diff --git a/defaults/main.yml b/defaults/main.yml index fa9e4fa..788330f 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,3 +1,21 @@ accounts: users: {} groups: {} + +defaultgroup: + system: true + state: present + gid: "{{ omit }}" + +defaultuser: + genssh: false + ssh_key_type: ed25519 + group: ~ + groups: [] + system: true + home: ~ + state: present + uid: "{{ omit }}" + password: "*" + shell: "/usr/sbin/nologin" + authorized_keys: {} diff --git a/tasks/groups.yml b/tasks/groups.yml index 568f570..f2b15d7 100644 --- a/tasks/groups.yml +++ b/tasks/groups.yml @@ -1,11 +1,6 @@ -- set_fact: - defaultgroup: - system: true - state: present - gid: "{{ omit }}" - -- set_fact: - group: "{{ defaultgroup|combine(currentgroup.value|d({}), {'name': currentgroup.key} ) }}" +- name: apply overrides to current group + set_fact: + group: "{{ {}|combine(defaultgroup, currentgroup.value|d({}), {'name': currentgroup.key} ) }}" - name: create groups group: diff --git a/tasks/users.yml b/tasks/users.yml index a02eb3e..ce27078 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -1,19 +1,11 @@ -- set_fact: - defaultuser: - genssh: false - ssh_key_type: ed25519 - group: ~ - groups: [] - home: "{{ ('/var/lib/'+currentuser.key) if (currentuser.value.system|d(True)) else ('/home/'+currentuser.key) }}" - system: true - state: present - uid: "{{ omit }}" - password: "*" - shell: "/usr/sbin/nologin" - authorized_keys: {} +- name: store dynamic defaults + set_fact: + dynamic_defaultuser: + userhome: "{{ ('/var/lib/'+currentuser.key) if (currentuser.value.system|d(True)) else ('/home/'+currentuser.key) }}" -- set_fact: - user: "{{ defaultuser|combine(currentuser.value|d({}), {'name': currentuser.key} ) }}" +- name: apply overrides to current user + set_fact: + user: "{{ {}|combine(defaultuser, dynamic_defaultuser, currentuser.value|d({}), {'name': currentuser.key} ) }}" - name: "create user ({{ user.name }})" user: