made it more modular

2025-10-01 11:05:52 +02:00
parent de655c5a09
commit 46900dc64b
9 changed files with 120 additions and 96 deletions
--- a/roles/base/tasks/users/all.yml
+++ b/roles/base/tasks/users/all.yml
@@ -1,109 +1,21 @@
- name: users | {{ user }} | create if not present
-  user:
-    name: "{{ user }}"
-    state: present
-    create_home: True
+- include_tasks: users/common/create_user.yml

 - name: users | {{ user }} | getent user home directory
  getent:
    database: passwd
    key: "{{ user }}"
    split: ":"
-    fail_key: no # not required. If a supplied key is missing this will make the task fail if C(yes).
+  register: getent_passwd_user
+  changed_when: false

- name: users | {{ user }} | install public ssh keys
-  authorized_key:
-    user: '{{ user }}'
-    state: present
-    key: '{{ item }}'
-  with_file:
-    - public_keys/id_dsa.pub
-    - public_keys/id_ed25519.pub
-    - public_keys/rene_id_rsa.pub
-    - public_keys/yubikey.pub
-    - public_keys/notebook_id_rsa.pub
+- set_fact:
+    user_home: "{{ getent_passwd_user.ansible_facts.getent_passwd[user][4] }}"

- name: users | {{ user }} | install private ssh keys
-  copy:
-    dest: "{{ getent_passwd[user][4] }}/.ssh/"
-    src: '{{ item }}'
-    owner: '{{ user }}'
-    group: '{{ user }}'
-    mode: '0600'
-  loop:
-    - "private_keys/gitlab_read_ed25519"
+- include_tasks: users/common/setup_ssh.yml

- name: users | {{ user }} | install known_hosts
-  copy:
-    dest: "{{ getent_passwd[user][4] }}/.ssh/known_hosts"
-    src: "users/known_hosts"
-    backup: True
-    mode: '0600'
-    owner: '{{ user }}'
-    group: '{{ user }}'
+- include_tasks: users/common/setup_dotfiles.yml

- name: users | {{ user }} | fill ssh config
-  blockinfile:
-    path: "{{ getent_passwd[user][4] }}/.ssh/config"
-    state: present
-    block: |
-      Host gitea.mewissen.site
-        IdentityFile ~/.ssh/gitlab_read_ed25519
-        IdentitiesOnly Yes
-    create: True
-    backup: True
-    owner: '{{ user }}'
-    group: '{{ user }}'
-    marker: "## {mark} Basic ANSIBLE MANAGED BLOCK"
-
- name: users | {{ user }} | clone remote repos
-  become: yes
-  become_user: '{{ user }}'
-  git:
-    repo: '{{ item.repo }}'
-    dest: '{{ getent_passwd[user][4] }}/{{ item.dir }}'
-    key_file: '{{ getent_passwd[user][4] }}/.ssh/gitlab_read_ed25519'
-    recursive: no
-    track_submodules: no
-    force: yes
-  with_items:
-    - { repo: 'https://github.com/romkatv/powerlevel10k.git', dir: 'powerlevel10k' }
-    - { repo: 'ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git', dir: 'dotfiles' }
-  ignore_errors: yes
-
- name: users | {{ user }} | link dotfiles
-  become: yes
-  become_user: '{{ user }}'
-  file:
-    state: link
-    force: True
-    src: "{{ getent_passwd[user][4] }}/dotfiles/{{ item.src }}"
-    path: "{{ getent_passwd[user][4] }}/{{ item.dest }}"
-    follow: False
-  with_items:
-    - { src: 'vim/vimrc', dest: '.vimrc' }
-    - { src: 'bash/bashrc', dest: '.bashrc' }
-    - { src: 'zsh/zshrc', dest: '.zshrc' }
-    - { src: 'tmux/tmux.conf', dest: '.tmux.conf' }
-  ignore_errors: yes
-
- name: users | {{ user }} | create bash_profile
-  lineinfile:
-    path: "{{ getent_passwd[user][4] }}/.bash_profile"
-    state: present
-    line: "[ -f ~/.bashrc ] && . ~/.bashrc"
-    create: True
-    mode: "0644"
-    owner: "{{ user }}"
-    group: "{{ user }}"
-
- name: users | {{ user }} | call dotfile install script
-  become: yes
-  become_user: '{{ user }}'
-  shell: "POWERLINE=n BASHIT=y ZSHCUSTOM=n {{ getent_passwd[user][4] }}/dotfiles/install.sh"
-  ignore_errors: yes
-
- name: users | all | add sudoers file
+- name: users | wheel | add sudoers file
  copy:
    src: users/sudoers_wheel
    dest: /etc/sudoers.d/wheel
@@ -111,6 +23,7 @@
    group: root
    mode: 0440
  when: sudo_group == "wheel"
+  run_once: true

 - name: users | {{ user }} | include user specific parts
  include_tasks: "{{ user }}.yml"