homelab/bootstrap
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(bundle): initial commit
Some checks failed
Build Bootstrap Bundle / build (push) Failing after 54s
Details

Browse Source
This commit is contained in:
Sebastian Rust
2026-02-05 18:19:37 +01:00
commit 702b7d2fe1
8 changed files with 434 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
roles/users/tasks/main.yml Normal file
View File

@@ -0,0 +1,66 @@
---
- name: Validate pubkey configuration
ansible.builtin.fail:
msg: "Only one of pubkey, pubkey_file, or pubkey_url can be defined"
when: >
(user_pubkey is defined and (user_pubkey_file is defined or user_pubkey_url is defined)) or
(user_pubkey_file is defined and user_pubkey_url is defined)
- name: Validate at least one pubkey source is defined
ansible.builtin.fail:
msg: "At least one of pubkey, pubkey_file, or pubkey_url must be defined"
when:
- user_pubkey is not defined
- user_pubkey_file is not defined
- user_pubkey_url is not defined
- name: Create user account
ansible.builtin.user:
name: "{{ user_name }}"
state: present
shell: "{{ user_shell }}"
createhome: yes
home: "{{ user_home | default('/home/' + user_name) }}"
uid: "{{ user_uid | default(omit) }}"
groups: "{{ user_groups | default(omit) }}"
append: "{{ user_groups_append | default(true) }}"
password: "{{ user_password | password_hash('sha512') if user_password is defined else omit }}"
update_password: "{{ 'always' if user_password is defined else 'on_create' }}"
become: yes
- name: Configure sudoers for user
ansible.builtin.lineinfile:
dest: /etc/sudoers.d/{{ user_name }}
line: "{{ user_name }} ALL=(ALL) {{ 'NOPASSWD: ' if user_sudo_nopasswd else '' }}ALL"
create: yes
mode: "0440"
validate: 'visudo -cf %s'
become: yes
when: user_sudo_enabled | bool
- name: Add SSH public key (direct)
ansible.builtin.authorized_key:
user: "{{ user_name }}"
key: "{{ user_pubkey }}"
state: present
exclusive: "{{ user_pubkey_exclusive | bool }}"
become: yes
when: user_pubkey is defined
- name: Add SSH public key (from file)
ansible.builtin.authorized_key:
user: "{{ user_name }}"
key: "{{ lookup('file', user_pubkey_file) }}"
state: present
exclusive: "{{ user_pubkey_exclusive | bool }}"
become: yes
when: user_pubkey_file is defined
- name: Add SSH public key (from URL)
ansible.builtin.authorized_key:
user: "{{ user_name }}"
key: "{{ lookup('url', user_pubkey_url) }}"
state: present
exclusive: "{{ user_pubkey_exclusive | bool }}"
become: yes
when: user_pubkey_url is defined