From aa581a8a0e4586252ea83c84e8eb698195a3cfbb Mon Sep 17 00:00:00 2001
From: Simon Nussbaum <smirta@users.noreply.github.com>
Date: Tue, 2 Jul 2024 16:02:53 +0200
Subject: [PATCH] feat(local_user): replaced builtin user local user creation
 (#51)

feat(local_user): replaced builtin user local user creation with useradd and groupadd
---
 README.md                                     |  2 +-
 roles/local_system_user/README.md             | 38 --------------
 roles/local_system_user/defaults/main.yml     |  4 --
 roles/local_system_user/tasks/main.yml        | 11 ----
 roles/local_user/README.md                    | 46 +++++++++++++++++
 roles/local_user/defaults/main.yml            |  8 +++
 .../meta/main.yml                             |  2 +-
 roles/local_user/tasks/main.yml               | 51 +++++++++++++++++++
 8 files changed, 107 insertions(+), 55 deletions(-)
 delete mode 100644 roles/local_system_user/README.md
 delete mode 100644 roles/local_system_user/defaults/main.yml
 delete mode 100644 roles/local_system_user/tasks/main.yml
 create mode 100644 roles/local_user/README.md
 create mode 100644 roles/local_user/defaults/main.yml
 rename roles/{local_system_user => local_user}/meta/main.yml (88%)
 create mode 100644 roles/local_user/tasks/main.yml

diff --git a/README.md b/README.md
index 8f6d2d1..244a37e 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ Contains common roles and playbooks.
 * [`core`](https://github.com/radiorabe/ansible-collection-common/tree/main/roles/core)
 * [`download_file`](https://github.com/radiorabe/ansible-collection-common/tree/main/roles/download_file) (download single file)
 * [`files`](https://github.com/radiorabe/ansible-collection-common/tree/main/roles/files) (for quick and dirty file management)
-* [`local_system_user`](https://github.com/radiorabe/ansible-collection-common/tree/main/roles/local_system_user) (for local system user creation)
+* [`local_user`](https://github.com/radiorabe/ansible-collection-common/tree/main/roles/local_user) (for local user creation)
 
