Importing Bitraf's lusers, updating superusers.

1 files changed, 21 insertions, 20 deletions

diff --git a/ansible/roles/superusers/tasks/main.yml b/ansible/roles/superusers/tasks/main.yml
index 3a1e974..70623a0 100644
--- a/ansible/roles/superusers/tasks/main.yml
+++ b/ansible/roles/superusers/tasks/main.yml
@@ -1,26 +1,27 @@
 ---
-- name: superuser accounts
-  tags: superusers
-  become: yes
-  user:
-    name: "{{ item.username }}"
-    groups: sudo,systemd-journal
-    shell: /bin/bash
-    append: yes
-  with_items:
-    - "{{ superusers }}"
+- tags: superusers
+  block:
+    - name: getent passwd
+      getent:
+        database: passwd
 
-- name: superuser authorized_keys
-  tags: superusers
-  become: yes
-  authorized_key:
-    user: "{{ item.username }}"
-    state: "{{ item.state }}"
-    key: "{{ users[item.username].authorized_keys }}"
-  with_items:
-    - "{{ superusers }}"
+    - name: getent group
+      getent:
+        database: group
+
+# NOTE: Accounts are added by the luser module.
+- tags: superusers
+  vars:
+    usernames: "{{ users|dict2items|map(attribute='key')|list }}"
+    unix_groups:
+      - sudo
+      - systemd-journal
+  with_items: "{{ unix_groups }}"
+  loop_control:
+    loop_var: group
+  include_tasks: adjust-group.yml
 
-- name: Allow 'sudo' group to have passwordless sudo
+- name: "Allow 'sudo' group to have passwordless sudo"
   tags: superusers
   become: yes
   lineinfile: