ansible-ffibk/roles/users/tasks/main.yml

---
- name: ensure sudo is installed
  package:
    name: "sudo"
    state: present

- name: ensure system users are present
  user:
    name: "{{ item.name }}"
    comment: "{{ item.comment }}"
    shell: "{{ item.shell }}"
    home: "{{ item.home }}"
    state: "{{ item.state }}"
  with_items: "{{ system_users }}"

- name: ensure ssh config directory is present
  file:
    path: "{{ item.home }}/.ssh"
    state: directory
    owner: "{{ item.name }}"
    group: "{{ item.name }}"
    mode: '0700'
  with_items: "{{ system_users }}"

- name: configure ssh public keys
  template:
    src: "authorized_keys.j2"
    dest: "{{ item.home }}/.ssh/authorized_keys"
    owner: "{{ item.name }}"
    group: "{{ item.name }}"
    mode: '0600'
  with_items: "{{ system_users }}"

- name: configure passwordless sudo access
  template:
    src: "sudoers.j2"
    dest: "/etc/sudoers.d/{{ item.name }}"
    owner: root
    group: root
    mode: '0440'
    validate: "/usr/sbin/visudo -cf %s"
  with_items: "{{ system_users }}"

- name: remove admin lines from /etc/sudoers
  lineinfile:
    path: "/etc/sudoers"
    state: absent
    regexp: '^admin\s'
    validate: "/usr/sbin/visudo -cf %s"
Add role users 2018-02-28 06:03:28 +01:00			`---`
			`- name: ensure sudo is installed`
			`package:`
			`name: "sudo"`
			`state: present`

			`- name: ensure system users are present`
			`user:`
			`name: "{{ item.name }}"`
			`comment: "{{ item.comment }}"`
			`shell: "{{ item.shell }}"`
			`home: "{{ item.home }}"`
			`state: "{{ item.state }}"`
			`with_items: "{{ system_users }}"`

			`- name: ensure ssh config directory is present`
			`file:`
			`path: "{{ item.home }}/.ssh"`
			`state: directory`
			`owner: "{{ item.name }}"`
			`group: "{{ item.name }}"`
			`mode: '0700'`
			`with_items: "{{ system_users }}"`

			`- name: configure ssh public keys`
			`template:`
			`src: "authorized_keys.j2"`
			`dest: "{{ item.home }}/.ssh/authorized_keys"`
			`owner: "{{ item.name }}"`
			`group: "{{ item.name }}"`
			`mode: '0600'`
			`with_items: "{{ system_users }}"`

			`- name: configure passwordless sudo access`
			`template:`
			`src: "sudoers.j2"`
			`dest: "/etc/sudoers.d/{{ item.name }}"`
			`owner: root`
			`group: root`
			`mode: '0440'`
			`validate: "/usr/sbin/visudo -cf %s"`
			`with_items: "{{ system_users }}"`

			`- name: remove admin lines from /etc/sudoers`
			`lineinfile:`
			`path: "/etc/sudoers"`
			`state: absent`
			`regexp: '^admin\s'`
			`validate: "/usr/sbin/visudo -cf %s"`