--- - block: - name: Create the common group used to setup acls group: name={{ common_users_group }} state=present system=yes when: additional_data_directories is defined tags: [ 'users', 'users_acl' ] - block: - name: Add selected users to the common group user: name={{ item.login }} groups={{ common_users_group }} append=yes with_items: '{{ users_system_users }}' when: - users_system_users is defined - item.state is not defined or item.state == "present" tags: [ 'users', 'users_acl' ] - block: - name: Add additional users to the common group user: name={{ item.login }} groups={{ common_users_group }} append=yes with_items: '{{ users_system_users_adjunct }}' when: - users_system_users is defined - item.state is not defined or item.state == "present" tags: [ 'users', 'users_acl' ] - block: - name: Create the users additional data dirs file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }} with_items: '{{ additional_data_directories }}' when: item.create and not item.file tags: [ 'users', 'users_acl' ] - block: - name: Create more additional data dirs file: name={{ item.name }} state=directory owner={{ item.owner }} group={{ item.group }} mode={{ item.perms }} with_items: '{{ additional_data_directories_adjunct }}' when: item.create and not item.file tags: [ 'users', 'users_acl' ] - name: Set the ACLs on the users data dirs tags: [ 'users_acl' ] block: - name: Set the read/write/access permissions on the users additional data dirs ansible.posix.acl: name: "{{ item.name }}" entity: "{{ item.acl_group | default(common_users_group) }}" etype: group permissions: "{{ item.aclperms | default('rwX') }}" state: "{{ item.acl_state | default('present') }}" recursive: "{{ item.acl_recursive_set | default(true) }}" use_nfsv4_acls: "{{ item.nfs4_acl | default(false) }}" loop: '{{ additional_data_directories }}' when: item.aclperms is defined - name: Set the default read/write/access permissions on the users additional data dirs ansible.posix.acl: name: "{{ item.name }}" entity: "{{ item.acl_group | default(common_users_group) }}" etype: group permissions: "{{ item.aclperms | default('rwX') }}" state: "{{ item.acl_state | default('present') }}" recursive: "{{ item.acl_recursive_set | default(true) }}" use_nfsv4_acls: "{{ item.nfs4_acl | default(false) }}" default: true loop: '{{ additional_data_directories }}' when: item.aclperms is defined - name: Set the ACLs on the users data dirs tags: [ 'users_acl' ] block: - name: Set the read/write/access permissions on the additional data dirs ansible.posix.acl: name: "{{ item.name }}" entity: "{{ item.acl_group | default(common_users_group) }}" etype: group permissions: "{{ item.aclperms | default('rwX') }}" state: "{{ item.acl_state | default('present') }}" recursive: "{{ item.acl_recursive_set | default(true) }}" use_nfsv4_acls: "{{ item.nfs4_acl | default(false) }}" loop: '{{ additional_data_directories_adjunct }}' when: item.aclperms is defined - name: Set the default read/write/access permissions on the additional data dirs ansible.posix.acl: name: "{{ item.name }}" entity: "{{ item.acl_group | default(common_users_group) }}" etype: group permissions: "{{ item.aclperms | default('rwX') }}" state: "{{ item.acl_state | default('present') }}" recursive: "{{ item.acl_recursive_set | default(true) }}" use_nfsv4_acls: "{{ item.nfs4_acl | default(false) }}" default: true loop: '{{ additional_data_directories_adjunct }}' when: item.aclperms is defined