2019-02-26 03:49:51 +00:00
|
|
|
---
|
|
|
|
|
2023-08-31 01:26:20 +00:00
|
|
|
- name: Create user {{ create_username }}
|
|
|
|
become: true
|
|
|
|
user:
|
|
|
|
name: "{{ create_username }}"
|
|
|
|
password: "{{ create_pwgen | password_hash('sha512') }}"
|
|
|
|
state: present
|
|
|
|
shell: /bin/bash
|
|
|
|
groups: "{{ created_users_groups[ansible_os_family] }}"
|
|
|
|
append: true
|
|
|
|
generate_ssh_key: false
|
|
|
|
ssh_key_bits: 2048
|
|
|
|
ssh_key_file: .ssh/id_rsa
|
|
|
|
update_password: on_create
|
|
|
|
register: user_created
|
|
|
|
notify: print generated password
|
2019-02-26 03:49:51 +00:00
|
|
|
|
2023-08-31 01:26:20 +00:00
|
|
|
- name: enable nopasswd sudo
|
|
|
|
become: true
|
|
|
|
lineinfile:
|
|
|
|
dest: /etc/sudoers
|
|
|
|
regexp: '^{{ create_username }}'
|
|
|
|
line: "{{ create_username }} ALL=(ALL:ALL) NOPASSWD:ALL"
|
|
|
|
insertafter: '^%{{ sudo_group_by_fam[ansible_os_family] }}.*$'
|
|
|
|
state: present
|
|
|
|
validate: 'visudo -cf %s'
|
2019-02-26 03:49:51 +00:00
|
|
|
|
2020-04-19 04:26:48 +00:00
|
|
|
- name: copy current pubkeys to ~{{ create_username }}/.ssh/authorized_keys
|
2019-02-26 03:49:51 +00:00
|
|
|
authorized_key:
|
2020-04-19 04:26:48 +00:00
|
|
|
user: "{{ create_username }}"
|
2019-02-26 03:49:51 +00:00
|
|
|
state: present
|
|
|
|
key: "{{ item }}"
|
2023-08-31 01:26:20 +00:00
|
|
|
# key: "{{ URL_PUBKEYS }}"
|
|
|
|
ignore_errors: true # doesn't support sk-ecdsa-sha2-nistp256 keys
|
2019-02-26 03:49:51 +00:00
|
|
|
with_items:
|
2020-02-20 04:42:00 +00:00
|
|
|
- "{{ lookup('file','~/.ssh/id_ecdsa.pub') }}"
|
2023-08-31 01:26:20 +00:00
|
|
|
# - "{{ lookup('file','~/.ssh/id_ecdsa_sk.pub') }}"
|
|
|
|
# - "{{ lookup('file','~/.ssh/id_ed25519.pub') }}"
|