valleyforge/resist-vpn-infra
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
resist-vpn-infra/roles/ssh_users/tasks/create_users.yml
Sparticus 28db1d2104 CIS + inital
2026-01-26 21:22:41 -05:00

64 lines
2.0 KiB
YAML
Raw Permalink Blame History

---
# Create Admin Users
- name: Create admin user accounts
ansible.builtin.user:
name: "{{ item.username }}"
comment: "{{ item.comment | default(item.username) }}"
groups: "{{ item.groups | default(['sudo']) }}"
append: yes
shell: "{{ item.shell | default('/bin/bash') }}"
create_home: yes
state: "{{ item.state | default('present') }}"
loop: "{{ admin_users }}"
loop_control:
label: "{{ item.username }}"
- name: Set password policies for admin users
ansible.builtin.shell: |
chage -M {{ password_max_days }} -m {{ password_min_days }} -W {{ password_warn_age }} -I {{ password_inactive_days }} {{ item.username }}
loop: "{{ admin_users }}"
loop_control:
label: "{{ item.username }}"
when: item.state | default('present') == 'present'
changed_when: false
- name: Configure authorized SSH keys for admin users
ansible.posix.authorized_key:
user: "{{ item.0.username }}"
key: "{{ item.1 }}"
state: present
exclusive: no
loop: "{{ admin_users | subelements('authorized_keys', skip_missing=True) }}"
loop_control:
label: "{{ item.0.username }}"
when:
- item.0.state | default('present') == 'present'
- item.0.authorized_keys is defined
- item.0.authorized_keys | length > 0
- name: Ensure .ssh directory exists for admin users
ansible.builtin.file:
path: "/home/{{ item.username }}/.ssh"
state: directory
owner: "{{ item.username }}"
group: "{{ item.username }}"
mode: '0700'
loop: "{{ admin_users }}"
loop_control:
label: "{{ item.username }}"
when: item.state | default('present') == 'present'
- name: Set umask for admin users
ansible.builtin.lineinfile:
path: "/home/{{ item.username }}/.bashrc"
line: "umask {{ default_umask }}"
create: yes
owner: "{{ item.username }}"
group: "{{ item.username }}"
mode: '0644'
loop: "{{ admin_users }}"
loop_control:
label: "{{ item.username }}"
when: item.state | default('present') == 'present'
Reference in New Issue View Git Blame Copy Permalink