ansible-pull/roles/base/tasks/users/all.yml

- name: users | {{ user }} | getent user home directory
  getent:
    database: passwd
    key: "{{ user }}"
    split: ":"
    fail_key: no # not required. If a supplied key is missing this will make the task fail if C(yes).

- name: users | {{ user }} | install public ssh keys
  authorized_key:
    user: '{{ user }}'
    state: present
    key: '{{ item }}'
  with_file:
    - public_keys/id_dsa.pub
    - public_keys/id_ed25519.pub
    - public_keys/rene_id_rsa.pub
    - public_keys/yubikey.pub
    - public_keys/notebook_id_rsa.pub

- name: users | {{ user }} | install private ssh keys
  copy:
    dest: "{{ getent_passwd[user][4] }}/.ssh/"
    src: '{{ item }}'
    owner: '{{ user }}'
    group: '{{ user }}'
    mode: '0600'
  loop:
    - "private_keys/gitlab_read_ed25519"

- name: users | {{ user }} | install known_hosts
  copy:
    dest: "{{ getent_passwd[user][4] }}/.ssh/known_hosts"
    src: "users/known_hosts"
    backup: True
    mode: '0600'
    owner: '{{ user }}'
    group: '{{ user }}'

- name: users | {{ user }} | fill ssh config
  blockinfile:
    path: "{{ getent_passwd[user][4] }}/.ssh/config"
    state: present
    block: |
      Host gitea.mewissen.site
        IdentityFile ~/.ssh/gitlab_read_ed25519
        IdentitiesOnly Yes
    create: True
    backup: True
    owner: '{{ user }}'
    group: '{{ user }}'
    marker: "## {mark} Basic ANSIBLE MANAGED BLOCK"

- name: users | {{ user }} | clone remote repos
  become: yes
  become_user: '{{ user }}'
  git:
    repo: '{{ item.repo }}'
    dest: '{{ getent_passwd[user][4] }}/{{ item.dir }}'
    key_file: '{{ getent_passwd[user][4] }}/.ssh/gitlab_read_ed25519'
    recursive: no
    track_submodules: no
    force: yes
  with_items:
    - { repo: 'https://github.com/romkatv/powerlevel10k.git', dir: 'powerlevel10k' }
    - { repo: 'ssh://git@gitea.mewissen.site:22422/rene/dotfiles.git', dir: 'dotfiles' }
  ignore_errors: yes

- name: users | {{ user }} | link dotfiles
  become: yes
  become_user: '{{ user }}'
  file:
    state: link
    force: True
    src: "{{ getent_passwd[user][4] }}/dotfiles/{{ item.src }}"
    path: "{{ getent_passwd[user][4] }}/{{ item.dest }}"
    follow: False
  with_items:
    - { src: 'vim/vimrc', dest: '.vimrc' }
    - { src: 'bash/bashrc', dest: '.bashrc' }
    - { src: 'zsh/zshrc', dest: '.zshrc' }
    - { src: 'tmux/tmux.conf', dest: '.tmux.conf' }
  ignore_errors: yes

- name: users | {{ user }} | create bash_profile
  lineinfile:
    path: "{{ getent_passwd[user][4] }}/.bash_profile"
    state: present
    line: "[ -f ~/.bashrc ] && . ~/.bashrc"
    create: True
    mode: "0644"
    owner: "{{ user }}"
    group: "{{ user }}"

- name: users | {{ user }} | call dotfile install script
  become: yes
  become_user: '{{ user }}'
  shell: "POWERLINE=n BASHIT=y ZSHCUSTOM=n {{ getent_passwd[user][4] }}/dotfiles/install.sh"
  ignore_errors: yes

- name: users | all | add sudoers file
  copy:
    src: users/sudoers_wheel
    dest: /etc/sudoers.d/wheel
    owner: root
    group: root
    mode: 0440
  when: sudo_group == "wheel"

- name: users | {{ user }} | include user specific parts
  include_tasks: "{{ user }}.yml"