uid: "{{ user.uid }}"
|
|
shell: /bin/bash
|
|
password: "{{ lookup('passwordstore', 'users/{{ user.username }}/sudo/{{ inventory_hostname }} create=true length={{ pass_length }}') | password_hash('sha512') }}"
|
|
groups: "{{ user_groups }}"
|
|
append: true
|
|
update_password: always
|
|
when: user_exists is failed
|
|
tags:
|
|
- molecule-notest
|
|
|
|
- name: Make sure the user's .ssh directory exists
|
|
file:
|
|
path: "/home/{{ user.username }}/.ssh"
|
|
state: directory
|
|
owner: "{{ user.username }}"
|
|
group: "{{ user.username }}"
|
|
mode: "0700"
|
|
|
|
- name: Add new member's SSH key to authorized_keys file
|
|
blockinfile:
|
|
path: "/home/{{ user.username }}/.ssh/authorized_keys"
|
|
block: "{{ user.ssh_key }}"
|
|
state: present
|
|
create: true
|
|
mode: "0600"
|
|
owner: "{{ user.username }}"
|
|
group: "{{ user.username }}"
|
|
|
|
- name: "Add username to the SSH AllowUsers configuration"
|
|
replace:
|
|
backup: true
|
|
dest: /etc/ssh/sshd_config
|
|
regexp: '^(AllowUsers(?!.*\b{{ user.username }}\b).*)$'
|
|
replace: '\1 {{ user.username }}'
|
|
notify: Restart SSH
|