aboutsummaryrefslogtreecommitdiffstats
path: root/roles/bootstrap
diff options
context:
space:
mode:
Diffstat (limited to 'roles/bootstrap')
-rw-r--r--roles/bootstrap/tasks/main.yml20
1 files changed, 14 insertions, 6 deletions
diff --git a/roles/bootstrap/tasks/main.yml b/roles/bootstrap/tasks/main.yml
index 52eae5d..3ab7e35 100644
--- a/roles/bootstrap/tasks/main.yml
+++ b/roles/bootstrap/tasks/main.yml
@@ -5,17 +5,25 @@
- debug: var=ansible_ssh_port
- debug: var=ansible_ssh_private_key_file
-- name: User - create deployment user account (group)
+- name: group - check deployment group
+ command: pw groupshow "{{ deploy_user }}"
+ register: pw_cmd
+
+- name: group - create deployment group
command: pw groupadd "{{ deploy_user }}" -g 999
- ignore_errors: true
+ when: pw_cmd.rc != 0
+
+- name: user - check deployment user
+ command: pw usershow "{{ deploy_user }}"
+ register: pw_cmd
-- name: User - create deployment user account (user)
+- name: user - create deployment user
command: >
pw useradd "{{ deploy_user }}"
-u 999 -g "{{ deploy_user }}"
-m -d "/var/{{ deploy_user }}"
- -C "Ansible Deployment"
- ignore_errors: true
+ -c "Ansible Deployment"
+ when: pw_cmd.rc != 0
- name: SSH - authorized_keys for the deployment user
authorized_key:
@@ -35,10 +43,10 @@
- name: SSH - disable password auth for the deployment user
blockinfile:
path: /etc/ssh/sshd_config
+ marker: "# {mark} ANSIBLE MANAGED - ansible"
block: |
Match User {{ deploy_user }}
PasswordAuthentication no
- backup: true
validate: "sshd -t -f %s"
notify: restart-sshd