mxmehl/ansible-role-users
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
ansible-role-users/tasks/main.yml
Max Mehl 8984d6368c improve SSH key comment
2026-03-19 14:49:26 +01:00

77 lines
2.3 KiB
YAML
Executable File
Raw Permalink Blame History

# SPDX-FileCopyrightText: 2023 Max Mehl <https://mehl.mx>
#
# SPDX-License-Identifier: Apache-2.0
---
- name: Unset password_value fact
set_fact:
password_value: ""
special_pass: false
# Handle cases in which password variable is undefined or empty
- name: Disable password login for user unless empty password allowed for user {{ username }}
when:
- password is not defined or
password|length == 0
- not allow_no_password
ansible.builtin.set_fact:
password_value: "*"
special_pass: true
- name: Disable password login because given password was * for user {{ username }}
when:
- password == "*"
ansible.builtin.set_fact:
password_value: "*"
special_pass: true
- name: Allow login without password as it is explicitely allowed for user {{ username }}
when:
- password is not defined or
password|length == 0
- allow_no_password
ansible.builtin.set_fact:
password_value: ""
special_pass: true
- name: Hash provided password for user {{ username }}
when:
# Non-empty password has been provided
- password is defined
# None of the special cases has been handled before
- not special_pass
block:
- name: Create idempotent salt for password of {{ username }}
set_fact:
salt: "{{ ((username + inventory_hostname) | hash('sha512'))[:16] }}"
- name: Encrypt password for user {{ username }}
ansible.builtin.command: openssl passwd -6 -salt "{{ salt }}" "{{ password }}"
register: username_shadowpw
changed_when: false
check_mode: false
- name: Set password value fact for user {{ username }}
ansible.builtin.set_fact:
password_value: "{{ username_shadowpw.stdout }}"
- name: "Ensure user is configured correctly: {{ username }}"
ansible.builtin.user:
name: "{{ username }}"
password: "{{ password_value }}"
shell: "{{ shell }}"
# SSH
generate_ssh_key: "{{ generate_ssh_key }}"
ssh_key_type: "{{ ssh_key_type }}"
ssh_key_comment: "{{ username }}@{{ ansible_fqdn }}"
# Groups
groups: "{{ user_groups }}"
append: "{{ groups_append }}"
- name: Ensure correct directory settings for user {{ username }}
ansible.builtin.file:
path: "/home/{{ username }}"
state: directory
mode: "{{ homedir_permissions }}"
when: username != "root"
Reference in New Issue View Git Blame Copy Permalink