[INFO] Création du rôle

tasks/configuration.yml

@@ -0,0 +1,84 @@
+---
+# tasks file for users
+
+- name: Déployer la configuration de sudo
+  ansible.builtin.template:
+    src: sudoers.j2
+    dest: /etc/sudoers.d/{{ user.name }}
+    owner: root
+    group: root
+    mode: u=rw,g=,o=
+  when: user.get('extras', {}).get('sudoers')
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Déployer la configuration de bash
+  ansible.builtin.template:
+    src: bash_aliases.j2
+    dest: "~{{ user.name }}/.bash_aliases"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rw,g=,o=
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Créer le dossier de configuration de SSH
+  ansible.builtin.file:
+    state: directory
+    path: "~{{ user.name }}/.ssh"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rwX,g=rX,o=rX
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Déployer la configuration de SSH
+  ansible.builtin.template:
+    src: ssh_config.j2
+    dest: "~{{ user.name }}/.ssh/config"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rw,g=r,o=r
+  when: user.get('extras', {}).get('ssh_config')
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Déployer les clefs SSH privées
+  ansible.builtin.template:
+    src: id_ed25519.j2
+    dest: "~{{ user.name }}/.ssh/id_ed25519"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rw,g=,o=
+  when: user.get('extras', {}).get('id_ed25519')
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"
+
+- name: Déployer les clefs SSH autorisées
+  ansible.builtin.template:
+    src: authorized_key.j2
+    dest: "~{{ user.name }}/.ssh/authorized_keys"
+    owner: "{{ user.name }}"
+    group: "{{ user.group | default(user.name) }}"
+    mode: u=rw,g=r,o=r
+  when: user.get('extras', {}).get('authorized_keys')
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    loop_var: user
+    label: "{{ user.name }}"

tasks/installation.yml

@@ -0,0 +1,34 @@
+---
+# tasks file for users
+
+- name: Créer un groupe au nom de l'utilisateur
+  ansible.builtin.group:
+    name: "{{ item.name }}"
+  when: user.group is undefined
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Créer les autres groupes
+  ansible.builtin.group:
+    name: "{{ item.1 }}"
+  become: true
+  loop: "{{ users | subelements('groups', skip_missing=True) }}"
+  loop_control:
+    label: "{{ item.0.name }} to {{ item.1 }}"
+
+- name: Créer les utilisateurs
+  ansible.builtin.user:
+    name: "{{ item.name }}"
+    comment: "{{ item.comment | default(omit) }}"
+    password: "{{ item.password | default(omit) }}"
+    password_lock: "{{ item.password_lock | default(omit) }}"
+    home: "{{ item.home | default(omit) }}"
+    shell: "{{ item.shell | default(omit) }}"
+    group: "{{ item.group | default(item.name) }}"
+    groups: "{{ item.groups | default(omit) }}"
+  become: true
+  loop: "{{ users }}"
+  loop_control:
+    label: "{{ item.name }}"

tasks/main.yml

@@ -0,0 +1,13 @@
+---
+# tasks file for users
+
+- name: Importer les tâches d'installation
+  ansible.builtin.import_tasks: installation.yml
+
+- name: Importer les tâches de configuration
+  ansible.builtin.import_tasks: configuration.yml
+#  ansible.builtin.include_tasks: configuration.yml
+#  loop: "{{ users }}"
+#  loop_control:
+#    loop_var: user
+#    label: "{{ user.name }}"