45 lines
1.2 KiB
YAML
45 lines
1.2 KiB
YAML
- include_vars: users.yml
|
|
|
|
# di, for services and daemons
|
|
- name: Add the 'di' group
|
|
group: name=di
|
|
|
|
- name: Add the 'di-2fa' group
|
|
group: name=di-2fa
|
|
when: "'2fa' in group_names"
|
|
|
|
- file: path=/var/cache/di state=directory mode=0755 owner=root group=root
|
|
|
|
- file: path='{{ ssh_keydir }}' state=directory mode=0770 owner=root group=di
|
|
|
|
- name: Install the di-gogs sshkeys script
|
|
copy: src="../files/di-gogs-sshkeys.py" dest=/var/cache/di/di-gogs-sshkeys.py mode=0755 owner=root group=root
|
|
|
|
- name: Install the di-gogs-sshkeys configuration
|
|
template: src=di-gogs-sshkeys.conf.j2 dest=/etc/di-gogs-sshkeys.conf mode=0660 owner=root group=di
|
|
|
|
- name: Add the di-users group
|
|
group: name=di-users
|
|
|
|
- name: Default user grouplist
|
|
set_fact: usergroups=ssh,dialout,plugdev
|
|
|
|
- name: Determine available UNIX groups
|
|
getent:
|
|
database: group
|
|
|
|
- name: Add users to docker group
|
|
set_fact: usergroups="docker,{{ usergroups }}"
|
|
when: "'docker' in ansible_facts.getent_group"
|
|
|
|
- name: Add the 2fa group to the list when the machine requires it
|
|
set_fact: usergroups='di-2fa,{{ usergroups }}'
|
|
when: "'2fa' in group_names"
|
|
|
|
- name: Handle user for this machine
|
|
include_tasks: regular_user.yml
|
|
with_items:
|
|
- "{{ users }}"
|
|
loop_control:
|
|
loop_var: user
|