aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRomain Gonçalves <me@rgoncalves.se>2024-02-08 13:30:58 +0100
committerRomain Gonçalves <me@rgoncalves.se>2024-02-08 13:33:36 +0100
commit47423ebb57eb67ed318f5e91f9f837796f63f501 (patch)
tree3aabd37a4690cb7e5cf99fb672fe00014c711d1d
parentd5ba7d10131655fe6a01ba70bfd3926e7afd719e (diff)
downloadrules-47423ebb57eb67ed318f5e91f9f837796f63f501.tar.gz
feat(roles/unix_users): create unix users
-rw-r--r--roles/unix_users/defaults/main.yml8
-rw-r--r--roles/unix_users/meta/main.yml26
-rw-r--r--roles/unix_users/tasks/main.yml39
3 files changed, 73 insertions, 0 deletions
diff --git a/roles/unix_users/defaults/main.yml b/roles/unix_users/defaults/main.yml
new file mode 100644
index 0000000..83edad2
--- /dev/null
+++ b/roles/unix_users/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+
+unix_users__enabled_uid_min: 2001
+unix_users__enabled_uid_max: 2100
+unix_users__enabled_uid_slots: "{{ range(
+ unix_users__enabled_uid_min,
+ unix_users__enabled_uid_max
+ ) }}"
diff --git a/roles/unix_users/meta/main.yml b/roles/unix_users/meta/main.yml
new file mode 100644
index 0000000..1de5f3f
--- /dev/null
+++ b/roles/unix_users/meta/main.yml
@@ -0,0 +1,26 @@
+---
+
+argument_specs:
+ main:
+ short_description: unix_users main entrypoint.
+ options:
+
+ unix_users__enabled_uid_min:
+ type: int
+ required: true
+
+ unix_users__enabled_uid_max:
+ type: int
+ required: true
+
+ unix_users__users:
+ type: list
+ elements: dict
+ required: true
+ options:
+ username:
+ type: str
+ required: true
+ comment:
+ type: str
+ required: false
diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml
new file mode 100644
index 0000000..291e134
--- /dev/null
+++ b/roles/unix_users/tasks/main.yml
@@ -0,0 +1,39 @@
+---
+
+- name: retrieve all users
+ ansible.builtin.getent:
+ database: passwd
+ register: unix_users__register_getent
+
+- name: parse all users in uid range
+ ansible.builtin.set_fact:
+ unix_users__parsed_getent: "[
+ {% for name, attributes in
+ unix_users__register_getent.ansible_facts.getent_passwd.items() %}
+ {{ { 'name': name, 'uid': (attributes[2] | int) } }},
+ {% endfor %}
+ ]"
+
+- name: retrieve minimum available uid
+ ansible.builtin.set_fact:
+ unix_users__available_uid_min: "{{ unix_users__parsed_getent
+ | map(attribute='uid')
+ | select('in', unix_users__enabled_uid_slots)
+ | max
+ | default(unix_users__enabled_uid_min)
+ | int }}"
+
+- name: create user with specific uid
+ ansible.builtin.user:
+ name: "{{ item.username }}"
+ uid: "{{ (unix_users__available_uid_min | int) + (index | int) }}"
+ loop: "{{ unix_users__users }}"
+ loop_control:
+ index_var: index
+ when: item.username not in (unix_users__parsed_getent | map(attribute='name'))
+
+- name: update user informations
+ ansible.builtin.user:
+ name: "{{ item.username }}"
+ comment: "{{ item.comment | normalize_unicode_to_ansii }}"
+ loop: "{{ unix_users__users }}"
remember that computers suck.