--- - import_playbook: dependencies.yml - hosts: all:!network name: Update local user accounts and access controls tasks: - import_tasks: tasks/users-preprocessing.yml - name: Create local user accounts tags: users_create become: true block: - name: Create groups group: name: "{{ item }}" state: present loop: "{{ targets + ['omni'] }}" - name: Create users user: name: "{{ item.name }}" comment: "{{ item.fullname | default('') }}" shell: /bin/bash groups: "{{ item.targets | intersect(targets) + ['omni'] }}" system: "{{ item.svc | default(False) }}" state: present generate_ssh_key: "{{ True if generate_keys | bool == true else False }}" ssh_key_comment: "{{ item.name }}@{{ inventory_hostname }}" ssh_key_bits: 4096 ssh_key_type: ed25519 password: "{{ item.password }}" loop: "{{ local_users }}" - name: Delete removed user accounts become: true user: name: "{{ item }}" state: absent loop: "{{ local_removed_users | difference(protected_users) }}" - name: Grant sudo permissions to admin user accounts become: true user: name: "{{ item.name }}" groups: "{{ 'wheel' if ansible_os_family | lower == 'redhat' else 'sudo' }}" state: present loop: "{{ local_admin_users }}" - name: Disable sudo password for ansible become: true lineinfile: create: true path: /etc/sudoers.d/30-ansible line: "ansible ALL=(ALL) NOPASSWD:ALL" mode: 0644 - name: Disable sudo password for admin users become: true lineinfile: create: true path: /etc/sudoers.d/40-admin line: "{{ item.name }} ALL=(ALL) NOPASSWD:ALL" mode: 0644 state: "{{ 'absent' if disable_sudo_password | bool == false else 'present' }}" loop: "{{ local_admin_users }}" - name: Configure GNOME tags: users_gnome when: ansible_distribution == "Fedora" and disable_gnome_user_list | bool == true become: true block: - name: Configure GDM profile blockinfile: create: true path: /etc/dconf/profile/gdm block: | user-db:user system-db:gdm file-db:/usr/share/gdm/greeter-dconf-defaults - name: Configure GDM keyfile blockinfile: create: true path: /etc/dconf/db/gdm.d/00-login-screen block: | [org/gnome/login-screen] # Do not show the user list disable-user-list=true - name: Delete existing user database file: path: /var/lib/gdm/.config/dconf/user state: absent - name: Restart dconf database shell: dconf update - name: Ensure proper ownership of user home directories become: true file: group: "{{ item.name }}" owner: "{{ item.name }}" path: /home/{{ item.name }} recurse: true state: directory loop: "{{ local_users }}" # - hosts: router.net.enp.one # name: Configure users on router # connection: network_cli # vars: # ansible_network_os: edgeos # tasks: # - import_tasks: tasks/users-preprocessing.yml # # - name: Create users # edgeos_config: # lines: # - set system login user {{ item.name }} authentication encrypted-password "{{ item.password }}" # - set system login user {{ item.name }} full-name "{{ item.fullname if item.fullname is defined else "" }}" # - set system login user {{ item.name }} level {{ 'operator' if item.name != 'ansible' else 'admin' }} # loop: "{{ local_users | difference([None]) }}" # # - name: Grant administrative access to admin users # edgeos_config: # lines: # - set system login user {{ item.name }} level admin # loop: "{{ local_admin_users | difference([None]) }}" # # - name: Assemble key files for loadkey usage # edgeos_command: # commands: sudo tee /tmp/{{ item.name }}.keys<<<"{{ item.sshkeys | join('\n') }}" # loop: "{{ local_admin_users | difference([None]) }}" # # - import_playbook: deploy-sshkeys.yml