49 lines
1.2 KiB
YAML
49 lines
1.2 KiB
YAML
---
|
|
- name: Make sure we have a 'wheel' group
|
|
ansible.builtin.group:
|
|
name: wheel
|
|
state: present
|
|
|
|
- name: Create user
|
|
ansible.builtin.user:
|
|
name: "{{ user.name }}"
|
|
# Use: openssl passwd -salt <salt> -1 <plaintext>
|
|
password: "{{ user.password }}"
|
|
update_password: on_create
|
|
comment: "{{ user.full_name }}"
|
|
groups: "{{ user.additional_groups }}"
|
|
append: yes
|
|
shell: "{{ user.shell }}"
|
|
state: present
|
|
expires: -1
|
|
become: true
|
|
|
|
- name: Setup sudo
|
|
ansible.builtin.copy:
|
|
dest: /etc/sudoers.d/{{ user.name }}
|
|
content: "{{ user.name }} ALL=(ALL:ALL) ALL"
|
|
mode: 0440
|
|
validate: /usr/sbin/visudo -cf %s
|
|
become: true
|
|
|
|
- name: Configure rbw
|
|
ansible.builtin.file:
|
|
path: ~/.config/rbw
|
|
state: directory
|
|
mode: '0755'
|
|
become: true
|
|
become_user: "{{ user.name }}"
|
|
|
|
- name: Copy rbw-config.json
|
|
ansible.builtin.copy:
|
|
src: rbw-config.json
|
|
dest: ~/.config/rbw/config.json
|
|
mode: '0644'
|
|
become: true
|
|
become_user: "{{ user.name }}"
|
|
|
|
- name: Configure pinentry for gnome3
|
|
ansible.builtin.lineinfile:
|
|
path: ~/.gnupg/gpg-agent.conf
|
|
line: "pinentry-program /usr/bin/pinentry-gnome3"
|
|
create: yes |