From 0f8bf0b7231a75574abf8b0c1e7d15d5ca1b0ab0 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Sun, 9 Oct 2022 23:36:22 -0400
Subject: [PATCH] Add a users role.

---
 ansible/playbook.yaml                  |  1 +
 ansible/roles/users/defaults/main.yaml |  8 +++++
 ansible/roles/users/meta/main.yaml     |  2 ++
 ansible/roles/users/tasks/main.yaml    | 46 ++++++++++++++++++++++++++
 4 files changed, 57 insertions(+)
 create mode 100644 ansible/roles/users/defaults/main.yaml
 create mode 100644 ansible/roles/users/meta/main.yaml
 create mode 100644 ansible/roles/users/tasks/main.yaml

diff --git a/ansible/playbook.yaml b/ansible/playbook.yaml
index dfadbd7..d627f4a 100644
--- a/ansible/playbook.yaml
+++ b/ansible/playbook.yaml
@@ -3,3 +3,4 @@
     ansible_become: True
   roles:
     - sudo
+    - users
diff --git a/ansible/roles/users/defaults/main.yaml b/ansible/roles/users/defaults/main.yaml
new file mode 100644
index 0000000..89bfa9d
--- /dev/null
+++ b/ansible/roles/users/defaults/main.yaml
@@ -0,0 +1,8 @@
+users:
+  talexander:
+    per_user: true
+    initialize: true
+    uid: 11235
+    gid: 11235
+    groups:
+      - name: wheel
diff --git a/ansible/roles/users/meta/main.yaml b/ansible/roles/users/meta/main.yaml
new file mode 100644
index 0000000..e5d05d0
--- /dev/null
+++ b/ansible/roles/users/meta/main.yaml
@@ -0,0 +1,2 @@
+dependencies:
+  - sudo
diff --git a/ansible/roles/users/tasks/main.yaml b/ansible/roles/users/tasks/main.yaml
new file mode 100644
index 0000000..de3cb74
--- /dev/null
+++ b/ansible/roles/users/tasks/main.yaml
@@ -0,0 +1,46 @@
+- name: Install packages
+  when: 'os_flavor == "freebsd"'
+  package:
+    name:
+      - zsh
+      - py39-jmespath # Needed for json_query
+    state: present
+
+- name: Install packages
+  when: 'os_flavor == "linux"'
+  package:
+    name:
+      - zsh
+      - python-jmespath # Needed for json_query
+    state: present
+
+- name: Create group
+  group:
+    name: "{{ item.value.group | default(item.key) }}"
+    gid: "{{ item.value.gid | default(omit) }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`]') }}"
+
+- name: Create group
+  group:
+    name: "{{ item.name }}"
+    gid: "{{ item.gid | default(omit) }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].value.groups') | flatten }}"
+
+- name: Create user
+  user:
+    name: "{{ item.key }}"
+    group: "{{ item.value.group | default(item.key) }}"
+    groups: "{{ item.value.groups | community.general.json_query('[*].name') }}"
+    shell: "{{ item.value.shell | default('/usr/local/bin/zsh') }}"
+    uid: "{{ item.value.uid | default(omit) }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`]') }}"
+  when: item.value.groups is defined
+
+- name: Create user
+  user:
+    name: "{{ item.key }}"
+    group: "{{ item.value.group | default(item.key) }}"
+    shell: "{{ item.value.shell | default('/usr/local/bin/zsh') }}"
+    uid: "{{ item.value.uid | default(omit) }}"
+  loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`]') }}"
+  when: item.value.groups is not defined