feat(role): init

tasks/group.yml

@@ -0,0 +1,6 @@
+---
+- name: "Create group `{{ group }}`"
+  become: true
+  group:
+    name: "{{ group }}"
+    gid: "{{ users_groups[group].get('gid', None) }}"

tasks/main.yml

@@ -0,0 +1,11 @@
+---
+- include_tasks: group.yml
+  with_items: "{{ users_groups.keys() }}"
+  loop_control:
+    loop_var: group
+
+- include_tasks: user.yml
+  when: ansible_default_ipv4.address in users[username]['passwords'] or users[username]['passwords'].get('default')
+  with_items: "{{ users.keys() }}"
+  loop_control:
+    loop_var: username

tasks/user.yml

@@ -0,0 +1,30 @@
+---
+- name: "create user `{{ username }}`"
+  ansible.builtin.user:
+    name: "{{ username }}"
+    append: true
+    groups: "{{ users[username].get('groups', '') }}"
+    shell: "{{ users[username].get('shell', '/bin/bash') }}"
+    uid: "{{ users[username].get('uid', None) }}"
+
+- name: "set specific password for user `{{ username }}`"
+  ansible.builtin.user:
+    name: "{{ username }}"
+    password: "{{ users[username]['passwords'].get(ansible_default_ipv4.address) }}"
+  when: "ansible_default_ipv4.address in users[username]['passwords'] and
+        users[username]['passwords'].get(ansible_default_ipv4.address) != 'default'"
+
+- name: "set default password for user `{{ username }}`"
+  ansible.builtin.user:
+    name: "{{ username }}"
+    password: "{{ users[username]['passwords'].get('default') }}"
+  when: "ansible_default_ipv4.address not in users[username]['passwords'] or
+        users[username]['passwords'].get(ansible_default_ipv4.address) == 'default'"
+
+- name: "setup ssh key for user `{{ username }}`"
+  ansible.builtin.authorized_key:
+    user: "{{ username }}"
+    state: "{{ users[username]['authorized_keys'][item].get('state', 'present') }}"
+    key: "{{ users[username]['authorized_keys'][item].get('key') }}"
+  with_items: "{{ users[username]['authorized_keys'].keys() }}"
+  when: '"authorized_keys" in users[username]'