 ## License
 
diff --git a/roles/local_system_user/README.md b/roles/local_system_user/README.md
deleted file mode 100644
index 6416d31..0000000
--- a/roles/local_system_user/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# Ansible Role - radiorabe.common.local_system_user
-
-Manage local system users using [`ansible.builtin.user module`](https://docs.ansible.com/ansible/latest/collections/ansible/builtin/user_module.html). Shell or password won't be set with this role.
-
-## Requirements
-
-None
-
-## Role Variables
-
-| Variable | Default | Description |
-| -------- | ------- | ----------- |
-| `username` | `not set` | Name of the user. **required** |
-| `home_directory` | `/home/{{username}}` | Home directory of the user. |
-| `usergroups` | `''` | Existing groups the user should be added to. |
-
-## Dependencies
-
-A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
-
-## Example Playbook
-
-```yaml
-- hosts: all
-  roles:
-    - role: radiorabe.common.local_system_user
-      vars:
-        username: local-sys
-    - role: radiorabe.common.local_system_user
-      vars:
-        username: virtualizer
-        home_directory: /var/lib/libvvirt/images/
-        usergroups: 'libvirt,qemu'
-```
-
-## License
-
-This role is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3 of the License.
diff --git a/roles/local_system_user/defaults/main.yml b/roles/local_system_user/defaults/main.yml
deleted file mode 100644
index f5d3a44..0000000
--- a/roles/local_system_user/defaults/main.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-# defaults for radiorabe.common.local_system_user
-
-home_directory: '/home/{{username}}'
-usergroups: ''
\ No newline at end of file
diff --git a/roles/local_system_user/tasks/main.yml b/roles/local_system_user/tasks/main.yml
deleted file mode 100644
index 47fd05b..0000000
--- a/roles/local_system_user/tasks/main.yml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-# tasks file for radiorabe.common.local_system_user
-
-- name: 'RaBe Base : Local System User : Add user {{ username }} with groups {{ usergroups }} and user home {{ home_directory }}.'
-  ansible.builtin.user:
-    name: '{{ username }}'
-    home: '{{ home_directory }}'
-    groups: '{{ usergroups }}'
-    shell: '/sbin/nologin'
-    system: true
-    append: yes
diff --git a/roles/local_user/README.md b/roles/local_user/README.md
new file mode 100644
index 0000000..579d715
--- /dev/null
+++ b/roles/local_user/README.md
@@ -0,0 +1,46 @@
+# Ansible Role - radiorabe.common.local_user
+
+Manage local users.
+
+## Requirements
+
+None
+
+## Role Variables
+
+| Variable | Default | Description |
+| -------- | ------- | ----------- |
+| `local_user_additional_usergroups` | `''` | Existing groups the user should be added to. |
+| `local_user_create_home` | `false` | Create user home directory. |
+| `local_user_groupname` | `''` | Name of the primary group the user belongs to. |
+| `local_user_home_directory` | `''` | Home directory of the user. |
+| `local_user_username` | `not set` | Name of the user. **required** |
+| `local_user_shell` | `''` | Set shell for user. |
+| `local_user_system` | `false` | Set this to true if it should be a system user (uid < 1000). |
+
+## Dependencies
+
+None
+
+## Example Playbook
+
+```yaml
+- hosts: all
+  roles:
+    - role: radiorabe.common.local_user
+      vars:
+        local_user_username: test
+    - role: radiorabe.common.local_user
+      vars:
+        local_user_additional_groups: 'libvirt,qemu'
+        local_user_create_home: true
+        local_user_groupname: local-systemuser
+        local_user_home_directory: /home/localsys
+        local_user_shell: '/usr/sbin/nologin'
+        local_user_system: true
+        local_user_username: local-sysuser
+```
+
+## License
+
+This role is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3 of the License.
diff --git a/roles/local_user/defaults/main.yml b/roles/local_user/defaults/main.yml
new file mode 100644
index 0000000..78d4219
--- /dev/null
+++ b/roles/local_user/defaults/main.yml
@@ -0,0 +1,8 @@
+# defaults for radiorabe.common.local_user
+
+local_user_additional_groups: ''
+local_user_create_home: false
+local_user_groupname: ''
+local_user_home_directory: ''
+local_user_shell: ''
+local_user_system: false
diff --git a/roles/local_system_user/meta/main.yml b/roles/local_user/meta/main.yml
similarity index 88%
rename from roles/local_system_user/meta/main.yml
rename to roles/local_user/meta/main.yml
index 587b39c..18d9fcf 100644
--- a/roles/local_system_user/meta/main.yml
+++ b/roles/local_user/meta/main.yml
@@ -1,6 +1,6 @@
 galaxy_info:
   author: RaBe IT-Reaktion
-  description: Allow managing of local system users.
+  description: Allow managing of local users.
   issue_tracker_url: https://github.com/radiorabe/ansible-collection-common/issues
   license: AGPL-3.0-only
   min_ansible_version: '2.9'
diff --git a/roles/local_user/tasks/main.yml b/roles/local_user/tasks/main.yml
new file mode 100644
index 0000000..3d19f90
--- /dev/null
+++ b/roles/local_user/tasks/main.yml
@@ -0,0 +1,51 @@
+---
+# tasks file for radiorabe.common.local_user
+
+- name: 'Get {{ local_user_username }} user info'
+  ansible.builtin.getent:
+    database: passwd
+    key: '{{ local_user_username }}'
+  ignore_errors: true
+
+- name: 'Get {{ local_user_groupname }} group'
+  ansible.builtin.getent:
+    database: group
+    key: '{{ local_user_groupname }}'
+  ignore_errors: true
+
+- name: 'Add group when does not exist'
+  become: true
+  command: groupadd {{ local_user_groupname }}
+  when: 
+    ansible_facts.getent_group is undefined and
+    local_user_groupname != ''
+
+- name: 'Add user and group when does not exist'
+  become: true
+  ansible.builtin.command:
+    argv: "{{ cmd_argv |
+      zip(cmd_argv_switch) | 
+      selectattr('1') | 
+      map(attribute='0') | list  }}"
+  vars:
+    cmd_argv:
+      - 'useradd'
+      - '--create-home'
+      - '--groups="{{ local_user_additional_groups }}"'
+      - '--gid="{{ local_user_groupname }}"'
+      - '--home-dir="{{ local_user_home_directory }}"'
+      - '--shell="{{ local_user_shell }}"'
+      - '--system'
+      - '--add-subids-for-system'
+      - '{{ local_user_username }}'
+    cmd_argv_switch:
+      - true
+      - '{{ local_user_create_home }}'
+      - '{{ local_user_additional_groups != "" }}'
+      - '{{ local_user_groupname != "" }}'
+      - '{{ local_user_home_directory != "" }}'
+      - '{{ local_user_shell != "" }}'
+      - '{{ local_user_system }}'
+      - '{{ local_user_system }}'
+      - true
+  when: ansible_facts.getent_passwd is undefined