made it more modular

roles/base/tasks/users/all.yml

@@ -1,109 +1,21 @@
-- name: users | {{ user }} | create if not present
-  user:
-    name: "{{ user }}"
-    state: present
-    create_home: True
+- include_tasks: users/common/create_user.yml
 
 - name: users | {{ user }} | getent user home directory
   getent:
     database: passwd
     key: "{{ user }}"
     split: ":"
-    fail_key: no # not required. If a supplied key is missing this will make the task fail if C(yes).
+  register: getent_passwd_user
+  changed_when: false
 
-- name: users | {{ user }} | install public ssh keys
-  authorized_key:
-    user: '{{ user }}'
-    state: present
-    key: '{{ item }}'
-  with_file:
-    - public_keys/id_dsa.pub
-    - public_keys/id_ed25519.pub
-    - public_keys/rene_id_rsa.pub
-    - public_keys/yubikey.pub
-    - public_keys/notebook_id_rsa.pub
+- set_fact:
+    user_home: "{{ getent_passwd_user.ansible_facts.getent_passwd[user][4] }}"
 
-- name: users | {{ user }} | install private ssh keys
-  copy:
-    dest: "{{ getent_passwd[user][4] }}/.ssh/"
-    src: '{{ item }}'
-    owner: '{{ user }}'
-    group: '{{ user }}'
-    mode: '0600'
-  loop:
-    - "private_keys/gitlab_read_ed25519"
+- include_tasks: users/common/setup_ssh.yml
 
-- name: users | {{ user }} | install known_hosts
-  copy:
-    dest: "{{ getent_passwd[user][4] }}/.ssh/known_hosts"
-    src: "users/known_hosts"
-    backup: True
-    mode: '0600'
-    owner: '{{ user }}'
-    group: '{{ user }}'
+- include_tasks: users/common/setup_dotfiles.yml
 
-- name: users | {{ user }} | fill ssh config
-  blockinfile:
-    path: "{{ getent_passwd[user][4] }}/.ssh/config"
-    state: present
-    block: |
-      Host gitea.mewissen.site
-        IdentityFile ~/.ssh/gitlab_read_ed25519
-        IdentitiesOnly Yes
-    create: True
-    backup: True
-    owner: '{{ user }}'
-    group: '{{ user }}'
-    marker: "## {mark} Basic ANSIBLE MANAGED BLOCK"
-
-- name: users | {{ user }} | clone remote repos
-  become: yes
-  become_user: '{{ user }}'
-  git:
-    repo: '{{ item.repo }}'
-    dest: '{{ getent_passwd[user][4] }}/{{ item.dir }}'
-    key_file: '{{ getent_passwd[user][4] }}/.ssh/gitlab_read_ed25519'
-    recursive: no
-    track_submodules: no
-    force: yes
-  with_items:
-    - { repo: 'https://github.com/romkatv/powerlevel10k.git', dir: 'powerlevel10k' }
-    - { repo: 'ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git', dir: 'dotfiles' }
-  ignore_errors: yes
-
-- name: users | {{ user }} | link dotfiles
-  become: yes
-  become_user: '{{ user }}'
-  file:
-    state: link
-    force: True
-    src: "{{ getent_passwd[user][4] }}/dotfiles/{{ item.src }}"
-    path: "{{ getent_passwd[user][4] }}/{{ item.dest }}"
-    follow: False
-  with_items:
-    - { src: 'vim/vimrc', dest: '.vimrc' }
-    - { src: 'bash/bashrc', dest: '.bashrc' }
-    - { src: 'zsh/zshrc', dest: '.zshrc' }
-    - { src: 'tmux/tmux.conf', dest: '.tmux.conf' }
-  ignore_errors: yes
-
-- name: users | {{ user }} | create bash_profile
-  lineinfile:
-    path: "{{ getent_passwd[user][4] }}/.bash_profile"
-    state: present
-    line: "[ -f ~/.bashrc ] && . ~/.bashrc"
-    create: True
-    mode: "0644"
-    owner: "{{ user }}"
-    group: "{{ user }}"
-
-- name: users | {{ user }} | call dotfile install script
-  become: yes
-  become_user: '{{ user }}'
-  shell: "POWERLINE=n BASHIT=y ZSHCUSTOM=n {{ getent_passwd[user][4] }}/dotfiles/install.sh"
-  ignore_errors: yes
-
-- name: users | all | add sudoers file
+- name: users | wheel | add sudoers file
   copy:
     src: users/sudoers_wheel
     dest: /etc/sudoers.d/wheel
@@ -111,6 +23,7 @@
     group: root
     mode: 0440
   when: sudo_group == "wheel"
+  run_once: true
 
