Importing Bitraf's lusers, updating superusers.

2 files changed, 46 insertions, 0 deletions

diff --git a/ansible/roles/lusers/defaults/main.yml b/ansible/roles/lusers/defaults/main.yml
new file mode 100644
index 0000000..61602c5
--- /dev/null
+++ b/ansible/roles/lusers/defaults/main.yml
@@ -0,0 +1 @@
+lusers_authorized_keys_exclusive: no
diff --git a/ansible/roles/lusers/tasks/main.yml b/ansible/roles/lusers/tasks/main.yml
new file mode 100644
index 0000000..cb10845
--- /dev/null
+++ b/ansible/roles/lusers/tasks/main.yml
@@ -0,0 +1,45 @@
+---
+- become: yes
+  tags: lusers
+  vars:
+    usernames: "{{ users|dict2items|map(attribute='key')|list }}"
+  block:
+    - name: adduser
+      with_items: "{{ lusers }}"
+      user:
+        name: "{{ item }}"
+        shell: /bin/bash
+
+    - name: getent passwd
+      getent:
+        database: passwd
+
+    - name: disable user
+      with_items: "{{ usernames }}"
+      when: (item not in lusers) and (item in getent_passwd)
+      user:
+        name: "{{ item }}"
+        shell: /usr/sbin/nologin
+
+    - name: mkdir ~/.ssh
+      when: lusers_authorized_keys_exclusive
+      with_items: "{{ lusers }}"
+      file:
+        path: "~{{ item }}/.ssh"
+        state: directory
+        owner: "{{ item }}"
+        mode: 0700
+
+    - name: authorized_keys, exclusively managed by Ansible
+      copy:
+        dest: "/home/{{ item }}/.ssh/authorized_keys"
+        content: "{{ users[item].authorized_keys }}"
+      when: lusers_authorized_keys_exclusive
+      with_items: "{{ lusers }}"
+
+    - name: authorized_keys, shared management with Ansible
+      authorized_key:
+        user: "{{ item }}"
+        key: "{{ users[item].authorized_keys }}"
+      with_items: "{{ lusers }}"
+      when: not lusers_authorized_keys_exclusive