revamp: user/group handling

author: Christian Pointner <equinox@spreadspace.org> 2024-04-22 19:53:43 +0200
committer: Christian Pointner <equinox@spreadspace.org> 2024-04-22 19:53:43 +0200
commit: c17fccec08689065c8f4f902544e984521c7437b (patch)
tree: 762e7e346682fefa054e69391bdb85ba6f8f76b0 /roles/core/groups
parent: ch-apps: upgrade whawty-auth to latest release (diff)
2 files changed, 29 insertions, 0 deletions
diff --git a/roles/core/groups/tasks/main.yml b/roles/core/groups/tasks/main.yml
new file mode 100644
index 00000000..aa19aabc
--- /dev/null
+++ b/roles/core/groups/tasks/main.yml
@@ -0,0 +1,26 @@
+---
+- name: add system groups
+  loop: "{{ system_groups | list }}"
+  group:
+    name: "{{ item }}"
+    state: present
+    system: yes
+
+- name: add normal groups
+  loop: "{{ normal_groups | list }}"
+  group:
+    name: "{{ item }}"
+    state: present
+
+ ## TODO: until something like this https://github.com/ansible/ansible/issues/11024 lands
+ ##       we will do this the quick and dirty way
+
+- name: set group members the hacky way
+  loop: "{{ normal_groups | combine(system_groups) | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  lineinfile:
+    path: /etc/group
+    regexp: '^{{ item.key }}:(.*):[^:]*$'
+    backrefs: yes
+    line: '{{ item.key }}:\1:{{ item.value | sort | join(",") }}'
diff --git a/roles/core/groups/vars/main.yml b/roles/core/groups/vars/main.yml
new file mode 100644
index 00000000..e09ecea3
--- /dev/null
+++ b/roles/core/groups/vars/main.yml
@@ -0,0 +1,3 @@
+---
+normal_groups: "{{ normal_groups_group | combine(normal_groups_host) }}"
+system_groups: "{{ system_groups_group | combine(system_groups_host) }}"
author	Christian Pointner <equinox@spreadspace.org>	2024-04-22 19:53:43 +0200
committer	Christian Pointner <equinox@spreadspace.org>	2024-04-22 19:53:43 +0200
commit	c17fccec08689065c8f4f902544e984521c7437b (patch)
tree	762e7e346682fefa054e69391bdb85ba6f8f76b0 /roles/core/groups
parent	ch-apps: upgrade whawty-auth to latest release (diff)