users/tasks/user.yml

---
- name: user | create groups
  group:
    name: "{{ item.group|default(item.name) }}"
    system: '{{ item.system|default(omit) }}'
    gid: '{{ item.gid|default(omit) }}'
    state: '{{ item.state|default("present") }}'
  with_flattened :
    - "{{users_system.group|default([])}}"
    - "{{users_system.user|default([])}}"
  when : ((item.name is defined and item.name != 'root'))

- name: user | create/modify/delete
  user:
    name: '{{ item.name }}'
    group: '{{ item.group|default(item.name) }}'
    groups: "{{ item.groups| default([]) | join(',') or omit }}"
    append: '{{ item.append|default("yes")}}'
    shell: '{{ item.shell|default("/bin/bash") }}'
    uid: '{{ item.uid|default(omit) }}'
    non_unique: '{{ item.non_unique|default(omit) }}'
    state: '{{ item.state|default("present") }}'
    comment: '{{ item.comment|default(omit) }}'
    password: '{{ item.password|default("!") }}'
    update_password: '{{ item.update_password|default("on_create") }}'
    system: '{{ item.system|default(omit) }}'
    home: '{{ item.home|default(omit) }}'
    createhome: '{{ item.createhome|default(omit) }}'
    generate_ssh_key: '{{ item.generate_ssh_key|default(omit) }}'
    ssh_key_file: '{{ item.ssh_key_file|default(omit) }}'
    ssh_key_passphrase: '{{ item.ssh_key_passphrase|default(omit) }}'
    ssh_key_type: '{{ item.ssh_key_ssh_key_type|default("rsa") }}'
    ssh_key_bits: '{{ item.ssh_key_bits|default(omit) }}'
    ssh_key_comment: '{{ item.ssh_key_comment|default(omit) }}'
    expires: '{{ item.expires|default(omit) }}'
    move_home: '{{ item.move_home|default(omit) }}'
    remove : '{{ item.remove|default(omit) }}'
  with_items : "{{users_system.user|default([])}}"
  no_log: "{{no_log|default(true)}}"
  when: ((item.name is defined and item.name != 'root') and (item.state is undefined or (item.state is defined and item.state != 'absent')))

- name: user | ensure home directory mode
  file:
    path: '{{ item.home|default("/home/" + item.name) }}'
    state: directory
    mode: '{{ item.mode }}'
  loop_control:
    label: '{{ item.home|default("/home/" + item.name) }}'
  when:
  - 'item.mode is defined'
  - 'item.state|default("present") != "absent"'
  with_items: "{{users_system.user|default([])}}"

- name: user | handle ssh's authorized keys
  authorized_key:
    user: "{{ item.name }}"
    key: "{{ '\n'.join(item.authorized_keys) | string }}"
    state: present
  with_items : "{{users_system.user}}"
  when: ((item.name is defined and item.name != 'root') and (item.state is undefined or (item.state is defined and item.state != 'absent')) and item.authorized_keys is defined)
initial commit 2024-12-17 17:48:17 +01:00			`---`
			`- name: user \| create groups`
			`group:`
			`name: "{{ item.group\|default(item.name) }}"`
			`system: '{{ item.system\|default(omit) }}'`
			`gid: '{{ item.gid\|default(omit) }}'`
			`state: '{{ item.state\|default("present") }}'`
			`with_flattened :`
			`- "{{users_system.group\|default([])}}"`
			`- "{{users_system.user\|default([])}}"`
			`when : ((item.name is defined and item.name != 'root'))`

			`- name: user \| create/modify/delete`
			`user:`
			`name: '{{ item.name }}'`
			`group: '{{ item.group\|default(item.name) }}'`
			`groups: "{{ item.groups\| default([]) \| join(',') or omit }}"`
			`append: '{{ item.append\|default("yes")}}'`
			`shell: '{{ item.shell\|default("/bin/bash") }}'`
			`uid: '{{ item.uid\|default(omit) }}'`
			`non_unique: '{{ item.non_unique\|default(omit) }}'`
			`state: '{{ item.state\|default("present") }}'`
			`comment: '{{ item.comment\|default(omit) }}'`
			`password: '{{ item.password\|default("!") }}'`
			`update_password: '{{ item.update_password\|default("on_create") }}'`
			`system: '{{ item.system\|default(omit) }}'`
			`home: '{{ item.home\|default(omit) }}'`
			`createhome: '{{ item.createhome\|default(omit) }}'`
			`generate_ssh_key: '{{ item.generate_ssh_key\|default(omit) }}'`
			`ssh_key_file: '{{ item.ssh_key_file\|default(omit) }}'`
			`ssh_key_passphrase: '{{ item.ssh_key_passphrase\|default(omit) }}'`
			`ssh_key_type: '{{ item.ssh_key_ssh_key_type\|default("rsa") }}'`
			`ssh_key_bits: '{{ item.ssh_key_bits\|default(omit) }}'`
			`ssh_key_comment: '{{ item.ssh_key_comment\|default(omit) }}'`
			`expires: '{{ item.expires\|default(omit) }}'`
			`move_home: '{{ item.move_home\|default(omit) }}'`
			`remove : '{{ item.remove\|default(omit) }}'`
			`with_items : "{{users_system.user\|default([])}}"`
			`no_log: "{{no_log\|default(true)}}"`
			`when: ((item.name is defined and item.name != 'root') and (item.state is undefined or (item.state is defined and item.state != 'absent')))`

			`- name: user \| ensure home directory mode`
			`file:`
			`path: '{{ item.home\|default("/home/" + item.name) }}'`
			`state: directory`
			`mode: '{{ item.mode }}'`
			`loop_control:`
			`label: '{{ item.home\|default("/home/" + item.name) }}'`
			`when:`
			`- 'item.mode is defined'`
			`- 'item.state\|default("present") != "absent"'`
			`with_items: "{{users_system.user\|default([])}}"`

			`- name: user \| handle ssh's authorized keys`
			`authorized_key:`
			`user: "{{ item.name }}"`
			`key: "{{ '\n'.join(item.authorized_keys) \| string }}"`
			`state: present`
			`with_items : "{{users_system.user}}"`
			`when: ((item.name is defined and item.name != 'root') and (item.state is undefined or (item.state is defined and item.state != 'absent')) and item.authorized_keys is defined)`