diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2024-02-08 13:30:58 +0100 |
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2024-02-08 13:33:36 +0100 |
| commit | 47423ebb57eb67ed318f5e91f9f837796f63f501 (patch) | |
| tree | 3aabd37a4690cb7e5cf99fb672fe00014c711d1d | |
| parent | d5ba7d10131655fe6a01ba70bfd3926e7afd719e (diff) | |
| download | rules-47423ebb57eb67ed318f5e91f9f837796f63f501.tar.gz | |
feat(roles/unix_users): create unix users
| -rw-r--r-- | roles/unix_users/defaults/main.yml | 8 | ||||
| -rw-r--r-- | roles/unix_users/meta/main.yml | 26 | ||||
| -rw-r--r-- | roles/unix_users/tasks/main.yml | 39 |
3 files changed, 73 insertions, 0 deletions
diff --git a/roles/unix_users/defaults/main.yml b/roles/unix_users/defaults/main.yml new file mode 100644 index 0000000..83edad2 --- /dev/null +++ b/roles/unix_users/defaults/main.yml @@ -0,0 +1,8 @@ +--- + +unix_users__enabled_uid_min: 2001 +unix_users__enabled_uid_max: 2100 +unix_users__enabled_uid_slots: "{{ range( + unix_users__enabled_uid_min, + unix_users__enabled_uid_max + ) }}" diff --git a/roles/unix_users/meta/main.yml b/roles/unix_users/meta/main.yml new file mode 100644 index 0000000..1de5f3f --- /dev/null +++ b/roles/unix_users/meta/main.yml @@ -0,0 +1,26 @@ +--- + +argument_specs: + main: + short_description: unix_users main entrypoint. + options: + + unix_users__enabled_uid_min: + type: int + required: true + + unix_users__enabled_uid_max: + type: int + required: true + + unix_users__users: + type: list + elements: dict + required: true + options: + username: + type: str + required: true + comment: + type: str + required: false diff --git a/roles/unix_users/tasks/main.yml b/roles/unix_users/tasks/main.yml new file mode 100644 index 0000000..291e134 --- /dev/null +++ b/roles/unix_users/tasks/main.yml @@ -0,0 +1,39 @@ +--- + +- name: retrieve all users + ansible.builtin.getent: + database: passwd + register: unix_users__register_getent + +- name: parse all users in uid range + ansible.builtin.set_fact: + unix_users__parsed_getent: "[ + {% for name, attributes in + unix_users__register_getent.ansible_facts.getent_passwd.items() %} + {{ { 'name': name, 'uid': (attributes[2] | int) } }}, + {% endfor %} + ]" + +- name: retrieve minimum available uid + ansible.builtin.set_fact: + unix_users__available_uid_min: "{{ unix_users__parsed_getent + | map(attribute='uid') + | select('in', unix_users__enabled_uid_slots) + | max + | default(unix_users__enabled_uid_min) + | int }}" + +- name: create user with specific uid + ansible.builtin.user: + name: "{{ item.username }}" + uid: "{{ (unix_users__available_uid_min | int) + (index | int) }}" + loop: "{{ unix_users__users }}" + loop_control: + index_var: index + when: item.username not in (unix_users__parsed_getent | map(attribute='name')) + +- name: update user informations + ansible.builtin.user: + name: "{{ item.username }}" + comment: "{{ item.comment | normalize_unicode_to_ansii }}" + loop: "{{ unix_users__users }}" |