 - name: users | {{ user }} | include user specific parts
   include_tasks: "{{ user }}.yml"

roles/base/tasks/users/configure_ssh_client.yml

@@ -0,0 +1,14 @@
+---
+- name: users | {{ user }} | fill ssh config
+  blockinfile:
+    path: "{{ user_home }}/.ssh/config"
+    state: present
+    block: |
+      Host gitea.mewissen.site
+        IdentityFile ~/.ssh/gitlab_read_ed25519
+        IdentitiesOnly Yes
+    create: true
+    backup: true
+    owner: "{{ user }}"
+    group: "{{ user }}"
+    marker: "## {mark} Basic ANSIBLE MANAGED BLOCK"

roles/base/tasks/users/create_user.yml

@@ -0,0 +1,6 @@
+---
+- name: users | {{ user }} | create if not present
+  user:
+    name: "{{ user }}"
+    state: present
+    create_home: true

roles/base/tasks/users/get_home.yml

@@ -0,0 +1,6 @@
+---
+- name: users | {{ user }} | getent user home directory
+  getent:
+    database: passwd
+    key: "{{ user }}"
+    split: ":"

roles/base/tasks/users/install_known_hosts.yml

@@ -0,0 +1,9 @@
+---
+- name: users | {{ user }} | install known_hosts
+  copy:
+    dest: "{{ user_home }}/.ssh/known_hosts"
+    src: "users/known_hosts"
+    backup: true
+    mode: "0600"
+    owner: "{{ user }}"
+    group: "{{ user }}"

roles/base/tasks/users/install_private_keys.yml

@@ -0,0 +1,10 @@
+---
+- name: users | {{ user }} | install private ssh keys
+  copy:
+    dest: "{{ user_home }}/.ssh/"
+    src: "{{ item }}"
+    owner: "{{ user }}"
+    group: "{{ user }}"
+    mode: "0600"
+  loop:
+    - "private_keys/gitlab_read_ed25519"

roles/base/tasks/users/install_public_keys.yml

@@ -0,0 +1,12 @@
+---
+- name: users | {{ user }} | install public ssh keys
+  authorized_key:
+    user: "{{ user }}"
+    state: present
+    key: "{{ item }}"
+  with_file:
+    - public_keys/id_dsa.pub
+    - public_keys/id_ed25519.pub
+    - public_keys/rene_id_rsa.pub
+    - public_keys/yubikey.pub
+    - public_keys/notebook_id_rsa.pub

roles/base/tasks/users/setup_dotfiles.yml

@@ -0,0 +1,49 @@
+---
+- name: users | {{ user }} | clone remote repos
+  become: true
+  become_user: "{{ user }}"
+  git:
+    repo: "{{ item.repo }}"
+    dest: "{{ user_home }}/{{ item.dir }}"
+    key_file: "{{ user_home }}/.ssh/gitlab_read_ed25519"
+    recursive: false
+    track_submodules: false
+    force: true
+  with_items:
+    - { repo: "https://github.com/romkatv/powerlevel10k.git", dir: "powerlevel10k" }
+    - { repo: "ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git", dir: "dotfiles" }
+  ignore_errors: true
+
+- name: users | {{ user }} | link dotfiles
+  become: true
+  become_user: "{{ user }}"
+  file:
+    state: link
+    force: true
+    src: "{{ user_home }}/dotfiles/{{ item.src }}"
+    path: "{{ user_home }}/{{ item.dest }}"
+    follow: false
+  with_items:
+    - { src: "vim/vimrc", dest: ".vimrc" }
+    - { src: "bash/bashrc", dest: ".bashrc" }
+    - { src: "zsh/zshrc", dest: ".zshrc" }
+    - { src: "tmux/tmux.conf", dest: ".tmux.conf" }
+  ignore_errors: true
+
+- name: users | {{ user }} | create bash_profile
+  lineinfile:
+    path: "{{ user_home }}/.bash_profile"
+    state: present
+    line: "[ -f ~/.bashrc ] && . ~/.bashrc"
+    create: true
+    mode: "0644"
+    owner: "{{ user }}"
+    group: "{{ user }}"
+
+- name: users | {{ user }} | call dotfile install script
+  become: true
+  become_user: "{{ user }}"
+  shell: "POWERLINE=n BASHIT=y ZSHCUSTOM=n {{ user_home }}/dotfiles/install.sh"
+  args:
+    chdir: "{{ user_home }}"
+  ignore_errors: true

roles/base/tasks/users/setup_ssh.yml

@@ -0,0 +1,5 @@
+---
+- include_tasks: users/common/setup_ssh/install_public_keys.yml
+- include_tasks: users/common/setup_ssh/install_private_keys.yml
+- include_tasks: users/common/setup_ssh/install_known_hosts.yml
+- include_tasks: users/common/setup_ssh/configure_ssh_client.yml