35 lines
928 B
YAML
35 lines
928 B
YAML
---
|
|
- name: create ssh_access group
|
|
group:
|
|
name: ssh_access
|
|
state: present
|
|
|
|
- name: Create user
|
|
user:
|
|
name: "{{ item }}"
|
|
shell: /bin/bash
|
|
groups: "{{ group }},ssh_access"
|
|
password: "{{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15') | password_hash('sha512')}}"
|
|
loop: "{{ userlist }}"
|
|
|
|
- name: Add user to sudoers
|
|
lineinfile:
|
|
path: "/etc/sudoers.d/{{item}}"
|
|
create: yes
|
|
line: "{{ item }} ALL=(ALL) NOPASSWD: ALL"
|
|
mode: 0440
|
|
validate: visudo -cf %s
|
|
when: sudoers
|
|
loop: "{{ userlist }}"
|
|
|
|
- name: Display generated password
|
|
debug:
|
|
msg: "Generated password for {{ item }}: {{lookup('password', 'cred.' + item + '.pass chars=ascii_letters,digits,hexdigitsi length=15')}}"
|
|
loop: "{{ userlist }}"
|
|
|
|
- name: Remove password files created by ansible
|
|
file:
|
|
path: cred.{{item}}.pass
|
|
state: absent
|
|
loop: "{{ userlist }}"
|