mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2025-01-18 08:06:16 +01:00
42 lines
1.5 KiB
YAML
42 lines
1.5 KiB
YAML
---
|
|
|
|
- name: create Arch Linux-specific groups
|
|
group: name="{{ item }}" state=present system=no
|
|
with_items: "{{ arch_groups }}"
|
|
|
|
- name: create Arch Linux-specific users
|
|
user:
|
|
name: "{{ item.key }}"
|
|
group: users
|
|
groups: "{{ item.value.groups | join(',') }}"
|
|
comment: "{{ item.value.name }}"
|
|
shell: "{{ item.value.shell | default('/bin/bash') }}"
|
|
password: ""
|
|
update_password: on_create
|
|
state: present
|
|
with_dict: "{{ arch_users }}"
|
|
|
|
- name: create .ssh directory
|
|
file: path=/home/{{ item.key }}/.ssh state=directory owner={{ item.key }} group=users mode=0700
|
|
with_dict: "{{ arch_users }}"
|
|
|
|
- name: configure ssh keys
|
|
template: src=authorized_keys.j2 dest=/home/{{ item.key }}/.ssh/authorized_keys owner={{ item.key }} group=users mode=0600
|
|
when: item.value.ssh_key is defined
|
|
with_dict: "{{ arch_users }}"
|
|
|
|
- name: remove ssh keys if undefined
|
|
file: path=/home/{{ item.key }}/.ssh/authorized_keys state=absent
|
|
when: item.value.ssh_key is not defined
|
|
with_dict: "{{ arch_users }}"
|
|
|
|
- name: get list of remote users
|
|
find: paths="/home" file_type="directory"
|
|
register: all_users
|
|
|
|
# TODO: this removes the keys of svn-packages and svn-community on orion temporarily. add some form of whitelist for those users?
|
|
- name: disable ssh keys of disabled users
|
|
file: path="/home/{{ item }}/.ssh/authorized_keys" state=absent
|
|
when: item not in arch_users
|
|
with_items: "{{ all_users.files | map(attribute='path') | map('basename') | list }}"
|